Windows Analysis Report
DouWan-Video-Setup-En-4.3.0.3-x64.exe

Overview

General Information

Sample name:	DouWan-Video-Setup-En-4.3.0.3-x64.exe
Analysis ID:	1467120
MD5:	54f1dfbda1d18a3cdb6055546d45dc84
SHA1:	3ff5de326326a96db424dd27df20d1d855a61570
SHA256:	d6916e1f1e375b82dcdde615a6fdadeadda98788ce084812ccd6ba133b8a447c
Infos:

Detection

Score:	26
Range:	0 - 100
Whitelisted:	false
Confidence:	20%

Compliance

Score:	36
Range:	0 - 100

Signatures

Modifies the windows firewall

Query firmware table information (likely to detect VMs)

Uses netsh to modify the Windows network and firewall settings

Binary contains a suspicious time stamp

Contains functionality for read data from the clipboard

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to shutdown / reboot the system

Creates a process in suspended mode (likely to inject code)

Creates driver files

Detected potential crypto function

Drops PE files

EXE planting / hijacking vulnerabilities found

Found dropped PE file which has not been started or loaded

Found potential string decryption / allocating functions

IP address seen in connection with other malware

Installs a raw input device (often for capturing keystrokes)

JA3 SSL client fingerprint seen in connection with other malware

One or more processes crash

PE file contains an invalid checksum

PE file contains executable resources (Code or Archives)

PE file contains more sections than normal

PE file contains sections with non-standard names

PE file does not import any functions

Queries disk information (often used to detect virtual machines)

Queries information about the installed CPU (vendor, model number etc)

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Registers a DLL

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Sigma detected: Classes Autorun Keys Modification

Stores files to the Windows start menu directory

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Yara detected Keylogger Generic

Classification

Signatures

Cryptography

Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1898729932.000000000276E000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: -----BEGIN PUBLIC KEY-----

memstr_c6108e29-5

Privilege Escalation

EXE planting / hijacking vulnerabilities found

Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe

EXE: netsh.exe

Jump to behavior

Compliance

EXE planting / hijacking vulnerabilities found

Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe

EXE: netsh.exe

Jump to behavior

Uses 32bit PE files

Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe

Window detected: < &Back&Next >CancelNullsoft Install System v3.06.1 Nullsoft Install System v3.06.1License AgreementPlease review the license terms before installing DouWan 4.3.0.3.Press Page Down to see the rest of the agreement.END-USER LICENSE AGREEMENTIMPORTANT: PLEASE READ THE TERMS AND CONDITIONS OF THIS LICENSE AGREEMENT CAREFULLY BEFORE CONTINUING WITH THIS PROGRAM INSTALL:This End-User License Agreement ("EULA") is a binding legal agreement between You the "User" (an individual or single entity) and XinDawn(the "Company") concerning its Software Products such as DouWan for Mac OS DouWan Universal for Windows or DouWan for Linux including associated software components media printed and electronic documentation. By installing copying or otherwise using the Company's Software Products you agree to be bound by the terms and conditions of this EULA. IF YOU DO NOT AGREE TO THE TERMS OF THIS EULA DO NOT INSTALL OR USE ANY OF THE COMPANY'S SOFTWARE PRODUCTS.Date of EULA - June 8 20201. LICENSE GRANT. A. The Software Products are licensed not sold.B.Subject to the terms of this EULA You are granted a limited personal revocable worldwide non-assignable non-sublicenseable non-transferable and non-exclusive license to install and use the Software Products. C.You may install and use 1 copy of a Software Product on 1 computer that belongs to You and you may make 1 copy of a Software Product for backup and archival purposes. You are not permitted any other rights concerning distribution of a Software Product.D. You agree not to translate modify sell lease rent loan redistribute sub-lease sub-license make copies of (unless expressly permitted under this License) or create derivative works from a Software Product or any part of a Software Product. Any such unauthorized works developed by You and any Intellectual Property Rights embodied therein shall be the sole and exclusive property of the Company; and End User hereby assigns all rights in them (including moral rights) the Company. To the extent Intellectual Property Rights embodied therein are not eligible to be transferred by operation of the law the Company shall be granted exclusive rights to use to the widest extent lawfully possible.E. You agree not to alter merge modify adapt or translate a Software Product or decompile reverse engineer disassemble or otherwise reduce a Software Product to a human-perceivable form. F. This license does NOT guarantee you the right to future upgrades or updates of a Software Product and the Company reserves the right to charge for future upgrades or updates of a Software Product.2. TYPES OF LICENSESThe Company sells and distributes each Software Product under different types of licenses (e.g. education consumer business enterprise etc.) and each type of license contains additional use restrictions. When You purchase a license You agree that at the time of purchase You qualify for that version of the license. If Your representation is inaccurate or false the Compan

Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\AdbWinApi.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\AdbWinUsbApi.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\AirPlayInput.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\DouWan.exe	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\EndUserLicenseAgreement.rtf	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\Qt5Core.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\Qt5Gui.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\Qt5Network.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\Qt5Svg.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\Qt5Widgets.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\SDL2.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\SoftwareLicence.txt	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\adb.exe	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-console-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-datetime-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-debug-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-errorhandling-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-file-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-file-l1-2-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-file-l2-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-handle-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-heap-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-interlocked-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-libraryloader-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-localization-l1-2-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-memory-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-namedpipe-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-processenvironment-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-processthreads-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-processthreads-l1-1-1.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-profile-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-rtlsupport-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-string-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-synch-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-synch-l1-2-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-sysinfo-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-timezone-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-util-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-crt-conio-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-crt-convert-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-crt-environment-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-crt-filesystem-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-crt-heap-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-crt-locale-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-crt-math-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-crt-multibyte-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-crt-private-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-crt-process-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-crt-runtime-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-crt-stdio-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-crt-string-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-crt-time-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-crt-utility-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\avcodec-58.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\avformat-58.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\avutil-56.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\concrt140.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\d3dcompiler_47.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\d3dx9_43.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\douwan.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\douwanaudio.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\libEGL.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\libGLESv2.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\libairplay.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\libcrypto-1_1-x64.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\libssl-1_1-x64.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\libyuv.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\mDNSResponder.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\msvcp120.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\msvcp140.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\msvcp140_1.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\msvcp140_2.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\msvcp140_atomic_wait.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\msvcp140_codecvt_ids.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\msvcr120.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\msvcrt.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\opengl32sw.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\swresample-3.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\swscale-5.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\ucrtbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\updater.exe	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\vcam.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\vccorlib140.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\vcruntime140_1.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\w32-pthreads.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\zlib.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\VCam	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\VCam\default.png	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\VCam\default_p.png	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\VCam\douwan-virtualaud32.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\VCam\douwan-virtualaud64.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\VCam\douwan-virtualcam32.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\VCam\douwan-virtualcam64.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\bearer	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\bearer\qgenericbearer.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\dashboard.css	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\dashboard.html	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\icon	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\icon\details.svg	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\icon\edit.svg	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\icon\group.svg	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\js	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\js\DlgDeviceGroupEditor.min.js	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\js\DlgDevicePreview.min.js	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\js\DlgGroupEditor.min.js	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\js\api.min.js	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\js\app.min.js	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\js\deviceGrid.min.js	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\js\deviceGridItem.min.js	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\js\deviceGroupServ.min.js	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\js\deviceServ.min.js	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\js\ws.min.js	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\vendors	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\vendors\eleTree	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\vendors\eleTree\CORS	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\vendors\eleTree\eleTree.js	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\vendors\eleTree\css	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\vendors\eleTree\css\icon.css	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\vendors\eleTree\fonts	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\vendors\eleTree\fonts\eletree_icon.eot	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\vendors\eleTree\fonts\eletree_icon.svg	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\vendors\eleTree\fonts\eletree_icon.ttf	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\vendors\eleTree\fonts\eletree_icon.woff	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\vendors\eleTree\images	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\vendors\eleTree\images\checkFull.png	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\vendors\eleTree\images\checkHalf.png	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\vendors\eleTree\images\checkNone.png	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\vendors\eleTree\images\dropdownOff.png	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\vendors\eleTree\images\dropdownOn.png	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\vendors\eleTree\images\fold.jpg	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\vendors\eleTree\images\fold.png	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\vendors\eleTree\images\leaf.jpg	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\vendors\eleTree\images\leaf.png	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\vendors\eleTree\images\radioCheck.png	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\vendors\eleTree\images\radioCheckNone.png	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\iconengines	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\iconengines\qsvgicon.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\imageformats	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\imageformats\qgif.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\imageformats\qicns.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\imageformats\qico.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\imageformats\qjpeg.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\imageformats\qpdf.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\imageformats\qsvg.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\imageformats\qtga.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\imageformats\qtiff.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\imageformats\qwbmp.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\imageformats\qwebp.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\platforms	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\platforms\qwindows.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\plugins	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\plugins\64bit	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\plugins\64bit\win-wasapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\plugins\64bit\xindawn-audio.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\plugins\64bit\xindawn-output.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\restful	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\restful\api.html	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\restful\api.js	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\restful\help.html	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\styles	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\styles\qwindowsvistastyle.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations\qt_ar.qm	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations\qt_bg.qm	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations\qt_ca.qm	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations\qt_cs.qm	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations\qt_da.qm	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations\qt_de.qm	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations\qt_en.qm	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations\qt_es.qm	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations\qt_fi.qm	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations\qt_fr.qm	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations\qt_gd.qm	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations\qt_he.qm	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations\qt_hu.qm	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations\qt_it.qm	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations\qt_ja.qm	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations\qt_ko.qm	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations\qt_lv.qm	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations\qt_pl.qm	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations\qt_ru.qm	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations\qt_sk.qm	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations\qt_tr.qm	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations\qt_uk.qm	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations\qt_zh_TW.qm	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\uninst.exe	Jump to behavior

Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\EndUserLicenseAgreement.rtf			Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\EndUserLicenseAgreement.rtf			Jump to behavior

Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe

Static PE information: certificate valid

Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.4:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 173.222.162.32:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.31.73:443 -> 192.168.2.4:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.4:49758 version: TLS 1.2

Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1973926819.0000000002765000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtsvg\plugins\imageformats\qsvg.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2063026937.0000000002762000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d3dx9_43.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1987242741.000000000276E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ucrtbase.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2026176484.0000000002765000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-file-l1-2-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1954389433.000000000276E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qico.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2059564165.0000000002769000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-debug-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1952159816.0000000002763000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Dev\XindawnGit\qtscrcpy\win_updater\bin\x64\Release\Updater.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2027026799.000000000276D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: msvcrt.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2009613605.000000000276C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Network.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1937267938.0000000002768000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1966796857.0000000002767000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: z:\projects\libusb-win32-stage\ddk_make\output\amd64\install-filter.pdbH source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1969876451.000000000276B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\a01\_work\2\s\\binaries\amd64ret\bin\amd64\\msvcp140_1.amd64.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2005869200.0000000002763000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: z:\svnmain\googlecode\usb-travis\trunk\libusbk\bin\sys\amd64\libusbK.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\bearer\qgenericbearer.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2036460974.000000000276B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\Android\libairplay\iRecorder\src\main\cpp\build-64\LibAirPlay\Release\libairplay.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1997876465.0000000002762000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: z:\projects\libusb-win32-stage\ddk_make\output\amd64\install-filter.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-heap-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1956289930.000000000539F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtsvg\lib\Qt5Svg.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1938693832.0000000002769000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1969291087.0000000002766000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\work\mesa\git\mesa\build\windows-x86_64\gallium\targets\libgl-gdi\opengl32.pdbu source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2022852168.0000000002837000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qwebp.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2067024729.000000000276D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qico.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2059564165.0000000002769000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\a01\_work\2\s\\binaries\amd64ret\bin\amd64\\concrt140.amd64.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1981616576.0000000002769000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1960125828.000000000276C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-console-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1950528544.000000000539F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\a01\_work\2\s\\binaries\amd64ret\bin\amd64\\msvcp140_atomic_wait.amd64.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2007148156.000000000276C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-private-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1972586201.0000000002762000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: msvcr120.amd64.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2008620374.0000000002763000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: z:\svnmain\googlecode\usb-travis\trunk\libusbk\bin\dll\amd64\libusbK.pdbH source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Gui.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1935438601.000000000539F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\a01\_work\2\s\\binaries\amd64ret\bin\amd64\\msvcp140_2.amd64.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2006507143.0000000002765000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-profile-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1961200502.000000000276D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-time-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1975555251.0000000002764000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qtiff.pdbBB source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2065331964.000000000276A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: z:\svnmain\googlecode\usb-travis\trunk\libusbk\bin\dll\amd64\libusbK.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-handle-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1955770091.000000000276C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: sfxcab.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Core.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1930517129.0000000002BE0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qgif.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2058236702.0000000002767000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1959537310.0000000002766000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qtga.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2064503548.000000000276A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: F:\Temp\openssl-1.1.1g\libcrypto-1_1-x64.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2000530367.0000000002768000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-localization-l1-2-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1958028208.0000000002763000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1960704021.0000000002764000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qicns.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2058945176.000000000276B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-multibyte-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1971962294.000000000539F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\qtscrcpy-new-new\output\win\x64\release\DouWan.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1961731915.0000000002767000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\Android\libairplay\iRecorder\src\main\cpp\build-64\LibAirPlay\Release\libairplay.pdb} source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1997876465.0000000002762000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-process-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1973073432.000000000276A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Dev\XindawnGit\ffmpeg\build_sdk-win-x64-clvs2017\libswscale\swscale-5.pdb''' source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2025081385.000000000276D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\work\mesa\git\mesa\build\windows-x86_64\gallium\targets\libgl-gdi\opengl32.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2022852168.0000000002837000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Z:\airparrot-windows\dependencies\mdnsresponder\mDNSResponder\mDNSWindows\SystemService\x64\Release\mDNSResponder.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2003555293.000000000276E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\platforms\qwindows.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2068735910.000000000276E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\a01\_work\2\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2029501912.0000000002768000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\libEGL.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1991642582.0000000002765000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MT /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2000530367.0000000002768000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1970380215.000000000276E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-string-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1975064291.0000000002767000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1970961082.0000000002767000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: z:\projects\libusb-win32-stage\ddk_make\output\i386\install-filter.pdbp source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: z:\projects\libusb-win32-stage\ddk_make\output\amd64\libusb0.pdbH source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtsvg\plugins\iconengines\qsvgicon.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2057603547.000000000276B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: F:\Temp\openssl-1.1.1g\libssl-1_1-x64.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2001723181.000000000276B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\a01\_work\2\s\\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2005336941.0000000002766000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: `OTHER`TEMP`PACKED<%s return value>internal error: failed to write debug data to pdb streaminternal error: failed to add section contributioninternal warning: PDB Error string is "%S"internal error: failed to close debug infointernal error: failed to close PDBinternal error: failed to open PDB for writing in streaminternal error: failed to create debug info in PDBinternal error: failed to add code section to debug infointernal error: failed to add module to debug infointernal error: failed to create type info in PDBinternal error: failed to create inline type info in PDBinternal error: failed to create source file store in PDBinternal error: failed to close source file store in PDBinternal error: failed to close module in debug infointernal error: failed to commit type info in PDBinternal error: failed to commit inline type info in PDBinternal error: failed to add section header to debug infointernal error: failed to append section header to pdbinternal error: failed to close section header in debug infointernal error: failed to close debug info in PDBinternal error: failed to commit PDBinternal error: PDB data too largeinternal error: PDB stream truncatedinternal error: failed to close source file storeinternal error: failed to close type infointernal error: pdb append failedfxl_4_0too many arguments to target TXtoo many outputs to target TXclip not supported in texture shadersinvalid reference to input semantic '%s%d'invalid reference to output semantic '%s%d'0123456789abcdef.pdbVPosSV_ViewportArrayIndexColorFailed to log error, redirecting to debug output: source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1985016363.0000000002768000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-memory-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1958336058.0000000002760000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: z:\projects\libusb-win32-stage\ddk_make\output\amd64\libusb0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1974462657.0000000002768000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\a01\_work\2\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2028977593.000000000276B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Dev\XindawnGit\ffmpeg\build_sdk-win-x64-clvs2017\libswscale\swscale-5.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2025081385.000000000276D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-util-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1967927887.000000000539F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: msvcp120.amd64.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2004495885.0000000002763000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-synch-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1963965499.000000000276E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Dev\XindawnGit\ffmpeg\build_sdk-win-x64-clvs2017\libavutil\avutil-56.pdbggg source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1980844814.0000000002763000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1952925751.0000000002769000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-file-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1953634392.0000000002768000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\bearer\qgenericbearer.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2036460974.000000000276B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Core.pdbT source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1930517129.0000000002BE0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D3DCompiler_47.pdbGCTL source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1985016363.0000000002768000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1968718763.000000000276B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qjpeg.pdbRR source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2060362109.00000000027C9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtsvg\lib\Qt5Svg.pdb** source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1938693832.0000000002769000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ucrtbase.pdbUGP source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2026176484.0000000002765000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\libGLESv2.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1994133238.0000000002767000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: z:\svnmain\googlecode\usb-travis\trunk\libusbk\bin\dll\i386\libusbK.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d3dx9_43.pdbH source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1987242741.000000000276E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qtiff.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2065331964.000000000276A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Dev\XindawnGit\ffmpeg\build_sdk-win-x64-clvs2017\libavformat\avformat-58.pdb{{{ source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1980040599.000000000276B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1951145726.0000000002764000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1968211264.0000000002760000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: z:\projects\libusb-win32-stage\ddk_make\output\i386\libusb0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-math-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1971477190.0000000002765000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: F:\Temp\openssl-1.1.1g\libcrypto-1_1-x64.pdbj source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2000530367.0000000002768000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: z:\projects\libusb-win32-stage\ddk_make\output\i386\install-filter.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\libGLESv2.pdb2 source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1994133238.0000000002767000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1975833286.0000000002760000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D3DCompiler_47.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1985016363.0000000002768000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Dev\XindawnGit\ffmpeg\build_sdk-win-x64-clvs2017\libavutil\avutil-56.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1980844814.0000000002763000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1967370015.000000000539F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-string-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1962649521.0000000002769000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-file-l2-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1954930161.0000000002769000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\hudun\AirPlayInput\x64\Release\AirPlayInput.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1898729932.000000000276E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1957395280.0000000002763000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\SDK\Qt\5.15.2\Src\qtwebengine\build_x64\plugins\imageformats\qpdf.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2061092199.000000000276D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MT /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1g 21 Apr 2020built on: Tue Apr 21 14:24:00 2020 UTCplatform: VC-WIN64A-rttOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2000530367.0000000002768000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Widgets.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1945133125.0000000002763000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Dev\XindawnGit\ffmpeg\build_sdk-win-x64-clvs2017\libavformat\avformat-58.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1980040599.000000000276B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: z:\projects\libusb-win32-stage\ddk_make\output\i386\libusb0.pdbP source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qjpeg.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2060362109.00000000027C9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qwbmp.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2066028695.0000000002766000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\a01\_work\2\s\\binaries\amd64ret\bin\amd64\\msvcp140_codecvt_ids.amd64.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2007460777.0000000002760000.00000004.00000020.00020000.00000000.sdmp

Spreading

Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Code function: 0_2_00406739 FindFirstFileW,FindClose,	0_2_00406739
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Code function: 0_2_00405AED GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,	0_2_00405AED
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Code function: 0_2_00402902 FindFirstFileW,	0_2_00402902

Networking

IP address seen in connection with other malware

Source: Joe Sandbox View

IP Address: 239.255.255.250 239.255.255.250

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4

Uses a known web browser user agent for HTTP communication

Source: global traffic	HTTP traffic detected: POST /v1/app/checkVersion?uuid=w61f0b7401cce31b61af8ef16887023fb&softversion=4.3.0.3&limituse=1&language=en-us&lang=en HTTP/1.1Host: api.douwan.videoContent-Type: application/x-www-form-urlencodedContent-Length: 92Connection: Keep-AliveAccept-Encoding: gzip, deflateAccept-Language: en-CH,*User-Agent: Mozilla/5.0
Source: global traffic	HTTP traffic detected: POST /v1/app/getMessage?uuid=w61f0b7401cce31b61af8ef16887023fb&softversion=4.3.0.3&limituse=1&language=en-us&lang=en HTTP/1.1Host: api.douwan.videoContent-Type: application/x-www-form-urlencodedCookie: airServer=995da025b8a84f29c1aa3ab92d8dcd3fContent-Length: 92Connection: Keep-AliveAccept-Encoding: gzip, deflateAccept-Language: en-CH,*User-Agent: Mozilla/5.0
Source: global traffic	HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: /User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 3592Host: login.live.com
Source: global traffic	HTTP traffic detected: POST /ppsecure/deviceaddcredential.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: /User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 7642Host: login.live.com
Source: global traffic	HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: /User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 3592Host: login.live.com
Source: global traffic	HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: /User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 4775Host: login.live.com
Source: global traffic	HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: /User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 4775Host: login.live.com
Source: global traffic	HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: /User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 4775Host: login.live.com

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 151.101.66.133
Source: unknown	TCP traffic detected without corresponding DNS query: 151.101.130.133
Source: unknown	TCP traffic detected without corresponding DNS query: 151.101.66.133
Source: unknown	TCP traffic detected without corresponding DNS query: 151.101.130.133
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.73
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.73
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.73
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.73

Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=2PgZmmtPrgnHHEs&MD=vwNG4BCV HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=2PgZmmtPrgnHHEs&MD=vwNG4BCV HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1937267938.0000000002768000.00000004.00000020.00020000.00000000.sdmp

String found in binary or memory: 04:7e:cb:e9:fc:a5:5f:7b:d0:9e:ae:36:e1:0c:ae:1email.google.comf5:c8:6a:f3:61:62:f1:3a:64:f5:4f:6d:c9:58:7c:06www.google.comd7:55:8f:da:f5:f1:10:5b:b2:13:28:2b:70:77:29:a3login.yahoo.com39:2a:43:4f:0e:07:df:1f:8a:a3:05:de:34:e0:c2:293e:75:ce:d4:6b:69:30:21:21:88:30:ae:86:a8:2a:71e9:02:8b:95:78:e4:15:dc:1a:71:0a:2b:88:15:44:47login.skype.com92:39:d5:34:8f:40:d1:69:5a:74:54:70:e1:f2:3f:43addons.mozilla.orgb0:b7:13:3e:d0:96:f9:b5:6f:ae:91:c8:74:bd:3a:c0login.live.comd8:f3:5f:4e:b7:87:2b:2d:ab:06:92:e3:15:38:2f:b0global trustee05:e2:e6:a4:cd:09:ea:54:d6:65:b0:75:fe:22:a2:56*.google.com0c:76:da:9c:91:0c:4e:2c:9e:fe:15:d0:58:93:3c:4cDigiNotar Root CAf1:4a:13:f4:87:2b:56:dc:39:df:84:ca:7a:a1:06:49DigiNotar Services CA36:16:71:55:43:42:1b:9d:e6:cb:a3:64:41:df:24:38DigiNotar Services 1024 CA0a:82:bd:1e:14:4e:88:14:d7:5b:1a:55:27:be:bf:3eDigiNotar Root CA G2a4:b6:ce:e3:2e:d3:35:46:26:3c:b3:55:3a:a8:92:21CertiID Enterprise Certificate Authority5b:d5:60:9c:64:17:68:cf:21:0e:35:fd:fb:05:ad:41DigiNotar Qualified CA46:9c:2c:b007:27:10:0dDigiNotar Cyber CA07:27:0f:f907:27:10:0301:31:69:b0DigiNotar PKIoverheid CA Overheid en Bedrijven01:31:34:bfDigiNotar PKIoverheid CA Organisatie - G2d6:d0:29:77:f1:49:fd:1a:83:f2:b9:ea:94:8c:5c:b4DigiNotar Extended Validation CA1e:7d:7a:53:3d:45:30:41:96:40:0f:71:48:1f:45:04DigiNotar Public CA 202546:9c:2c:af46:9c:3c:c907:27:14:a9Digisign Server ID (Enrich)4c:0e:63:6aDigisign Server ID - (Enrich)72:03:21:05:c5:0c:08:57:3d:8e:a5:30:4e:fe:e8:b0UTN-USERFirst-Hardware41MD5 Collisions Inc. (http://www.phreedom.org/md5)08:27*.EGO.GOV.TR08:64e-islem.kktcmerkezbankasi.org03:1d:a7AC DG Tr equals www.yahoo.com (Yahoo)

Source: global traffic	DNS traffic detected: DNS query: api.douwan.video
Source: global traffic	DNS traffic detected: DNS query: usbserver.douwan.video

Source: unknown

HTTP traffic detected: POST /v1/app/checkVersion?uuid=w61f0b7401cce31b61af8ef16887023fb&softversion=4.3.0.3&limituse=1&language=en-us&lang=en HTTP/1.1Host: api.douwan.videoContent-Type: application/x-www-form-urlencodedContent-Length: 92Connection: Keep-AliveAccept-Encoding: gzip, deflateAccept-Language: en-CH,*User-Agent: Mozilla/5.0

Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1937267938.0000000002768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://bugreports.qt.io/
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1937267938.0000000002768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://bugreports.qt.io/_q_receiveReplyensureClientPrefaceSentMicrosoft-IIS/4.Microsoft-IIS/5.Netsca
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1938693832.0000000002769000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2059564165.0000000002769000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1930517129.0000000002BE0000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1935438601.000000000539F000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2036460974.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2067024729.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2060362109.00000000027C9000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1945133125.0000000002763000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1991642582.0000000002765000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1994133238.0000000002767000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2064503548.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2058236702.0000000002767000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2063026937.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2066028695.0000000002766000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2057603547.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2068735910.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2058945176.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2065331964.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1937267938.0000000002768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceCodeSigningCA-1.crt0
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1938693832.0000000002769000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2059564165.0000000002769000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1930517129.0000000002BE0000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1935438601.000000000539F000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2036460974.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2067024729.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2060362109.00000000027C9000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1945133125.0000000002763000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1991642582.0000000002765000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1994133238.0000000002767000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2064503548.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2058236702.0000000002767000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2063026937.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2066028695.0000000002766000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2057603547.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2068735910.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2058945176.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2065331964.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1937267938.0000000002768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1938693832.0000000002769000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2059564165.0000000002769000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1930517129.0000000002BE0000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1935438601.000000000539F000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2036460974.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2067024729.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2060362109.00000000027C9000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1945133125.0000000002763000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1991642582.0000000002765000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1994133238.0000000002767000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2064503548.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2058236702.0000000002767000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2063026937.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2066028695.0000000002766000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2057603547.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2068735910.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2058945176.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2065331964.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1937267938.0000000002768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2001723181.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2000530367.0000000002768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.certum.pl/cscasha2.crl0q
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2001723181.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2000530367.0000000002768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.certum.pl/ctnca.crl0k
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1946757341.0000000002768000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2003555293.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1991137382.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1980844814.0000000002763000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2035023796.0000000002767000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2025081385.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2035809160.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2027026799.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1990132241.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1898729932.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2069552452.0000000002765000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2027698850.0000000002764000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2070158162.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2022852168.0000000002837000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2030065014.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2070785688.000000000276C000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2002612781.0000000002768000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1997876465.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2030842122.0000000002761000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.com/ca/gstsacasha384g4.crl0
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1946757341.0000000002768000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2003555293.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1991137382.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1980844814.0000000002763000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2025081385.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2027026799.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1990132241.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1898729932.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2069552452.0000000002765000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2027698850.0000000002764000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2070158162.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2022852168.0000000002837000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2030065014.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2070785688.000000000276C000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2002612781.0000000002768000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1997876465.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2030842122.0000000002761000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0U
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2035023796.0000000002767000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2035809160.000000000276A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.com/gsextendcodesignsha2g3.crl0
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1946757341.0000000002768000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2003555293.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1991137382.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1980844814.0000000002763000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2025081385.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2027026799.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1990132241.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1898729932.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2069552452.0000000002765000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2027698850.0000000002764000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2070158162.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2022852168.0000000002837000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2030065014.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2070785688.000000000276C000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2002612781.0000000002768000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1997876465.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2030842122.0000000002761000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1946757341.0000000002768000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2003555293.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1991137382.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1980844814.0000000002763000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2025081385.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2027026799.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1990132241.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1898729932.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2069552452.0000000002765000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2027698850.0000000002764000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2070158162.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2022852168.0000000002837000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2030065014.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2070785688.000000000276C000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2002612781.0000000002768000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1997876465.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2030842122.0000000002761000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2035023796.0000000002767000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2035809160.000000000276A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.com/root-r3.crl0b
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1946757341.0000000002768000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2003555293.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1991137382.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1980844814.0000000002763000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2035023796.0000000002767000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2025081385.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2035809160.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2027026799.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1990132241.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1898729932.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2069552452.0000000002765000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2027698850.0000000002764000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2070158162.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2022852168.0000000002837000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2030065014.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2070785688.000000000276C000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2002612781.0000000002768000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1997876465.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2030842122.0000000002761000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.com/root-r6.crl0G
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1946757341.0000000002768000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2003555293.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1991137382.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1980844814.0000000002763000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2035023796.0000000002767000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2025081385.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2035809160.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2027026799.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1990132241.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1898729932.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2069552452.0000000002765000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2027698850.0000000002764000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2070158162.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2022852168.0000000002837000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2030065014.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2070785688.000000000276C000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2002612781.0000000002768000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1997876465.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2030842122.0000000002761000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.com/root.crl0G
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/ObjectSign.crl0
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/Root.crl0
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/Timestamping1.crl0
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/primobject.crl0N
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/root.crl0
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2001723181.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2000530367.0000000002768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1938693832.0000000002769000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2059564165.0000000002769000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1930517129.0000000002BE0000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1935438601.000000000539F000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2036460974.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2067024729.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2060362109.00000000027C9000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1945133125.0000000002763000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1991642582.0000000002765000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1994133238.0000000002767000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2064503548.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2058236702.0000000002767000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2063026937.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2066028695.0000000002766000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2057603547.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2068735910.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2058945176.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2065331964.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1937267938.0000000002768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1938693832.0000000002769000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2059564165.0000000002769000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1930517129.0000000002BE0000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1935438601.000000000539F000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2036460974.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2067024729.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2060362109.00000000027C9000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1945133125.0000000002763000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1991642582.0000000002765000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1994133238.0000000002767000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2064503548.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2058236702.0000000002767000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2063026937.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2066028695.0000000002766000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2057603547.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2068735910.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2058945176.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2065331964.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1937267938.0000000002768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/ha-cs-2011a.crl0.
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1938693832.0000000002769000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2059564165.0000000002769000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1930517129.0000000002BE0000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1935438601.000000000539F000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2036460974.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2067024729.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2060362109.00000000027C9000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1945133125.0000000002763000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1991642582.0000000002765000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1994133238.0000000002767000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2064503548.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2058236702.0000000002767000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2063026937.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2066028695.0000000002766000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2057603547.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2068735910.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2058945176.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2065331964.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1937267938.0000000002768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1938693832.0000000002769000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2059564165.0000000002769000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1930517129.0000000002BE0000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1935438601.000000000539F000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2036460974.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2067024729.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2060362109.00000000027C9000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1945133125.0000000002763000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1991642582.0000000002765000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1994133238.0000000002767000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2064503548.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2058236702.0000000002767000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2063026937.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2066028695.0000000002766000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2057603547.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2068735910.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2058945176.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2065331964.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1937267938.0000000002768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1938693832.0000000002769000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2059564165.0000000002769000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1930517129.0000000002BE0000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1935438601.000000000539F000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2036460974.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2067024729.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2060362109.00000000027C9000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1945133125.0000000002763000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1991642582.0000000002765000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1994133238.0000000002767000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2064503548.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2058236702.0000000002767000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2063026937.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2066028695.0000000002766000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2057603547.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2068735910.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2058945176.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2065331964.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1937267938.0000000002768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/ha-cs-2011a.crl0B
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1938693832.0000000002769000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2059564165.0000000002769000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1930517129.0000000002BE0000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1935438601.000000000539F000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2036460974.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2067024729.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2060362109.00000000027C9000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1945133125.0000000002763000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1991642582.0000000002765000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1994133238.0000000002767000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2064503548.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2058236702.0000000002767000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2063026937.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2066028695.0000000002766000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2057603547.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2068735910.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2058945176.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2065331964.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1937267938.0000000002768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1938693832.0000000002769000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2059564165.0000000002769000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1930517129.0000000002BE0000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1935438601.000000000539F000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2036460974.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2067024729.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2060362109.00000000027C9000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1945133125.0000000002763000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1991642582.0000000002765000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1994133238.0000000002767000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2064503548.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2058236702.0000000002767000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2063026937.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2066028695.0000000002766000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2057603547.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2068735910.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2058945176.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2065331964.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1937267938.0000000002768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2001723181.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2000530367.0000000002768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cscasha2.ocsp-certum.com04
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1949855131.000000000276E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://developer.android.com/tools/device.html
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1949855131.000000000276E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://developer.android.com/tools/device.htmlinsufficient
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://fsf.org/
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://libusb-win32.sourceforge.net
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://libusb-win32.sourceforge.netN
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://libusb-win32.sourceforge.netb
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://libusb-win32.sourceforge.netd
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1949855131.000000000276E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://libusb.info
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://libwdi-cps.akeo.ie
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://libwdi.akeo.ie1.3.6.1.5.5.7.2.1http://libwdi-cps.akeo.ieCryptEncodeObjectCreateSelfSignedCert
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2022852168.0000000002837000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://llvm.org/):
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2099682729.0000000003551000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000000.1749727484.000000000040A000.00000008.00000001.01000000.00000003.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000002.2149538277.000000000040A000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0A
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1938693832.0000000002769000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2059564165.0000000002769000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1930517129.0000000002BE0000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1935438601.000000000539F000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2036460974.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2067024729.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2060362109.00000000027C9000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1945133125.0000000002763000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1991642582.0000000002765000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1994133238.0000000002767000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2064503548.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2058236702.0000000002767000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2063026937.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2066028695.0000000002766000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2057603547.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2068735910.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2058945176.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2065331964.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1937267938.0000000002768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0C
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0I
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1938693832.0000000002769000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2059564165.0000000002769000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1930517129.0000000002BE0000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1935438601.000000000539F000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2036460974.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2067024729.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2060362109.00000000027C9000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1945133125.0000000002763000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1991642582.0000000002765000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1994133238.0000000002767000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2064503548.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2058236702.0000000002767000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2063026937.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2066028695.0000000002766000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2057603547.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2068735910.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2058945176.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2065331964.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1937267938.0000000002768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0N
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1938693832.0000000002769000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2059564165.0000000002769000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1930517129.0000000002BE0000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1935438601.000000000539F000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2036460974.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2067024729.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2060362109.00000000027C9000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1945133125.0000000002763000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1991642582.0000000002765000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1994133238.0000000002767000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2064503548.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2058236702.0000000002767000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2063026937.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2066028695.0000000002766000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2057603547.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2068735910.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2058945176.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2065331964.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1937267938.0000000002768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0O
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0P
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1946757341.0000000002768000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2003555293.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1991137382.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1980844814.0000000002763000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2035023796.0000000002767000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2025081385.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2035809160.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2027026799.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1990132241.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1898729932.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2069552452.0000000002765000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2027698850.0000000002764000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2070158162.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2022852168.0000000002837000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2030065014.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2070785688.000000000276C000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2002612781.0000000002768000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1997876465.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2030842122.0000000002761000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.globalsign.com/ca/gstsacasha384g40C
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1946757341.0000000002768000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2003555293.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1991137382.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1980844814.0000000002763000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2025081385.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2027026799.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1990132241.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1898729932.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2069552452.0000000002765000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2027698850.0000000002764000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2070158162.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2022852168.0000000002837000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2030065014.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2070785688.000000000276C000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2002612781.0000000002768000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1997876465.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2030842122.0000000002761000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1946757341.0000000002768000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2003555293.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1991137382.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1980844814.0000000002763000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2025081385.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2027026799.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1990132241.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1898729932.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2069552452.0000000002765000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2027698850.0000000002764000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2070158162.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2022852168.0000000002837000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2030065014.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2070785688.000000000276C000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2002612781.0000000002768000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1997876465.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2030842122.0000000002761000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.globalsign.com/gsgccr45evcodesignca20200U
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1946757341.0000000002768000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2003555293.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1991137382.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1980844814.0000000002763000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2035023796.0000000002767000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2025081385.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2035809160.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2027026799.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1990132241.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1898729932.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2069552452.0000000002765000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2027698850.0000000002764000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2070158162.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2022852168.0000000002837000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2030065014.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2070785688.000000000276C000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2002612781.0000000002768000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1997876465.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2030842122.0000000002761000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.globalsign.com/rootr103
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1946757341.0000000002768000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2003555293.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1991137382.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1980844814.0000000002763000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2025081385.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2027026799.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1990132241.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1898729932.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2069552452.0000000002765000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2027698850.0000000002764000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2070158162.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2022852168.0000000002837000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2030065014.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2070785688.000000000276C000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2002612781.0000000002768000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1997876465.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2030842122.0000000002761000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.globalsign.com/rootr30;
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2001723181.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2000530367.0000000002768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.thawte.com0
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2035023796.0000000002767000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2035809160.000000000276A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp2.globalsign.com/gsextendcodesignsha2g30U
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2035023796.0000000002767000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2035809160.000000000276A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp2.globalsign.com/rootr306
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1946757341.0000000002768000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2003555293.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1991137382.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1980844814.0000000002763000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2035023796.0000000002767000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2025081385.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2035809160.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2027026799.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1990132241.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1898729932.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2069552452.0000000002765000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2027698850.0000000002764000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2070158162.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2022852168.0000000002837000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2030065014.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2070785688.000000000276C000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2002612781.0000000002768000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1997876465.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2030842122.0000000002761000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp2.globalsign.com/rootr606
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2089440667.0000000002762000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qt-project.org/
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2089440667.0000000002762000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qt.io/
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2089440667.0000000002762000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qt.io/licensing/
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2001723181.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2000530367.0000000002768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://repository.certum.pl/cscasha2.cer0
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2001723181.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2000530367.0000000002768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://repository.certum.pl/ctnca.cer09
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2001723181.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2000530367.0000000002768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s.symcb.com/universal-root.crl0
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2001723181.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2000530367.0000000002768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s.symcd.com06
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1997876465.0000000002762000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1997876465.0000000002762000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/encodingStyle(res
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1997876465.0000000002762000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1997876465.0000000002762000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/(res
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1946757341.0000000002768000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2003555293.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1991137382.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1980844814.0000000002763000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2025081385.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2027026799.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1990132241.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1898729932.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2069552452.0000000002765000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2027698850.0000000002764000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2070158162.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2022852168.0000000002837000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2030065014.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2070785688.000000000276C000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2002612781.0000000002768000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1997876465.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2030842122.0000000002761000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2035023796.0000000002767000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2035809160.000000000276A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://secure.globalsign.com/cacert/gsextendcodesignsha2g3ocsp.crt0
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1946757341.0000000002768000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2003555293.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1991137382.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1980844814.0000000002763000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2025081385.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2027026799.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1990132241.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1898729932.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2069552452.0000000002765000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2027698850.0000000002764000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2070158162.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2022852168.0000000002837000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2030065014.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2070785688.000000000276C000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2002612781.0000000002768000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1997876465.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2030842122.0000000002761000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1946757341.0000000002768000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2003555293.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1991137382.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1980844814.0000000002763000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2035023796.0000000002767000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2025081385.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2035809160.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2027026799.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1990132241.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1898729932.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2069552452.0000000002765000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2027698850.0000000002764000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2070158162.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2022852168.0000000002837000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2030065014.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2070785688.000000000276C000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2002612781.0000000002768000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1997876465.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2030842122.0000000002761000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://secure.globalsign.com/cacert/gstsacasha384g4.crt0
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1946757341.0000000002768000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2003555293.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1991137382.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1980844814.0000000002763000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2025081385.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2027026799.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1990132241.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1898729932.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2069552452.0000000002765000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2027698850.0000000002764000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2070158162.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2022852168.0000000002837000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2030065014.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2070785688.000000000276C000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2002612781.0000000002768000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1997876465.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2030842122.0000000002761000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://secure.globalsign.com/cacert/root-r3.crt06
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://secure.globalsign.net/cacert/ObjectSign.crt09
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://secure.globalsign.net/cacert/PrimObject.crt0
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://sensics.com/osvr
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2001723181.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2000530367.0000000002768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://subca.ocsp-certum.com01
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2001723181.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2000530367.0000000002768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2001723181.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2000530367.0000000002768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2001723181.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2000530367.0000000002768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2001723181.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2000530367.0000000002768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2001723181.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2000530367.0000000002768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2001723181.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2000530367.0000000002768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-ocsp.ws.symantec.com0;
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1935438601.000000000539F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/id/
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1997876465.0000000002762000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2001723181.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2000530367.0000000002768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.certum.pl/CPS0
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1935438601.000000000539F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.color.org)
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1997876465.0000000002762000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.dns-sd.org/ServiceTypes.html
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.globalsign.net/repository/0
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.globalsign.net/repository/03
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.globalsign.net/repository09
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.gnu.org/licenses/
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.gnu.org/philosophy/why-not-lgpl.html
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1937267938.0000000002768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.phreedom.org/md5)
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1937267938.0000000002768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.phreedom.org/md5)08:27
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1997876465.0000000002762000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.plutinosoft.com
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1997876465.0000000002762000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.plutinosoft.com/blog/projects/platinum
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1997876465.0000000002762000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.plutinosoft.com/blog/projects/platinumDMR-1.50urn:schemas-upnp-org:metadata-1-0/AVT/urn:u
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1997876465.0000000002762000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.plutinosoft.comDevice
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2030842122.0000000002761000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.zlib.net/D
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2022852168.0000000002837000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bugs.freedesktop.org/enter_bug.cgi?product=Mesa
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2039883635.0000000002769000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.staticfile.org/axios/1.4.0/axios.min.js
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2039883635.0000000002769000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.staticfile.org/layui/2.8.11/css/layui.min.css
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2039883635.0000000002769000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.staticfile.org/layui/2.8.11/layui.js
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2072473118.0000000002768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.staticfile.org/layui/2.8.3/css/layui.min.css
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2072473118.0000000002768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.staticfile.org/layui/2.8.3/layui.js
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.freescale.com/message/493287#493287
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2001723181.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2000530367.0000000002768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d.symcb.com/cps0%
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2001723181.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2000530367.0000000002768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d.symcb.com/rpa0
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2001723181.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2000530367.0000000002768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d.symcb.com/rpa0.
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000002.2149947105.0000000000591000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1752250340.0000000002767000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1925391754.000000000276E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://douwan.video/compatibility
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1960046524.00000000005CD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://douwan.video/compatibility.html
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000002.2149947105.0000000000591000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1752250340.0000000002767000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://douwan.videoPublisher
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2047407200.0000000002762000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/hsiangleev/eleTree.git
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1980844814.0000000002763000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://streams.videolan.org/upload/
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2001723181.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2000530367.0000000002768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.certum.pl/CPS0
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1938693832.0000000002769000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2059564165.0000000002769000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1930517129.0000000002BE0000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1935438601.000000000539F000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2036460974.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2067024729.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2060362109.00000000027C9000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1945133125.0000000002763000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1991642582.0000000002765000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1994133238.0000000002767000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2064503548.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2058236702.0000000002767000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2063026937.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2066028695.0000000002766000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2057603547.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2068735910.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2058945176.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2065331964.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1937267938.0000000002768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.digicert.com/CPS0
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1997876465.0000000002762000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.douwan.video
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1997876465.0000000002762000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.douwan.video/
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1997876465.0000000002762000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.douwan.video/https://www.douwan.video
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1946757341.0000000002768000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2003555293.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1991137382.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1980844814.0000000002763000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2035023796.0000000002767000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2025081385.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2035809160.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2027026799.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1990132241.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1898729932.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2069552452.0000000002765000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2027698850.0000000002764000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2070158162.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2022852168.0000000002837000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2030065014.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2070785688.000000000276C000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2002612781.0000000002768000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1997876465.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2030842122.0000000002761000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.globalsign.com/repository/0
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2001723181.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2000530367.0000000002768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.openssl.org/H
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1997876465.0000000002762000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.openssl.org/docs/faq.html
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1997876465.0000000002762000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://xindawn.douwan.video/
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1997876465.0000000002762000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://xindawn.douwan.video/0000000012345678TEST

Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443

Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.4:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 173.222.162.32:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.31.73:443 -> 192.168.2.4:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.4:49758 version: TLS 1.2

Key, Mouse, Clipboard, Microphone and Screen Capturing

Contains functionality for read data from the clipboard

Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe

Code function: 0_2_00405582 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,

0_2_00405582

Installs a raw input device (often for capturing keystrokes)

Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1946757341.0000000002768000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: GetRawInputData

memstr_393c1d4b-b

Yara detected Keylogger Generic

Source: Yara match

File source: Process Memory Space: DouWan-Video-Setup-En-4.3.0.3-x64.exe PID: 6552, type: MEMORYSTR

System Summary

Contains functionality to shutdown / reboot the system

Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe

Code function: 0_2_0040348F EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,ExitProcess,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,

0_2_0040348F

Creates driver files

Source: C:\Program Files\douwan\DouWan.exe

File created: C:\Users\user\AppData\Local\Temp\libusb0.sys

Jump to behavior

Detected potential crypto function

Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Code function: 0_2_00406AFA	0_2_00406AFA
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_665A96B0	13_2_665A96B0
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_6AD02285	13_2_6AD02285
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_6AD03B22	13_2_6AD03B22
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_6AD0BC8D	13_2_6AD0BC8D
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_6AD01CA2	13_2_6AD01CA2
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF83380A0	13_2_00007FFDF83380A0
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF83130C0	13_2_00007FFDF83130C0
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF832B8D0	13_2_00007FFDF832B8D0
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF833F060	13_2_00007FFDF833F060
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF832D890	13_2_00007FFDF832D890
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF82FA0A0	13_2_00007FFDF82FA0A0
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF8316130	13_2_00007FFDF8316130
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF830D140	13_2_00007FFDF830D140
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF8323950	13_2_00007FFDF8323950
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF834E0F0	13_2_00007FFDF834E0F0
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF833E110	13_2_00007FFDF833E110
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF834F9A0	13_2_00007FFDF834F9A0
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF83521B0	13_2_00007FFDF83521B0
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF83399D0	13_2_00007FFDF83399D0
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF834A1D0	13_2_00007FFDF834A1D0
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF82F2960	13_2_00007FFDF82F2960
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF8349980	13_2_00007FFDF8349980
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF8313190	13_2_00007FFDF8313190
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF8309A20	13_2_00007FFDF8309A20
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF830A220	13_2_00007FFDF830A220
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF82F7A10	13_2_00007FFDF82F7A10
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF8341230	13_2_00007FFDF8341230
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF8334A50	13_2_00007FFDF8334A50
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF83389E0	13_2_00007FFDF83389E0
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF83449E0	13_2_00007FFDF83449E0
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF82F6A50	13_2_00007FFDF82F6A50
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF83439F0	13_2_00007FFDF83439F0
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF8309200	13_2_00007FFDF8309200
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF83432A0	13_2_00007FFDF83432A0
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF83482A0	13_2_00007FFDF83482A0
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF8348AB0	13_2_00007FFDF8348AB0
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF83072C0	13_2_00007FFDF83072C0
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF832FA90	13_2_00007FFDF832FA90
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF8320A90	13_2_00007FFDF8320A90
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF8324290	13_2_00007FFDF8324290
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF8345350	13_2_00007FFDF8345350
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF8344310	13_2_00007FFDF8344310
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF8306B70	13_2_00007FFDF8306B70
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF830BB80	13_2_00007FFDF830BB80
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF8339390	13_2_00007FFDF8339390
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF83213F0	13_2_00007FFDF83213F0
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF83253F0	13_2_00007FFDF83253F0
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF8306440	13_2_00007FFDF8306440
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF830EC60	13_2_00007FFDF830EC60
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF8305CD0	13_2_00007FFDF8305CD0
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF831C480	13_2_00007FFDF831C480
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF8351490	13_2_00007FFDF8351490
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF8344520	13_2_00007FFDF8344520
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF831D530	13_2_00007FFDF831D530
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF8330540	13_2_00007FFDF8330540
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF8321D40	13_2_00007FFDF8321D40
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF8325D40	13_2_00007FFDF8325D40
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF83354E0	13_2_00007FFDF83354E0
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF833BCF0	13_2_00007FFDF833BCF0
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF8336CF0	13_2_00007FFDF8336CF0
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF831CCF0	13_2_00007FFDF831CCF0
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF82F7D40	13_2_00007FFDF82F7D40
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF833DDB0	13_2_00007FFDF833DDB0
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF831DDB0	13_2_00007FFDF831DDB0
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF830FDC0	13_2_00007FFDF830FDC0
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF8342D60	13_2_00007FFDF8342D60
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF834AD60	13_2_00007FFDF834AD60
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF8309570	13_2_00007FFDF8309570
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF833A620	13_2_00007FFDF833A620
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF832F630	13_2_00007FFDF832F630
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF8343650	13_2_00007FFDF8343650
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF8308DF0	13_2_00007FFDF8308DF0
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF8315E10	13_2_00007FFDF8315E10
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF83226A0	13_2_00007FFDF83226A0
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF82F7680	13_2_00007FFDF82F7680
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF831E6C0	13_2_00007FFDF831E6C0
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF82F9660	13_2_00007FFDF82F9660
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF832CE60	13_2_00007FFDF832CE60
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF82F1EC0	13_2_00007FFDF82F1EC0
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF82FB6B0	13_2_00007FFDF82FB6B0
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF83A58A0	13_2_00007FFDF83A58A0
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF83908B0	13_2_00007FFDF83908B0
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF83830D0	13_2_00007FFDF83830D0
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF839F880	13_2_00007FFDF839F880
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF83A6090	13_2_00007FFDF83A6090
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF83AB9C0	13_2_00007FFDF83AB9C0
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF8382A60	13_2_00007FFDF8382A60
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF83992F0	13_2_00007FFDF83992F0

Found potential string decryption / allocating functions

Source: C:\Program Files\douwan\DouWan.exe	Code function: String function: 665B5C00 appears 63 times
Source: C:\Program Files\douwan\DouWan.exe	Code function: String function: 00007FFDF8395B40 appears 91 times

One or more processes crash

Source: C:\Windows\System32\conhost.exe

Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 488 -p 6016 -ip 6016

PE file contains executable resources (Code or Archives)

Source: ucrtbase.dll.0.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: winusbcoinstaller2.dll.13.dr	Static PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, Microsoft Standalone Update, 256987 bytes, 4 files, at 0x44 +A "WSUSSCAN.cab" +A "Windows6.0-KB971286-x64.cab", flags 0x4, number 1, extra bytes 20 in head, 9 datablocks, 0x1 compression
Source: winusbcoinstaller2.dll.13.dr	Static PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows

PE file contains more sections than normal

Source: zlib.dll.0.dr	Static PE information: Number of sections : 20 > 10
Source: libyuv.dll.0.dr	Static PE information: Number of sections : 11 > 10
Source: SDL2.dll.0.dr	Static PE information: Number of sections : 12 > 10

PE file does not import any functions

Source: api-ms-win-core-interlocked-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-processenvironment-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-util-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-private-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-console-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-process-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-timezone-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l2-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-debug-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-string-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-localization-l1-2-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-profile-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-datetime-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-math-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-locale-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-time-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-namedpipe-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-2-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-sysinfo-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-libraryloader-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-heap-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-environment-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-stdio-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-errorhandling-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-handle-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-2-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-1.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-utility-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-filesystem-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-multibyte-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-rtlsupport-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-conio-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-heap-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-convert-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-runtime-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-string-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-memory-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found

Sample file is different than original file name gathered from version info

Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1946757341.0000000002768000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSDL2.dllR vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2061092199.000000000276D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqpdf.dll( vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1974462657.0000000002768000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1938693832.0000000002769000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameQt5Svg.dll( vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2003555293.000000000276E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamemDNSResponder.exe0 vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2059564165.0000000002769000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqico.dll( vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1970961082.0000000002767000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1930517129.0000000002BE0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameQt5Core.dll( vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1967927887.000000000539F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1935438601.000000000539F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameQt5Gui.dll( vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1950528544.000000000539F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2036460974.000000000276B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqgenericbearer.dll( vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2067024729.000000000276D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqwebp.dll( vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1975833286.0000000002760000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2026176484.0000000002765000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameucrtbase.dllj% vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2060362109.00000000027C9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqjpeg.dll( vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1966796857.0000000002767000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1952159816.0000000002763000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1960704021.0000000002764000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1975555251.0000000002764000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1945133125.0000000002763000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameQt5Widgets.dll( vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2008620374.0000000002763000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamemsvcr120.dll^ vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2035023796.0000000002767000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameDouWan-VcamD vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2001723181.000000000276B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamelibsslH vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2005869200.0000000002763000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamemsvcp140_1.dllT vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2029501912.0000000002768000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamevcruntime140_1.dllT vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1991642582.0000000002765000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamelibEGL.dll. vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1971477190.0000000002765000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1994133238.0000000002767000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamelibGLESv2.dll4 vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2064503548.000000000276A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqtga.dll( vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2058236702.0000000002767000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqgif.dll( vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2063026937.0000000002762000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqsvg.dll( vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1980040599.000000000276B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: WM/OriginalFilename vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1980040599.000000000276B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: WM/AlbumArtistalbum_artistWM/AlbumTitlealbumAuthorartistDescriptioncommentWM/ComposercomposerWM/EncodedByencoded_byWM/EncodingSettingsencoderWM/GenregenreWM/LanguagelanguageWM/OriginalFilenamefilenameWM/PartOfSetdiscWM/PublisherpublisherWM/ToolWM/TrackNumbertrackWM/MediaStationCallSignservice_providerWM/MediaStationNameservice_name vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1962649521.0000000002769000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1969291087.0000000002766000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2007148156.0000000002776000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamemsvcp140_atomic_wait.dllT vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2006507143.0000000002765000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamemsvcp140_2.dllT vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2007460777.0000000002760000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamemsvcp140_codecvt_ids.dllT vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2066028695.0000000002766000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqwbmp.dll( vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2035809160.000000000276A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameDouWan-VcamD vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2027026799.000000000276D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameUpdater.exe> vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1957395280.0000000002763000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1975064291.0000000002767000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2000530367.0000000002768000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamelibcryptoH vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1961200502.000000000276D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2005336941.0000000002766000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamemsvcp140.dllT vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2057603547.000000000276B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqsvgicon.dll( vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1968718763.000000000276B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1958028208.0000000002763000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1958336058.0000000002760000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2028977593.000000000276B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamevcruntime140.dllT vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1951145726.0000000002764000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2068735910.000000000276E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqwindows.dll( vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1967370015.000000000539F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1953634392.0000000002768000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1954389433.000000000276E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1959537310.0000000002766000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1972586201.0000000002762000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2058945176.000000000276B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqicns.dll( vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2004495885.0000000002763000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamemsvcp120.dll^ vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1968211264.0000000002760000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1956289930.000000000539F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1981616576.0000000002769000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameconcrt140.dllT vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2009613605.000000000276C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamemsvcrt.dllj% vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1973073432.000000000276A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1973926819.0000000002765000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2065331964.000000000276A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqtiff.dll( vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSFXCAB.EXEj% vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameWUDF_UPDATE_PACKAGE_NAME.dllj% vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamelibusb0.dllF vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameinstall-filter.exe\ vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamelibusb0.sysZ vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamelibusbK.sys8 vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamelibusbK.dll8 vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1955770091.000000000276C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1970380215.000000000276E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1961731915.0000000002767000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1960125828.000000000276C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1971962294.000000000539F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1937267938.0000000002768000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameQt5Network.dll( vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1963965499.000000000276E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1954930161.0000000002769000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1969876451.000000000276B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2030842122.0000000002761000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamezlib1.dll* vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1952925751.0000000002769000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs DouWan-Video-Setup-En-4.3.0.3-x64.exe

Uses 32bit PE files

Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: Qt5Core.dll.0.dr	Static PE information: Section: .qtmimed ZLIB complexity 0.997458770800317
Source: adb.exe.0.dr	Static PE information: Section: .data ZLIB complexity 0.989382571585903

Source: classification engine

Classification label: sus26.evad.winEXE@24/194@2/5

Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe

0_2_0040348F

Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe

Code function: 0_2_00404822 GetDlgItem,SetWindowTextW,SHAutoComplete,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceExW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,

0_2_00404822

Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe

Code function: 0_2_004021A2 CoCreateInstance,

0_2_004021A2

Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe

File created: C:\Program Files\douwan

Jump to behavior

Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DouWan

Jump to behavior

Source: C:\Program Files\douwan\DouWan.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4520:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5820:120:WilError_03
Source: C:\Program Files\douwan\DouWan.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\wdi_destroy_list
Source: C:\Program Files\douwan\DouWan.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\wdi_create_list
Source: C:\Windows\System32\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6016
Source: C:\Program Files\douwan\DouWan.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\wdi_register_logger

Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe

File created: C:\Users\user\AppData\Local\Temp\nsfFCB5.tmp

Jump to behavior

Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe

File read: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe "C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe"
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Process created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall add rule name="DouWan" dir=in action=allow program="C:\Program Files\douwan\DouWan.exe"
Source: C:\Windows\SysWOW64\netsh.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /i /s "C:\Program Files\douwan\VCam\douwan-virtualcam32.dll"
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /i /s "C:\Program Files\douwan\VCam\douwan-virtualaud32.dll"
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /i /s "C:\Program Files\douwan\VCam\douwan-virtualcam64.dll"
Source: C:\Windows\SysWOW64\regsvr32.exe	Process created: C:\Windows\System32\regsvr32.exe /i /s "C:\Program Files\douwan\VCam\douwan-virtualcam64.dll"
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /i /s "C:\Program Files\douwan\VCam\douwan-virtualaud64.dll"
Source: C:\Windows\SysWOW64\regsvr32.exe	Process created: C:\Windows\System32\regsvr32.exe /i /s "C:\Program Files\douwan\VCam\douwan-virtualaud64.dll"
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Process created: C:\Program Files\douwan\DouWan.exe "C:\Program Files\douwan\DouWan.exe"
Source: C:\Program Files\douwan\DouWan.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get uuid
Source: C:\Windows\System32\wbem\WMIC.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\conhost.exe	Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 488 -p 6016 -ip 6016
Source: C:\Program Files\douwan\DouWan.exe	Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 6016 -s 3156
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Process created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall add rule name="DouWan" dir=in action=allow program="C:\Program Files\douwan\DouWan.exe"	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /i /s "C:\Program Files\douwan\VCam\douwan-virtualcam32.dll"	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /i /s "C:\Program Files\douwan\VCam\douwan-virtualaud32.dll"	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /i /s "C:\Program Files\douwan\VCam\douwan-virtualcam64.dll"	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /i /s "C:\Program Files\douwan\VCam\douwan-virtualaud64.dll"	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Process created: C:\Program Files\douwan\DouWan.exe "C:\Program Files\douwan\DouWan.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Process created: C:\Windows\System32\regsvr32.exe /i /s "C:\Program Files\douwan\VCam\douwan-virtualcam64.dll"	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Process created: C:\Windows\System32\regsvr32.exe /i /s "C:\Program Files\douwan\VCam\douwan-virtualaud64.dll"	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get uuid	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process created: unknown unknown

Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: ifmon.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: mprapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: rasmontr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: mfc42u.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: authfwcfg.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: fwpolicyiomgr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: firewallapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: fwbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: dhcpcmonitor.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: dot3cfg.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: dot3api.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: onex.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: eappcfg.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: eappprxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: fwcfg.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: hnetmon.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: netshell.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: netsetupapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: netiohlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: nshhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: httpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: nshipsec.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: activeds.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: polstore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: winipsec.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: adsldpc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: adsldpc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: nshwfp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: p2pnetsh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: p2p.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: rpcnsh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: whhelper.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: wlancfg.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: wlanapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: wshelper.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: wevtapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: peerdistsh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: wcmapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: rmclient.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: mobilenetworking.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: ktmw32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: mprmsg.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: quartz.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: devenum.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: quartz.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: devenum.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: quartz.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: devenum.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: vcruntime140_1.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: quartz.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: devenum.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: avformat-58.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: avcodec-58.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: avutil-56.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: swresample-3.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: libairplay.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: vcam.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: sdl2.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: libyuv.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: qt5widgets.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: qt5gui.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: qt5network.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: qt5core.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: wlanapi.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: opengl32.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: d3d9.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: d3dx9_43.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: douwanaudio.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: vcruntime140_1.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: avutil-56.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: mfplat.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: qt5core.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: vcruntime140_1.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: qt5core.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: msvcp140_1.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: vcruntime140_1.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: qt5core.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: vcruntime140_1.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: vcruntime140_1.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: msvcp140_1.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: vcruntime140_1.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: douwan.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: glu32.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: w32-pthreads.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: swscale-5.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: zlib.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: rtworkq.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: quserex.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: appxdeploymentclient.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: netprofm.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: npmproxy.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: libcrypto-1_1-x64.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: mmdevapi.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: avrt.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: wscapi.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: airplayinput.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: windows.devices.radios.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: windows.devices.bluetooth.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: windows.networking.hostname.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: windows.networking.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: biwinrt.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: windows.networking.connectivity.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: firewallapi.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: fwbase.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: mdnsresponder.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: capabilityaccessmanagerclient.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: cryptdll.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: windows.devices.enumeration.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: structuredquery.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: windows.globalization.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: bcp47mrm.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: icu.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: mswb7.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: devdispitemprovider.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: qt5pdf.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: qt5svg.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: dataexchange.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: framedynos.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: msxml6.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: vcruntime140.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: vcruntime140_1.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: vbscript.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: sxs.dll

Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

Jump to behavior

Source: DouWan.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\douwan\DouWan.exe
Source: DouWan.lnk0.0.dr	LNK file: ..\..\..\Program Files\douwan\DouWan.exe
Source: Uninstall DouWan.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\douwan\uninst.exe

Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe

File written: C:\Users\user\AppData\Local\Temp\nsaFD81.tmp\ioSpecial.ini

Jump to behavior

Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Automated click: Next >
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Automated click: I accept the terms of the License Agreement
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Automated click: Next >
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Automated click: Install

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe

Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\AdbWinApi.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\AdbWinUsbApi.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\AirPlayInput.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\DouWan.exe	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\EndUserLicenseAgreement.rtf	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\Qt5Core.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\Qt5Gui.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\Qt5Network.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\Qt5Svg.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\Qt5Widgets.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\SDL2.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\SoftwareLicence.txt	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\adb.exe	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-console-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-datetime-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-debug-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-errorhandling-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-file-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-file-l1-2-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-file-l2-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-handle-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-heap-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-interlocked-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-libraryloader-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-localization-l1-2-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-memory-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-namedpipe-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-processenvironment-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-processthreads-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-processthreads-l1-1-1.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-profile-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-rtlsupport-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-string-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-synch-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-synch-l1-2-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-sysinfo-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-timezone-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-util-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-crt-conio-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-crt-convert-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-crt-environment-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-crt-filesystem-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-crt-heap-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-crt-locale-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-crt-math-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-crt-multibyte-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-crt-private-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-crt-process-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-crt-runtime-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-crt-stdio-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-crt-string-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-crt-time-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-crt-utility-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\avcodec-58.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\avformat-58.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\avutil-56.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\concrt140.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\d3dcompiler_47.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\d3dx9_43.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\douwan.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\douwanaudio.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\libEGL.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\libGLESv2.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\libairplay.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\libcrypto-1_1-x64.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\libssl-1_1-x64.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\libyuv.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\mDNSResponder.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\msvcp120.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\msvcp140.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\msvcp140_1.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\msvcp140_2.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\msvcp140_atomic_wait.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\msvcp140_codecvt_ids.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\msvcr120.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\msvcrt.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\opengl32sw.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\swresample-3.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\swscale-5.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\ucrtbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\updater.exe	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\vcam.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\vccorlib140.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\vcruntime140_1.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\w32-pthreads.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\zlib.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\VCam	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\VCam\default.png	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\VCam\default_p.png	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\VCam\douwan-virtualaud32.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\VCam\douwan-virtualaud64.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\VCam\douwan-virtualcam32.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\VCam\douwan-virtualcam64.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\bearer	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\bearer\qgenericbearer.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\dashboard.css	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\dashboard.html	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\icon	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\icon\details.svg	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\icon\edit.svg	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\icon\group.svg	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\js	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\js\DlgDeviceGroupEditor.min.js	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\js\DlgDevicePreview.min.js	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\js\DlgGroupEditor.min.js	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\js\api.min.js	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\js\app.min.js	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\js\deviceGrid.min.js	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\js\deviceGridItem.min.js	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\js\deviceGroupServ.min.js	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\js\deviceServ.min.js	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\js\ws.min.js	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\vendors	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\vendors\eleTree	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\vendors\eleTree\CORS	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\vendors\eleTree\eleTree.js	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\vendors\eleTree\css	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\vendors\eleTree\css\icon.css	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\vendors\eleTree\fonts	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\vendors\eleTree\fonts\eletree_icon.eot	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\vendors\eleTree\fonts\eletree_icon.svg	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\vendors\eleTree\fonts\eletree_icon.ttf	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\vendors\eleTree\fonts\eletree_icon.woff	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\vendors\eleTree\images	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\vendors\eleTree\images\checkFull.png	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\vendors\eleTree\images\checkHalf.png	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\vendors\eleTree\images\checkNone.png	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\vendors\eleTree\images\dropdownOff.png	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\vendors\eleTree\images\dropdownOn.png	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\vendors\eleTree\images\fold.jpg	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\vendors\eleTree\images\fold.png	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\vendors\eleTree\images\leaf.jpg	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\vendors\eleTree\images\leaf.png	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\vendors\eleTree\images\radioCheck.png	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\vendors\eleTree\images\radioCheckNone.png	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\iconengines	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\iconengines\qsvgicon.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\imageformats	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\imageformats\qgif.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\imageformats\qicns.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\imageformats\qico.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\imageformats\qjpeg.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\imageformats\qpdf.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\imageformats\qsvg.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\imageformats\qtga.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\imageformats\qtiff.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\imageformats\qwbmp.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\imageformats\qwebp.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\platforms	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\platforms\qwindows.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\plugins	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\plugins\64bit	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\plugins\64bit\win-wasapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\plugins\64bit\xindawn-audio.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\plugins\64bit\xindawn-output.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\restful	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\restful\api.html	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\restful\api.js	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\restful\help.html	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\styles	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\styles\qwindowsvistastyle.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations\qt_ar.qm	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations\qt_bg.qm	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations\qt_ca.qm	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations\qt_cs.qm	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations\qt_da.qm	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations\qt_de.qm	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations\qt_en.qm	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations\qt_es.qm	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations\qt_fi.qm	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations\qt_fr.qm	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations\qt_gd.qm	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations\qt_he.qm	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations\qt_hu.qm	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations\qt_it.qm	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations\qt_ja.qm	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations\qt_ko.qm	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations\qt_lv.qm	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations\qt_pl.qm	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations\qt_ru.qm	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations\qt_sk.qm	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations\qt_tr.qm	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations\qt_uk.qm	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations\qt_zh_TW.qm	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\uninst.exe	Jump to behavior

Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe

Static PE information: certificate valid

Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe

Static file information: File size 46547184 > 1048576

Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1973926819.0000000002765000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtsvg\plugins\imageformats\qsvg.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2063026937.0000000002762000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d3dx9_43.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1987242741.000000000276E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ucrtbase.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2026176484.0000000002765000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-file-l1-2-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1954389433.000000000276E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qico.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2059564165.0000000002769000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-debug-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1952159816.0000000002763000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Dev\XindawnGit\qtscrcpy\win_updater\bin\x64\Release\Updater.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2027026799.000000000276D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: msvcrt.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2009613605.000000000276C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Network.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1937267938.0000000002768000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1966796857.0000000002767000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: z:\projects\libusb-win32-stage\ddk_make\output\amd64\install-filter.pdbH source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1969876451.000000000276B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\a01\_work\2\s\\binaries\amd64ret\bin\amd64\\msvcp140_1.amd64.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2005869200.0000000002763000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: z:\svnmain\googlecode\usb-travis\trunk\libusbk\bin\sys\amd64\libusbK.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\bearer\qgenericbearer.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2036460974.000000000276B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\Android\libairplay\iRecorder\src\main\cpp\build-64\LibAirPlay\Release\libairplay.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1997876465.0000000002762000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: z:\projects\libusb-win32-stage\ddk_make\output\amd64\install-filter.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-heap-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1956289930.000000000539F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtsvg\lib\Qt5Svg.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1938693832.0000000002769000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1969291087.0000000002766000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\work\mesa\git\mesa\build\windows-x86_64\gallium\targets\libgl-gdi\opengl32.pdbu source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2022852168.0000000002837000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qwebp.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2067024729.000000000276D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qico.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2059564165.0000000002769000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\a01\_work\2\s\\binaries\amd64ret\bin\amd64\\concrt140.amd64.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1981616576.0000000002769000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1960125828.000000000276C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-console-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1950528544.000000000539F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\a01\_work\2\s\\binaries\amd64ret\bin\amd64\\msvcp140_atomic_wait.amd64.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2007148156.000000000276C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-private-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1972586201.0000000002762000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: msvcr120.amd64.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2008620374.0000000002763000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: z:\svnmain\googlecode\usb-travis\trunk\libusbk\bin\dll\amd64\libusbK.pdbH source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Gui.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1935438601.000000000539F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\a01\_work\2\s\\binaries\amd64ret\bin\amd64\\msvcp140_2.amd64.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2006507143.0000000002765000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-profile-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1961200502.000000000276D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-time-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1975555251.0000000002764000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qtiff.pdbBB source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2065331964.000000000276A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: z:\svnmain\googlecode\usb-travis\trunk\libusbk\bin\dll\amd64\libusbK.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-handle-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1955770091.000000000276C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: sfxcab.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Core.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1930517129.0000000002BE0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qgif.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2058236702.0000000002767000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1959537310.0000000002766000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qtga.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2064503548.000000000276A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: F:\Temp\openssl-1.1.1g\libcrypto-1_1-x64.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2000530367.0000000002768000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-localization-l1-2-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1958028208.0000000002763000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1960704021.0000000002764000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qicns.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2058945176.000000000276B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-multibyte-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1971962294.000000000539F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\qtscrcpy-new-new\output\win\x64\release\DouWan.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1961731915.0000000002767000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\Android\libairplay\iRecorder\src\main\cpp\build-64\LibAirPlay\Release\libairplay.pdb} source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1997876465.0000000002762000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-process-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1973073432.000000000276A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Dev\XindawnGit\ffmpeg\build_sdk-win-x64-clvs2017\libswscale\swscale-5.pdb''' source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2025081385.000000000276D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\work\mesa\git\mesa\build\windows-x86_64\gallium\targets\libgl-gdi\opengl32.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2022852168.0000000002837000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Z:\airparrot-windows\dependencies\mdnsresponder\mDNSResponder\mDNSWindows\SystemService\x64\Release\mDNSResponder.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2003555293.000000000276E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\platforms\qwindows.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2068735910.000000000276E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\a01\_work\2\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2029501912.0000000002768000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\libEGL.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1991642582.0000000002765000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MT /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2000530367.0000000002768000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1970380215.000000000276E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-string-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1975064291.0000000002767000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1970961082.0000000002767000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: z:\projects\libusb-win32-stage\ddk_make\output\i386\install-filter.pdbp source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: z:\projects\libusb-win32-stage\ddk_make\output\amd64\libusb0.pdbH source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtsvg\plugins\iconengines\qsvgicon.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2057603547.000000000276B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: F:\Temp\openssl-1.1.1g\libssl-1_1-x64.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2001723181.000000000276B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\a01\_work\2\s\\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2005336941.0000000002766000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: `OTHER`TEMP`PACKED<%s return value>internal error: failed to write debug data to pdb streaminternal error: failed to add section contributioninternal warning: PDB Error string is "%S"internal error: failed to close debug infointernal error: failed to close PDBinternal error: failed to open PDB for writing in streaminternal error: failed to create debug info in PDBinternal error: failed to add code section to debug infointernal error: failed to add module to debug infointernal error: failed to create type info in PDBinternal error: failed to create inline type info in PDBinternal error: failed to create source file store in PDBinternal error: failed to close source file store in PDBinternal error: failed to close module in debug infointernal error: failed to commit type info in PDBinternal error: failed to commit inline type info in PDBinternal error: failed to add section header to debug infointernal error: failed to append section header to pdbinternal error: failed to close section header in debug infointernal error: failed to close debug info in PDBinternal error: failed to commit PDBinternal error: PDB data too largeinternal error: PDB stream truncatedinternal error: failed to close source file storeinternal error: failed to close type infointernal error: pdb append failedfxl_4_0too many arguments to target TXtoo many outputs to target TXclip not supported in texture shadersinvalid reference to input semantic '%s%d'invalid reference to output semantic '%s%d'0123456789abcdef.pdbVPosSV_ViewportArrayIndexColorFailed to log error, redirecting to debug output: source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1985016363.0000000002768000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-memory-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1958336058.0000000002760000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: z:\projects\libusb-win32-stage\ddk_make\output\amd64\libusb0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1974462657.0000000002768000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\a01\_work\2\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2028977593.000000000276B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Dev\XindawnGit\ffmpeg\build_sdk-win-x64-clvs2017\libswscale\swscale-5.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2025081385.000000000276D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-util-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1967927887.000000000539F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: msvcp120.amd64.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2004495885.0000000002763000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-synch-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1963965499.000000000276E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Dev\XindawnGit\ffmpeg\build_sdk-win-x64-clvs2017\libavutil\avutil-56.pdbggg source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1980844814.0000000002763000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1952925751.0000000002769000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-file-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1953634392.0000000002768000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\bearer\qgenericbearer.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2036460974.000000000276B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Core.pdbT source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1930517129.0000000002BE0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D3DCompiler_47.pdbGCTL source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1985016363.0000000002768000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1968718763.000000000276B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qjpeg.pdbRR source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2060362109.00000000027C9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtsvg\lib\Qt5Svg.pdb** source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1938693832.0000000002769000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ucrtbase.pdbUGP source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2026176484.0000000002765000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\libGLESv2.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1994133238.0000000002767000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: z:\svnmain\googlecode\usb-travis\trunk\libusbk\bin\dll\i386\libusbK.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d3dx9_43.pdbH source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1987242741.000000000276E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qtiff.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2065331964.000000000276A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Dev\XindawnGit\ffmpeg\build_sdk-win-x64-clvs2017\libavformat\avformat-58.pdb{{{ source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1980040599.000000000276B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1951145726.0000000002764000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1968211264.0000000002760000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: z:\projects\libusb-win32-stage\ddk_make\output\i386\libusb0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-math-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1971477190.0000000002765000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: F:\Temp\openssl-1.1.1g\libcrypto-1_1-x64.pdbj source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2000530367.0000000002768000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: z:\projects\libusb-win32-stage\ddk_make\output\i386\install-filter.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\libGLESv2.pdb2 source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1994133238.0000000002767000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1975833286.0000000002760000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D3DCompiler_47.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1985016363.0000000002768000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Dev\XindawnGit\ffmpeg\build_sdk-win-x64-clvs2017\libavutil\avutil-56.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1980844814.0000000002763000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1967370015.000000000539F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-string-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1962649521.0000000002769000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-file-l2-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1954930161.0000000002769000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\hudun\AirPlayInput\x64\Release\AirPlayInput.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1898729932.000000000276E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1957395280.0000000002763000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\SDK\Qt\5.15.2\Src\qtwebengine\build_x64\plugins\imageformats\qpdf.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2061092199.000000000276D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MT /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1g 21 Apr 2020built on: Tue Apr 21 14:24:00 2020 UTCplatform: VC-WIN64A-rttOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2000530367.0000000002768000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Widgets.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1945133125.0000000002763000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Dev\XindawnGit\ffmpeg\build_sdk-win-x64-clvs2017\libavformat\avformat-58.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1980040599.000000000276B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: z:\projects\libusb-win32-stage\ddk_make\output\i386\libusb0.pdbP source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qjpeg.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2060362109.00000000027C9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qwbmp.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2066028695.0000000002766000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\a01\_work\2\s\\binaries\amd64ret\bin\amd64\\msvcp140_codecvt_ids.amd64.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2007460777.0000000002760000.00000004.00000020.00020000.00000000.sdmp

Data Obfuscation

Binary contains a suspicious time stamp

Source: msvcrt.dll.0.dr

Static PE information: 0xF5BDEFD7 [Wed Aug 25 08:27:03 2100 UTC]

PE file contains an invalid checksum

Source: qpdf.dll.0.dr	Static PE information: real checksum: 0x0 should be: 0x9d25
Source: FindProcDLL.dll.0.dr	Static PE information: real checksum: 0x0 should be: 0xf1e2
Source: System.dll.0.dr	Static PE information: real checksum: 0x0 should be: 0x82fd
Source: nsExec.dll.0.dr	Static PE information: real checksum: 0x0 should be: 0xc5ea
Source: uninst.exe.0.dr	Static PE information: real checksum: 0x2c6f39c should be: 0x6a125
Source: douwan-virtualaud32.dll.0.dr	Static PE information: real checksum: 0x0 should be: 0x5f3e6
Source: avformat-58.dll.0.dr	Static PE information: real checksum: 0x0 should be: 0xacaca
Source: douwan-virtualaud64.dll.0.dr	Static PE information: real checksum: 0x0 should be: 0x72f39
Source: InstallOptions.dll.0.dr	Static PE information: real checksum: 0x0 should be: 0xf13f

PE file contains sections with non-standard names

Source: Qt5Core.dll.0.dr	Static PE information: section name: .qtmimed
Source: SDL2.dll.0.dr	Static PE information: section name: .xdata
Source: adb.exe.0.dr	Static PE information: section name: .buildid
Source: adb.exe.0.dr	Static PE information: section name: .gcc_exc
Source: qsvgicon.dll.0.dr	Static PE information: section name: .qtmetad
Source: qgif.dll.0.dr	Static PE information: section name: .qtmetad
Source: qicns.dll.0.dr	Static PE information: section name: .qtmetad
Source: qico.dll.0.dr	Static PE information: section name: .qtmetad
Source: qjpeg.dll.0.dr	Static PE information: section name: .qtmetad
Source: qpdf.dll.0.dr	Static PE information: section name: .qtmetad
Source: qsvg.dll.0.dr	Static PE information: section name: .qtmetad
Source: qtga.dll.0.dr	Static PE information: section name: .qtmetad
Source: qtiff.dll.0.dr	Static PE information: section name: .qtmetad
Source: qwbmp.dll.0.dr	Static PE information: section name: .qtmetad
Source: qwebp.dll.0.dr	Static PE information: section name: .qtmetad
Source: qwindows.dll.0.dr	Static PE information: section name: .qtmetad
Source: qwindowsvistastyle.dll.0.dr	Static PE information: section name: .qtmetad
Source: douwan.dll.0.dr	Static PE information: section name: _RDATA
Source: libyuv.dll.0.dr	Static PE information: section name: .00cfg
Source: libyuv.dll.0.dr	Static PE information: section name: .gehcont
Source: libyuv.dll.0.dr	Static PE information: section name: .gxfg
Source: libyuv.dll.0.dr	Static PE information: section name: .voltbl
Source: libyuv.dll.0.dr	Static PE information: section name: _RDATA
Source: opengl32sw.dll.0.dr	Static PE information: section name: _RDATA
Source: vcam.dll.0.dr	Static PE information: section name: _RDATA
Source: vcruntime140.dll.0.dr	Static PE information: section name: _RDATA
Source: zlib.dll.0.dr	Static PE information: section name: .xdata
Source: zlib.dll.0.dr	Static PE information: section name: /4
Source: zlib.dll.0.dr	Static PE information: section name: /19
Source: zlib.dll.0.dr	Static PE information: section name: /31
Source: zlib.dll.0.dr	Static PE information: section name: /45
Source: zlib.dll.0.dr	Static PE information: section name: /57
Source: zlib.dll.0.dr	Static PE information: section name: /70
Source: zlib.dll.0.dr	Static PE information: section name: /81
Source: zlib.dll.0.dr	Static PE information: section name: /92
Source: douwan-virtualcam64.dll.0.dr	Static PE information: section name: _RDATA
Source: qgenericbearer.dll.0.dr	Static PE information: section name: .qtmetad

Registers a DLL

Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe

Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /i /s "C:\Program Files\douwan\VCam\douwan-virtualcam32.dll"

Uses code obfuscation techniques (call, push, ret)

Source: C:\Program Files\douwan\DouWan.exe

Code function: 13_2_6AD1844E push rbx; ret

13_2_6AD1844F

Persistence and Installation Behavior

Drops PE files

Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\libairplay.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\msvcp140_1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\msvcp140_codecvt_ids.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\api-ms-win-crt-convert-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\libcrypto-1_1-x64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\avcodec-58.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\iconengines\qsvgicon.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\msvcp120.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\api-ms-win-core-memory-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\api-ms-win-crt-multibyte-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\vcruntime140_1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\SDL2.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\msvcr120.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\api-ms-win-core-debug-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\styles\qwindowsvistastyle.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\Qt5Network.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\api-ms-win-core-timezone-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\mDNSResponder.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\w32-pthreads.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\VCam\douwan-virtualcam64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\api-ms-win-crt-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\bearer\qgenericbearer.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\plugins\64bit\win-wasapi.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\api-ms-win-core-file-l2-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\AdbWinUsbApi.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Users\user\AppData\Local\Temp\nsaFD81.tmp\System.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\api-ms-win-core-errorhandling-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\libEGL.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\api-ms-win-core-namedpipe-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\imageformats\qtiff.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\Qt5Svg.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Users\user\AppData\Local\Temp\nsaFD81.tmp\FindProcDLL.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\AdbWinApi.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\platforms\qwindows.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\api-ms-win-core-file-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\concrt140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\api-ms-win-crt-process-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\api-ms-win-core-handle-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\api-ms-win-core-processthreads-l1-1-1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\api-ms-win-crt-time-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\libGLESv2.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\msvcp140_atomic_wait.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Users\user\AppData\Local\Temp\nsaFD81.tmp\nsExec.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\api-ms-win-crt-conio-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\api-ms-win-crt-locale-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\swscale-5.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\adb.exe	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\douwan.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\d3dcompiler_47.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\Qt5Gui.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\imageformats\qgif.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\ucrtbase.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\api-ms-win-crt-private-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\Qt5Core.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\api-ms-win-core-datetime-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\VCam\douwan-virtualcam32.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\api-ms-win-core-file-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\api-ms-win-crt-runtime-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\api-ms-win-crt-utility-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\api-ms-win-core-console-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\plugins\64bit\xindawn-audio.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\api-ms-win-core-localization-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\api-ms-win-core-util-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\api-ms-win-core-profile-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\imageformats\qwebp.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\imageformats\qwbmp.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\VCam\douwan-virtualaud32.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\api-ms-win-core-processenvironment-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\douwan\DouWan.exe	File created: C:\Users\user\AppData\Local\Temp\libusbK.sys	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Users\user\AppData\Local\Temp\nsaFD81.tmp\InstallOptions.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\api-ms-win-core-processthreads-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\imageformats\qpdf.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\libyuv.dll	Jump to dropped file
Source: C:\Program Files\douwan\DouWan.exe	File created: C:\Users\user\AppData\Local\Temp\winusbcoinstaller2.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\VCam\douwan-virtualaud64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\api-ms-win-crt-stdio-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\api-ms-win-crt-filesystem-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\vcam.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\DouWan.exe	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\api-ms-win-core-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\uninst.exe	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\api-ms-win-crt-math-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\swresample-3.dll	Jump to dropped file
Source: C:\Program Files\douwan\DouWan.exe	File created: C:\Users\user\AppData\Local\Temp\libusb0.sys	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\api-ms-win-core-synch-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\api-ms-win-crt-environment-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\imageformats\qsvg.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\api-ms-win-core-interlocked-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\imageformats\qico.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\vccorlib140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\api-ms-win-core-rtlsupport-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\msvcrt.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\api-ms-win-core-string-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\libssl-1_1-x64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\opengl32sw.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\zlib.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\imageformats\qtga.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\imageformats\qjpeg.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\d3dx9_43.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\imageformats\qicns.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\api-ms-win-core-sysinfo-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\douwanaudio.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\Qt5Widgets.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\plugins\64bit\xindawn-output.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\avutil-56.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\api-ms-win-crt-string-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\msvcp140_2.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\updater.exe	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\avformat-58.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\api-ms-win-core-libraryloader-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\api-ms-win-core-synch-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\AirPlayInput.dll	Jump to dropped file

Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\EndUserLicenseAgreement.rtf			Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\EndUserLicenseAgreement.rtf			Jump to behavior

Boot Survival

Stores files to the Windows start menu directory

Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DouWan	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DouWan\DouWan.lnk	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DouWan\Uninstall DouWan.lnk	Jump to behavior

Hooking and other Techniques for Hiding and Protection

Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Query firmware table information (likely to detect VMs)

Source: C:\Program Files\douwan\DouWan.exe	System information queried: FirmwareTableInformation			Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	System information queried: FirmwareTableInformation			Jump to behavior

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\api-ms-win-crt-private-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\msvcp140_codecvt_ids.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\api-ms-win-crt-convert-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\api-ms-win-core-datetime-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\VCam\douwan-virtualcam32.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\api-ms-win-core-file-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\api-ms-win-crt-runtime-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\api-ms-win-crt-utility-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\iconengines\qsvgicon.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\msvcp120.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\api-ms-win-core-console-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\api-ms-win-core-localization-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\api-ms-win-crt-multibyte-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\api-ms-win-core-memory-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\plugins\64bit\xindawn-audio.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\msvcr120.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\api-ms-win-core-util-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\api-ms-win-core-debug-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\styles\qwindowsvistastyle.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\api-ms-win-core-profile-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\imageformats\qwebp.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\imageformats\qwbmp.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\api-ms-win-core-timezone-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\VCam\douwan-virtualcam64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\api-ms-win-crt-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\bearer\qgenericbearer.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\VCam\douwan-virtualaud32.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\plugins\64bit\win-wasapi.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\api-ms-win-core-processenvironment-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\douwan\DouWan.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\libusbK.sys	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\api-ms-win-core-file-l2-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\AdbWinUsbApi.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\api-ms-win-core-processthreads-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsaFD81.tmp\InstallOptions.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsaFD81.tmp\System.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\api-ms-win-core-errorhandling-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\imageformats\qpdf.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\libEGL.dll	Jump to dropped file
Source: C:\Program Files\douwan\DouWan.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\winusbcoinstaller2.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\VCam\douwan-virtualaud64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\api-ms-win-crt-stdio-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\api-ms-win-crt-filesystem-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\api-ms-win-core-namedpipe-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\imageformats\qtiff.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\api-ms-win-core-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\uninst.exe	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsaFD81.tmp\FindProcDLL.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\api-ms-win-crt-math-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\douwan\DouWan.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\libusb0.sys	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\AdbWinApi.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\platforms\qwindows.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\api-ms-win-core-synch-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\api-ms-win-core-file-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\concrt140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\api-ms-win-crt-environment-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\imageformats\qsvg.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\api-ms-win-core-interlocked-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\api-ms-win-crt-process-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\imageformats\qico.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\vccorlib140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\api-ms-win-core-rtlsupport-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\api-ms-win-core-handle-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\api-ms-win-core-processthreads-l1-1-1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\libssl-1_1-x64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\api-ms-win-core-string-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\opengl32sw.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\api-ms-win-crt-time-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\imageformats\qtga.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\libGLESv2.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\msvcp140_atomic_wait.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\api-ms-win-crt-conio-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsaFD81.tmp\nsExec.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\api-ms-win-crt-locale-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\imageformats\qjpeg.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\adb.exe	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\imageformats\qicns.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\api-ms-win-core-sysinfo-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\plugins\64bit\xindawn-output.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\api-ms-win-crt-string-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\msvcp140_2.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\updater.exe	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\d3dcompiler_47.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\api-ms-win-core-libraryloader-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\api-ms-win-core-synch-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\imageformats\qgif.dll	Jump to dropped file

Queries disk information (often used to detect virtual machines)

Source: C:\Program Files\douwan\DouWan.exe

File opened: PhysicalDrive0

Jump to behavior

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Source: C:\Windows\System32\wbem\WMIC.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UUID FROM Win32_ComputerSystemProduct

Sample execution stops while process was sleeping (likely an evasion)

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File Volume queried: C:\Program Files FullSizeInformation			Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File Volume queried: C:\Program Files FullSizeInformation			Jump to behavior

Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Code function: 0_2_00406739 FindFirstFileW,FindClose,	0_2_00406739
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Code function: 0_2_00405AED GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,	0_2_00405AED
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Code function: 0_2_00402902 FindFirstFileW,	0_2_00402902

Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2022852168.0000000002837000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware, Inc.
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2022852168.0000000002837000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: LLVMX86_FP80TypeKind
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2022852168.0000000002837000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: invalid PARAM usage_mesa_symbol_table_push_scope_mesa_symbol_table_add_global_symbol_mesa_symbol_table_add_symbolARB_ARB_position_invariantexpfog_linearexp2nicestprecision_hint_draw_buffersfastestfragment_coord_fragment_program_shadowpixel_center_integerorigin_upper_leftATI_fatal flex scanner internal error--no action foundfatal error - scanner input buffer overflowfatal flex scanner internal error--end of buffer missedout of dynamic memory in yy_get_next_buffer()input in flex scanner failedout of dynamic memory in _mesa_program_lexer__create_buffer()flex scanner push-back overflowout of dynamic memory in _mesa_program_lexer__scan_buffer()out of dynamic memory in _mesa_program_lexer_ensure_buffer_stack()bad buffer in _mesa_program_lexer__scan_bytes()out of dynamic memory in _mesa_program_lexer__scan_bytes()_mesa_program_lexer_set_column called with no buffer_mesa_program_lexer_set_lineno called with no bufferVMware, Inc.SOFTPIPE_USE_LLVMUnexpected PIPE_CAP %d query
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2022852168.0000000002837000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: t2t1dst0t3dst2dst1dst3LLVMVoidTypeKindLLVMDoubleTypeKindLLVMFloatTypeKindLLVMFP128TypeKindLLVMX86_FP80TypeKindLLVMLabelTypeKindLLVMPPC_FP128TypeKindLLVMFunctionTypeKindLLVMIntegerTypeKindLLVMArrayTypeKindLLVMStructTypeKindLLVMVectorTypeKindLLVMPointerTypeKindunknown LLVMTypeKindLLVMMetadataTypeKindVector [%u] of %s
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMWare, Inc.
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1935438601.000000000539F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: .?AVQEmulationPaintEngine@@

Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe

API call chain: ExitProcess graph end node

Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Program Files\douwan\DouWan.exe

Code function: 13_2_00007FFDF8354A60 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

13_2_00007FFDF8354A60

Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_6AD13D30 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	13_2_6AD13D30
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF8354A60 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	13_2_00007FFDF8354A60
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF8354BAC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	13_2_00007FFDF8354BAC
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF83B30D4 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	13_2_00007FFDF83B30D4
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF83B3220 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	13_2_00007FFDF83B3220

HIPS / PFW / Operating System Protection Evasion

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Process created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall add rule name="DouWan" dir=in action=allow program="C:\Program Files\douwan\DouWan.exe"			Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get uuid			Jump to behavior

Language, Device and Operating System Detection

Queries information about the installed CPU (vendor, model number etc)

Source: C:\Program Files\douwan\DouWan.exe

Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0

Jump to behavior

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Queries volume information: C:\Program Files\douwan\platforms\qwindows.dll VolumeInformation	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Queries volume information: C:\Program Files\douwan\styles\qwindowsvistastyle.dll VolumeInformation	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Queries volume information: C:\Program Files\douwan\bearer\qgenericbearer.dll VolumeInformation	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Queries volume information: C:\Program Files\douwan\Qt5Network.dll VolumeInformation	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Queries volume information: C:\Program Files\douwan\Qt5Network.dll VolumeInformation	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Queries volume information: C:\Program Files\douwan\Qt5Network.dll VolumeInformation	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Queries volume information: C:\Program Files\douwan\imageformats\qgif.dll VolumeInformation	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Queries volume information: C:\Program Files\douwan\imageformats\qicns.dll VolumeInformation	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Queries volume information: C:\Program Files\douwan\imageformats\qico.dll VolumeInformation	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Queries volume information: C:\Program Files\douwan\imageformats\qjpeg.dll VolumeInformation	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Queries volume information: C:\Program Files\douwan\imageformats\qpdf.dll VolumeInformation	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Queries volume information: C:\Program Files\douwan\imageformats\qtga.dll VolumeInformation	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Queries volume information: C:\Program Files\douwan\imageformats\qwbmp.dll VolumeInformation	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Queries volume information: C:\Program Files\douwan\iconengines\qsvgicon.dll VolumeInformation	Jump to behavior

Source: C:\Program Files\douwan\DouWan.exe

Code function: 13_2_6AD13C50 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,

13_2_6AD13C50

Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe

0_2_0040348F

Source: C:\Program Files\douwan\DouWan.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Lowering of HIPS / PFW / Operating System Security Settings

Modifies the windows firewall

Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe

Process created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall add rule name="DouWan" dir=in action=allow program="C:\Program Files\douwan\DouWan.exe"

Uses netsh to modify the Windows network and firewall settings

Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe

Process created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall add rule name="DouWan" dir=in action=allow program="C:\Program Files\douwan\DouWan.exe"

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
47.104.158.224	usbserver.douwan.video	China	37963	CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
101.200.59.29	api.douwan.video	China	37963	CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd	false

Private

IP
192.168.2.4
127.0.0.1

Contacted Domains

Name	IP	Active
usbserver.douwan.video	47.104.158.224	true
api.douwan.video	101.200.59.29	true

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://api.douwan.video/v1/app/getMessage?uuid=w61f0b7401cce31b61af8ef16887023fb&softversion=4.3.0.3&limituse=1&language=en-us&lang=en	false	Avira URL Cloud: safe	unknown
https://api.douwan.video/v1/app/checkVersion?uuid=w61f0b7401cce31b61af8ef16887023fb&softversion=4.3.0.3&limituse=1&language=en-us&lang=en	false	Avira URL Cloud: safe	unknown

Cryptography

Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1898729932.000000000276E000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: -----BEGIN PUBLIC KEY-----

memstr_c6108e29-5

Privilege Escalation

EXE planting / hijacking vulnerabilities found

Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe

EXE: netsh.exe

Jump to behavior

Compliance

EXE planting / hijacking vulnerabilities found

Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe

EXE: netsh.exe

Jump to behavior

Uses 32bit PE files

Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe

Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\AdbWinApi.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\AdbWinUsbApi.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\AirPlayInput.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\DouWan.exe	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\EndUserLicenseAgreement.rtf	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\Qt5Core.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\Qt5Gui.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\Qt5Network.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\Qt5Svg.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\Qt5Widgets.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\SDL2.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\SoftwareLicence.txt	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\adb.exe	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-console-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-datetime-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-debug-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-errorhandling-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-file-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-file-l1-2-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-file-l2-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-handle-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-heap-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-interlocked-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-libraryloader-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-localization-l1-2-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-memory-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-namedpipe-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-processenvironment-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-processthreads-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-processthreads-l1-1-1.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-profile-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-rtlsupport-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-string-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-synch-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-synch-l1-2-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-sysinfo-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-timezone-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-util-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-crt-conio-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-crt-convert-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-crt-environment-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-crt-filesystem-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-crt-heap-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-crt-locale-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-crt-math-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-crt-multibyte-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-crt-private-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-crt-process-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-crt-runtime-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-crt-stdio-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-crt-string-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-crt-time-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-crt-utility-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\avcodec-58.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\avformat-58.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\avutil-56.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\concrt140.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\d3dcompiler_47.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\d3dx9_43.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\douwan.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\douwanaudio.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\libEGL.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\libGLESv2.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\libairplay.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\libcrypto-1_1-x64.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\libssl-1_1-x64.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\libyuv.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\mDNSResponder.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\msvcp120.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\msvcp140.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\msvcp140_1.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\msvcp140_2.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\msvcp140_atomic_wait.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\msvcp140_codecvt_ids.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\msvcr120.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\msvcrt.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\opengl32sw.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\swresample-3.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\swscale-5.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\ucrtbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\updater.exe	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\vcam.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\vccorlib140.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\vcruntime140_1.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\w32-pthreads.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\zlib.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\VCam	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\VCam\default.png	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\VCam\default_p.png	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\VCam\douwan-virtualaud32.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\VCam\douwan-virtualaud64.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\VCam\douwan-virtualcam32.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\VCam\douwan-virtualcam64.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\bearer	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\bearer\qgenericbearer.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\dashboard.css	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\dashboard.html	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\icon	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\icon\details.svg	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\icon\edit.svg	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\icon\group.svg	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\js	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\js\DlgDeviceGroupEditor.min.js	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\js\DlgDevicePreview.min.js	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\js\DlgGroupEditor.min.js	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\js\api.min.js	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\js\app.min.js	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\js\deviceGrid.min.js	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\js\deviceGridItem.min.js	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\js\deviceGroupServ.min.js	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\js\deviceServ.min.js	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\js\ws.min.js	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\vendors	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\vendors\eleTree	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\vendors\eleTree\CORS	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\vendors\eleTree\eleTree.js	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\vendors\eleTree\css	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\vendors\eleTree\css\icon.css	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\vendors\eleTree\fonts	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\vendors\eleTree\fonts\eletree_icon.eot	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\vendors\eleTree\fonts\eletree_icon.svg	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\vendors\eleTree\fonts\eletree_icon.ttf	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\vendors\eleTree\fonts\eletree_icon.woff	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\vendors\eleTree\images	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\vendors\eleTree\images\checkFull.png	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\vendors\eleTree\images\checkHalf.png	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\vendors\eleTree\images\checkNone.png	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\vendors\eleTree\images\dropdownOff.png	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\vendors\eleTree\images\dropdownOn.png	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\vendors\eleTree\images\fold.jpg	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\vendors\eleTree\images\fold.png	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\vendors\eleTree\images\leaf.jpg	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\vendors\eleTree\images\leaf.png	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\vendors\eleTree\images\radioCheck.png	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\vendors\eleTree\images\radioCheckNone.png	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\iconengines	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\iconengines\qsvgicon.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\imageformats	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\imageformats\qgif.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\imageformats\qicns.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\imageformats\qico.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\imageformats\qjpeg.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\imageformats\qpdf.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\imageformats\qsvg.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\imageformats\qtga.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\imageformats\qtiff.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\imageformats\qwbmp.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\imageformats\qwebp.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\platforms	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\platforms\qwindows.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\plugins	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\plugins\64bit	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\plugins\64bit\win-wasapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\plugins\64bit\xindawn-audio.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\plugins\64bit\xindawn-output.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\restful	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\restful\api.html	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\restful\api.js	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\restful\help.html	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\styles	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\styles\qwindowsvistastyle.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations\qt_ar.qm	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations\qt_bg.qm	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations\qt_ca.qm	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations\qt_cs.qm	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations\qt_da.qm	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations\qt_de.qm	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations\qt_en.qm	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations\qt_es.qm	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations\qt_fi.qm	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations\qt_fr.qm	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations\qt_gd.qm	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations\qt_he.qm	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations\qt_hu.qm	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations\qt_it.qm	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations\qt_ja.qm	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations\qt_ko.qm	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations\qt_lv.qm	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations\qt_pl.qm	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations\qt_ru.qm	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations\qt_sk.qm	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations\qt_tr.qm	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations\qt_uk.qm	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations\qt_zh_TW.qm	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\uninst.exe	Jump to behavior

Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\EndUserLicenseAgreement.rtf			Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\EndUserLicenseAgreement.rtf			Jump to behavior

Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe

Static PE information: certificate valid

Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.4:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 173.222.162.32:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.31.73:443 -> 192.168.2.4:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.4:49758 version: TLS 1.2

Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1973926819.0000000002765000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtsvg\plugins\imageformats\qsvg.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2063026937.0000000002762000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d3dx9_43.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1987242741.000000000276E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ucrtbase.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2026176484.0000000002765000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-file-l1-2-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1954389433.000000000276E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qico.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2059564165.0000000002769000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-debug-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1952159816.0000000002763000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Dev\XindawnGit\qtscrcpy\win_updater\bin\x64\Release\Updater.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2027026799.000000000276D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: msvcrt.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2009613605.000000000276C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Network.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1937267938.0000000002768000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1966796857.0000000002767000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: z:\projects\libusb-win32-stage\ddk_make\output\amd64\install-filter.pdbH source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1969876451.000000000276B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\a01\_work\2\s\\binaries\amd64ret\bin\amd64\\msvcp140_1.amd64.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2005869200.0000000002763000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: z:\svnmain\googlecode\usb-travis\trunk\libusbk\bin\sys\amd64\libusbK.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\bearer\qgenericbearer.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2036460974.000000000276B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\Android\libairplay\iRecorder\src\main\cpp\build-64\LibAirPlay\Release\libairplay.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1997876465.0000000002762000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: z:\projects\libusb-win32-stage\ddk_make\output\amd64\install-filter.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-heap-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1956289930.000000000539F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtsvg\lib\Qt5Svg.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1938693832.0000000002769000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1969291087.0000000002766000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\work\mesa\git\mesa\build\windows-x86_64\gallium\targets\libgl-gdi\opengl32.pdbu source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2022852168.0000000002837000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qwebp.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2067024729.000000000276D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qico.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2059564165.0000000002769000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\a01\_work\2\s\\binaries\amd64ret\bin\amd64\\concrt140.amd64.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1981616576.0000000002769000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1960125828.000000000276C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-console-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1950528544.000000000539F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\a01\_work\2\s\\binaries\amd64ret\bin\amd64\\msvcp140_atomic_wait.amd64.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2007148156.000000000276C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-private-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1972586201.0000000002762000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: msvcr120.amd64.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2008620374.0000000002763000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: z:\svnmain\googlecode\usb-travis\trunk\libusbk\bin\dll\amd64\libusbK.pdbH source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Gui.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1935438601.000000000539F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\a01\_work\2\s\\binaries\amd64ret\bin\amd64\\msvcp140_2.amd64.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2006507143.0000000002765000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-profile-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1961200502.000000000276D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-time-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1975555251.0000000002764000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qtiff.pdbBB source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2065331964.000000000276A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: z:\svnmain\googlecode\usb-travis\trunk\libusbk\bin\dll\amd64\libusbK.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-handle-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1955770091.000000000276C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: sfxcab.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Core.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1930517129.0000000002BE0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qgif.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2058236702.0000000002767000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1959537310.0000000002766000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qtga.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2064503548.000000000276A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: F:\Temp\openssl-1.1.1g\libcrypto-1_1-x64.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2000530367.0000000002768000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-localization-l1-2-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1958028208.0000000002763000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1960704021.0000000002764000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qicns.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2058945176.000000000276B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-multibyte-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1971962294.000000000539F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\qtscrcpy-new-new\output\win\x64\release\DouWan.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1961731915.0000000002767000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\Android\libairplay\iRecorder\src\main\cpp\build-64\LibAirPlay\Release\libairplay.pdb} source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1997876465.0000000002762000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-process-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1973073432.000000000276A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Dev\XindawnGit\ffmpeg\build_sdk-win-x64-clvs2017\libswscale\swscale-5.pdb''' source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2025081385.000000000276D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\work\mesa\git\mesa\build\windows-x86_64\gallium\targets\libgl-gdi\opengl32.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2022852168.0000000002837000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Z:\airparrot-windows\dependencies\mdnsresponder\mDNSResponder\mDNSWindows\SystemService\x64\Release\mDNSResponder.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2003555293.000000000276E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\platforms\qwindows.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2068735910.000000000276E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\a01\_work\2\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2029501912.0000000002768000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\libEGL.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1991642582.0000000002765000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MT /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2000530367.0000000002768000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1970380215.000000000276E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-string-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1975064291.0000000002767000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1970961082.0000000002767000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: z:\projects\libusb-win32-stage\ddk_make\output\i386\install-filter.pdbp source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: z:\projects\libusb-win32-stage\ddk_make\output\amd64\libusb0.pdbH source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtsvg\plugins\iconengines\qsvgicon.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2057603547.000000000276B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: F:\Temp\openssl-1.1.1g\libssl-1_1-x64.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2001723181.000000000276B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\a01\_work\2\s\\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2005336941.0000000002766000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: `OTHER`TEMP`PACKED<%s return value>internal error: failed to write debug data to pdb streaminternal error: failed to add section contributioninternal warning: PDB Error string is "%S"internal error: failed to close debug infointernal error: failed to close PDBinternal error: failed to open PDB for writing in streaminternal error: failed to create debug info in PDBinternal error: failed to add code section to debug infointernal error: failed to add module to debug infointernal error: failed to create type info in PDBinternal error: failed to create inline type info in PDBinternal error: failed to create source file store in PDBinternal error: failed to close source file store in PDBinternal error: failed to close module in debug infointernal error: failed to commit type info in PDBinternal error: failed to commit inline type info in PDBinternal error: failed to add section header to debug infointernal error: failed to append section header to pdbinternal error: failed to close section header in debug infointernal error: failed to close debug info in PDBinternal error: failed to commit PDBinternal error: PDB data too largeinternal error: PDB stream truncatedinternal error: failed to close source file storeinternal error: failed to close type infointernal error: pdb append failedfxl_4_0too many arguments to target TXtoo many outputs to target TXclip not supported in texture shadersinvalid reference to input semantic '%s%d'invalid reference to output semantic '%s%d'0123456789abcdef.pdbVPosSV_ViewportArrayIndexColorFailed to log error, redirecting to debug output: source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1985016363.0000000002768000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-memory-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1958336058.0000000002760000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: z:\projects\libusb-win32-stage\ddk_make\output\amd64\libusb0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1974462657.0000000002768000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\a01\_work\2\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2028977593.000000000276B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Dev\XindawnGit\ffmpeg\build_sdk-win-x64-clvs2017\libswscale\swscale-5.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2025081385.000000000276D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-util-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1967927887.000000000539F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: msvcp120.amd64.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2004495885.0000000002763000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-synch-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1963965499.000000000276E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Dev\XindawnGit\ffmpeg\build_sdk-win-x64-clvs2017\libavutil\avutil-56.pdbggg source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1980844814.0000000002763000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1952925751.0000000002769000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-file-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1953634392.0000000002768000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\bearer\qgenericbearer.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2036460974.000000000276B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Core.pdbT source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1930517129.0000000002BE0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D3DCompiler_47.pdbGCTL source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1985016363.0000000002768000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1968718763.000000000276B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qjpeg.pdbRR source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2060362109.00000000027C9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtsvg\lib\Qt5Svg.pdb** source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1938693832.0000000002769000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ucrtbase.pdbUGP source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2026176484.0000000002765000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\libGLESv2.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1994133238.0000000002767000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: z:\svnmain\googlecode\usb-travis\trunk\libusbk\bin\dll\i386\libusbK.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d3dx9_43.pdbH source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1987242741.000000000276E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qtiff.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2065331964.000000000276A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Dev\XindawnGit\ffmpeg\build_sdk-win-x64-clvs2017\libavformat\avformat-58.pdb{{{ source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1980040599.000000000276B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1951145726.0000000002764000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1968211264.0000000002760000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: z:\projects\libusb-win32-stage\ddk_make\output\i386\libusb0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-math-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1971477190.0000000002765000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: F:\Temp\openssl-1.1.1g\libcrypto-1_1-x64.pdbj source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2000530367.0000000002768000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: z:\projects\libusb-win32-stage\ddk_make\output\i386\install-filter.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\libGLESv2.pdb2 source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1994133238.0000000002767000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1975833286.0000000002760000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D3DCompiler_47.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1985016363.0000000002768000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Dev\XindawnGit\ffmpeg\build_sdk-win-x64-clvs2017\libavutil\avutil-56.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1980844814.0000000002763000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1967370015.000000000539F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-string-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1962649521.0000000002769000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-file-l2-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1954930161.0000000002769000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\hudun\AirPlayInput\x64\Release\AirPlayInput.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1898729932.000000000276E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1957395280.0000000002763000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\SDK\Qt\5.15.2\Src\qtwebengine\build_x64\plugins\imageformats\qpdf.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2061092199.000000000276D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MT /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1g 21 Apr 2020built on: Tue Apr 21 14:24:00 2020 UTCplatform: VC-WIN64A-rttOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2000530367.0000000002768000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Widgets.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1945133125.0000000002763000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Dev\XindawnGit\ffmpeg\build_sdk-win-x64-clvs2017\libavformat\avformat-58.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1980040599.000000000276B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: z:\projects\libusb-win32-stage\ddk_make\output\i386\libusb0.pdbP source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qjpeg.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2060362109.00000000027C9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qwbmp.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2066028695.0000000002766000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\a01\_work\2\s\\binaries\amd64ret\bin\amd64\\msvcp140_codecvt_ids.amd64.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2007460777.0000000002760000.00000004.00000020.00020000.00000000.sdmp

Spreading

Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Code function: 0_2_00406739 FindFirstFileW,FindClose,	0_2_00406739
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Code function: 0_2_00405AED GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,	0_2_00405AED
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Code function: 0_2_00402902 FindFirstFileW,	0_2_00402902

Networking

IP address seen in connection with other malware

Source: Joe Sandbox View

IP Address: 239.255.255.250 239.255.255.250

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4

Uses a known web browser user agent for HTTP communication

Source: global traffic	HTTP traffic detected: POST /v1/app/checkVersion?uuid=w61f0b7401cce31b61af8ef16887023fb&softversion=4.3.0.3&limituse=1&language=en-us&lang=en HTTP/1.1Host: api.douwan.videoContent-Type: application/x-www-form-urlencodedContent-Length: 92Connection: Keep-AliveAccept-Encoding: gzip, deflateAccept-Language: en-CH,*User-Agent: Mozilla/5.0
Source: global traffic	HTTP traffic detected: POST /v1/app/getMessage?uuid=w61f0b7401cce31b61af8ef16887023fb&softversion=4.3.0.3&limituse=1&language=en-us&lang=en HTTP/1.1Host: api.douwan.videoContent-Type: application/x-www-form-urlencodedCookie: airServer=995da025b8a84f29c1aa3ab92d8dcd3fContent-Length: 92Connection: Keep-AliveAccept-Encoding: gzip, deflateAccept-Language: en-CH,*User-Agent: Mozilla/5.0
Source: global traffic	HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: /User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 3592Host: login.live.com
Source: global traffic	HTTP traffic detected: POST /ppsecure/deviceaddcredential.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: /User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 7642Host: login.live.com
Source: global traffic	HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: /User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 3592Host: login.live.com
Source: global traffic	HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: /User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 4775Host: login.live.com
Source: global traffic	HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: /User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 4775Host: login.live.com
Source: global traffic	HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: /User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 4775Host: login.live.com

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 151.101.66.133
Source: unknown	TCP traffic detected without corresponding DNS query: 151.101.130.133
Source: unknown	TCP traffic detected without corresponding DNS query: 151.101.66.133
Source: unknown	TCP traffic detected without corresponding DNS query: 151.101.130.133
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.73
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.73
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.73
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.73

Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=2PgZmmtPrgnHHEs&MD=vwNG4BCV HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=2PgZmmtPrgnHHEs&MD=vwNG4BCV HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1937267938.0000000002768000.00000004.00000020.00020000.00000000.sdmp

Source: global traffic	DNS traffic detected: DNS query: api.douwan.video
Source: global traffic	DNS traffic detected: DNS query: usbserver.douwan.video

Source: unknown

Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1937267938.0000000002768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://bugreports.qt.io/
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1937267938.0000000002768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://bugreports.qt.io/_q_receiveReplyensureClientPrefaceSentMicrosoft-IIS/4.Microsoft-IIS/5.Netsca
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1938693832.0000000002769000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2059564165.0000000002769000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1930517129.0000000002BE0000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1935438601.000000000539F000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2036460974.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2067024729.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2060362109.00000000027C9000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1945133125.0000000002763000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1991642582.0000000002765000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1994133238.0000000002767000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2064503548.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2058236702.0000000002767000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2063026937.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2066028695.0000000002766000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2057603547.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2068735910.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2058945176.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2065331964.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1937267938.0000000002768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceCodeSigningCA-1.crt0
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1938693832.0000000002769000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2059564165.0000000002769000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1930517129.0000000002BE0000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1935438601.000000000539F000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2036460974.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2067024729.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2060362109.00000000027C9000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1945133125.0000000002763000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1991642582.0000000002765000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1994133238.0000000002767000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2064503548.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2058236702.0000000002767000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2063026937.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2066028695.0000000002766000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2057603547.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2068735910.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2058945176.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2065331964.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1937267938.0000000002768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1938693832.0000000002769000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2059564165.0000000002769000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1930517129.0000000002BE0000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1935438601.000000000539F000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2036460974.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2067024729.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2060362109.00000000027C9000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1945133125.0000000002763000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1991642582.0000000002765000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1994133238.0000000002767000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2064503548.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2058236702.0000000002767000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2063026937.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2066028695.0000000002766000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2057603547.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2068735910.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2058945176.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2065331964.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1937267938.0000000002768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2001723181.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2000530367.0000000002768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.certum.pl/cscasha2.crl0q
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2001723181.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2000530367.0000000002768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.certum.pl/ctnca.crl0k
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1946757341.0000000002768000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2003555293.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1991137382.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1980844814.0000000002763000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2035023796.0000000002767000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2025081385.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2035809160.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2027026799.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1990132241.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1898729932.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2069552452.0000000002765000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2027698850.0000000002764000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2070158162.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2022852168.0000000002837000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2030065014.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2070785688.000000000276C000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2002612781.0000000002768000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1997876465.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2030842122.0000000002761000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.com/ca/gstsacasha384g4.crl0
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1946757341.0000000002768000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2003555293.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1991137382.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1980844814.0000000002763000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2025081385.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2027026799.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1990132241.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1898729932.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2069552452.0000000002765000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2027698850.0000000002764000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2070158162.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2022852168.0000000002837000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2030065014.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2070785688.000000000276C000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2002612781.0000000002768000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1997876465.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2030842122.0000000002761000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0U
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2035023796.0000000002767000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2035809160.000000000276A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.com/gsextendcodesignsha2g3.crl0
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1946757341.0000000002768000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2003555293.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1991137382.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1980844814.0000000002763000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2025081385.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2027026799.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1990132241.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1898729932.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2069552452.0000000002765000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2027698850.0000000002764000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2070158162.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2022852168.0000000002837000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2030065014.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2070785688.000000000276C000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2002612781.0000000002768000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1997876465.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2030842122.0000000002761000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1946757341.0000000002768000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2003555293.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1991137382.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1980844814.0000000002763000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2025081385.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2027026799.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1990132241.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1898729932.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2069552452.0000000002765000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2027698850.0000000002764000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2070158162.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2022852168.0000000002837000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2030065014.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2070785688.000000000276C000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2002612781.0000000002768000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1997876465.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2030842122.0000000002761000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2035023796.0000000002767000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2035809160.000000000276A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.com/root-r3.crl0b
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1946757341.0000000002768000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2003555293.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1991137382.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1980844814.0000000002763000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2035023796.0000000002767000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2025081385.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2035809160.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2027026799.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1990132241.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1898729932.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2069552452.0000000002765000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2027698850.0000000002764000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2070158162.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2022852168.0000000002837000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2030065014.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2070785688.000000000276C000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2002612781.0000000002768000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1997876465.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2030842122.0000000002761000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.com/root-r6.crl0G
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1946757341.0000000002768000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2003555293.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1991137382.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1980844814.0000000002763000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2035023796.0000000002767000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2025081385.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2035809160.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2027026799.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1990132241.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1898729932.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2069552452.0000000002765000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2027698850.0000000002764000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2070158162.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2022852168.0000000002837000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2030065014.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2070785688.000000000276C000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2002612781.0000000002768000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1997876465.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2030842122.0000000002761000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.com/root.crl0G
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/ObjectSign.crl0
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/Root.crl0
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/Timestamping1.crl0
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/primobject.crl0N
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/root.crl0
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2001723181.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2000530367.0000000002768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1938693832.0000000002769000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2059564165.0000000002769000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1930517129.0000000002BE0000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1935438601.000000000539F000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2036460974.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2067024729.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2060362109.00000000027C9000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1945133125.0000000002763000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1991642582.0000000002765000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1994133238.0000000002767000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2064503548.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2058236702.0000000002767000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2063026937.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2066028695.0000000002766000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2057603547.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2068735910.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2058945176.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2065331964.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1937267938.0000000002768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1938693832.0000000002769000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2059564165.0000000002769000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1930517129.0000000002BE0000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1935438601.000000000539F000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2036460974.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2067024729.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2060362109.00000000027C9000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1945133125.0000000002763000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1991642582.0000000002765000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1994133238.0000000002767000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2064503548.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2058236702.0000000002767000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2063026937.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2066028695.0000000002766000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2057603547.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2068735910.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2058945176.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2065331964.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1937267938.0000000002768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/ha-cs-2011a.crl0.
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1938693832.0000000002769000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2059564165.0000000002769000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1930517129.0000000002BE0000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1935438601.000000000539F000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2036460974.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2067024729.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2060362109.00000000027C9000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1945133125.0000000002763000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1991642582.0000000002765000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1994133238.0000000002767000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2064503548.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2058236702.0000000002767000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2063026937.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2066028695.0000000002766000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2057603547.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2068735910.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2058945176.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2065331964.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1937267938.0000000002768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1938693832.0000000002769000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2059564165.0000000002769000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1930517129.0000000002BE0000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1935438601.000000000539F000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2036460974.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2067024729.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2060362109.00000000027C9000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1945133125.0000000002763000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1991642582.0000000002765000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1994133238.0000000002767000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2064503548.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2058236702.0000000002767000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2063026937.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2066028695.0000000002766000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2057603547.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2068735910.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2058945176.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2065331964.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1937267938.0000000002768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1938693832.0000000002769000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2059564165.0000000002769000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1930517129.0000000002BE0000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1935438601.000000000539F000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2036460974.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2067024729.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2060362109.00000000027C9000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1945133125.0000000002763000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1991642582.0000000002765000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1994133238.0000000002767000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2064503548.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2058236702.0000000002767000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2063026937.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2066028695.0000000002766000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2057603547.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2068735910.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2058945176.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2065331964.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1937267938.0000000002768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/ha-cs-2011a.crl0B
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1938693832.0000000002769000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2059564165.0000000002769000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1930517129.0000000002BE0000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1935438601.000000000539F000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2036460974.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2067024729.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2060362109.00000000027C9000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1945133125.0000000002763000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1991642582.0000000002765000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1994133238.0000000002767000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2064503548.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2058236702.0000000002767000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2063026937.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2066028695.0000000002766000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2057603547.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2068735910.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2058945176.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2065331964.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1937267938.0000000002768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1938693832.0000000002769000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2059564165.0000000002769000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1930517129.0000000002BE0000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1935438601.000000000539F000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2036460974.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2067024729.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2060362109.00000000027C9000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1945133125.0000000002763000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1991642582.0000000002765000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1994133238.0000000002767000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2064503548.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2058236702.0000000002767000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2063026937.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2066028695.0000000002766000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2057603547.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2068735910.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2058945176.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2065331964.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1937267938.0000000002768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2001723181.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2000530367.0000000002768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cscasha2.ocsp-certum.com04
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1949855131.000000000276E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://developer.android.com/tools/device.html
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1949855131.000000000276E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://developer.android.com/tools/device.htmlinsufficient
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://fsf.org/
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://libusb-win32.sourceforge.net
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://libusb-win32.sourceforge.netN
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://libusb-win32.sourceforge.netb
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://libusb-win32.sourceforge.netd
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1949855131.000000000276E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://libusb.info
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://libwdi-cps.akeo.ie
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://libwdi.akeo.ie1.3.6.1.5.5.7.2.1http://libwdi-cps.akeo.ieCryptEncodeObjectCreateSelfSignedCert
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2022852168.0000000002837000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://llvm.org/):
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2099682729.0000000003551000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000000.1749727484.000000000040A000.00000008.00000001.01000000.00000003.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000002.2149538277.000000000040A000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0A
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1938693832.0000000002769000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2059564165.0000000002769000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1930517129.0000000002BE0000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1935438601.000000000539F000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2036460974.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2067024729.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2060362109.00000000027C9000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1945133125.0000000002763000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1991642582.0000000002765000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1994133238.0000000002767000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2064503548.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2058236702.0000000002767000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2063026937.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2066028695.0000000002766000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2057603547.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2068735910.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2058945176.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2065331964.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1937267938.0000000002768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0C
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0I
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1938693832.0000000002769000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2059564165.0000000002769000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1930517129.0000000002BE0000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1935438601.000000000539F000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2036460974.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2067024729.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2060362109.00000000027C9000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1945133125.0000000002763000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1991642582.0000000002765000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1994133238.0000000002767000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2064503548.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2058236702.0000000002767000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2063026937.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2066028695.0000000002766000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2057603547.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2068735910.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2058945176.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2065331964.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1937267938.0000000002768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0N
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1938693832.0000000002769000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2059564165.0000000002769000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1930517129.0000000002BE0000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1935438601.000000000539F000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2036460974.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2067024729.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2060362109.00000000027C9000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1945133125.0000000002763000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1991642582.0000000002765000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1994133238.0000000002767000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2064503548.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2058236702.0000000002767000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2063026937.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2066028695.0000000002766000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2057603547.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2068735910.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2058945176.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2065331964.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1937267938.0000000002768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0O
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0P
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1946757341.0000000002768000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2003555293.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1991137382.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1980844814.0000000002763000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2035023796.0000000002767000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2025081385.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2035809160.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2027026799.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1990132241.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1898729932.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2069552452.0000000002765000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2027698850.0000000002764000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2070158162.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2022852168.0000000002837000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2030065014.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2070785688.000000000276C000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2002612781.0000000002768000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1997876465.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2030842122.0000000002761000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.globalsign.com/ca/gstsacasha384g40C
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1946757341.0000000002768000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2003555293.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1991137382.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1980844814.0000000002763000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2025081385.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2027026799.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1990132241.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1898729932.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2069552452.0000000002765000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2027698850.0000000002764000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2070158162.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2022852168.0000000002837000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2030065014.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2070785688.000000000276C000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2002612781.0000000002768000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1997876465.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2030842122.0000000002761000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1946757341.0000000002768000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2003555293.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1991137382.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1980844814.0000000002763000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2025081385.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2027026799.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1990132241.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1898729932.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2069552452.0000000002765000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2027698850.0000000002764000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2070158162.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2022852168.0000000002837000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2030065014.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2070785688.000000000276C000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2002612781.0000000002768000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1997876465.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2030842122.0000000002761000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.globalsign.com/gsgccr45evcodesignca20200U
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1946757341.0000000002768000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2003555293.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1991137382.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1980844814.0000000002763000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2035023796.0000000002767000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2025081385.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2035809160.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2027026799.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1990132241.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1898729932.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2069552452.0000000002765000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2027698850.0000000002764000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2070158162.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2022852168.0000000002837000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2030065014.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2070785688.000000000276C000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2002612781.0000000002768000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1997876465.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2030842122.0000000002761000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.globalsign.com/rootr103
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1946757341.0000000002768000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2003555293.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1991137382.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1980844814.0000000002763000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2025081385.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2027026799.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1990132241.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1898729932.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2069552452.0000000002765000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2027698850.0000000002764000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2070158162.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2022852168.0000000002837000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2030065014.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2070785688.000000000276C000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2002612781.0000000002768000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1997876465.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2030842122.0000000002761000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.globalsign.com/rootr30;
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2001723181.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2000530367.0000000002768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.thawte.com0
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2035023796.0000000002767000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2035809160.000000000276A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp2.globalsign.com/gsextendcodesignsha2g30U
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2035023796.0000000002767000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2035809160.000000000276A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp2.globalsign.com/rootr306
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1946757341.0000000002768000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2003555293.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1991137382.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1980844814.0000000002763000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2035023796.0000000002767000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2025081385.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2035809160.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2027026799.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1990132241.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1898729932.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2069552452.0000000002765000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2027698850.0000000002764000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2070158162.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2022852168.0000000002837000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2030065014.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2070785688.000000000276C000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2002612781.0000000002768000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1997876465.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2030842122.0000000002761000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp2.globalsign.com/rootr606
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2089440667.0000000002762000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qt-project.org/
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2089440667.0000000002762000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qt.io/
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2089440667.0000000002762000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qt.io/licensing/
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2001723181.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2000530367.0000000002768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://repository.certum.pl/cscasha2.cer0
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2001723181.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2000530367.0000000002768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://repository.certum.pl/ctnca.cer09
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2001723181.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2000530367.0000000002768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s.symcb.com/universal-root.crl0
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2001723181.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2000530367.0000000002768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s.symcd.com06
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1997876465.0000000002762000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1997876465.0000000002762000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/encodingStyle(res
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1997876465.0000000002762000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1997876465.0000000002762000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/(res
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1946757341.0000000002768000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2003555293.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1991137382.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1980844814.0000000002763000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2025081385.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2027026799.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1990132241.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1898729932.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2069552452.0000000002765000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2027698850.0000000002764000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2070158162.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2022852168.0000000002837000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2030065014.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2070785688.000000000276C000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2002612781.0000000002768000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1997876465.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2030842122.0000000002761000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2035023796.0000000002767000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2035809160.000000000276A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://secure.globalsign.com/cacert/gsextendcodesignsha2g3ocsp.crt0
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1946757341.0000000002768000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2003555293.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1991137382.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1980844814.0000000002763000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2025081385.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2027026799.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1990132241.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1898729932.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2069552452.0000000002765000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2027698850.0000000002764000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2070158162.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2022852168.0000000002837000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2030065014.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2070785688.000000000276C000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2002612781.0000000002768000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1997876465.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2030842122.0000000002761000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1946757341.0000000002768000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2003555293.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1991137382.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1980844814.0000000002763000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2035023796.0000000002767000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2025081385.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2035809160.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2027026799.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1990132241.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1898729932.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2069552452.0000000002765000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2027698850.0000000002764000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2070158162.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2022852168.0000000002837000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2030065014.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2070785688.000000000276C000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2002612781.0000000002768000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1997876465.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2030842122.0000000002761000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://secure.globalsign.com/cacert/gstsacasha384g4.crt0
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1946757341.0000000002768000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2003555293.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1991137382.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1980844814.0000000002763000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2025081385.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2027026799.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1990132241.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1898729932.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2069552452.0000000002765000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2027698850.0000000002764000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2070158162.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2022852168.0000000002837000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2030065014.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2070785688.000000000276C000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2002612781.0000000002768000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1997876465.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2030842122.0000000002761000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://secure.globalsign.com/cacert/root-r3.crt06
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://secure.globalsign.net/cacert/ObjectSign.crt09
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://secure.globalsign.net/cacert/PrimObject.crt0
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://sensics.com/osvr
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2001723181.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2000530367.0000000002768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://subca.ocsp-certum.com01
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2001723181.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2000530367.0000000002768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2001723181.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2000530367.0000000002768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2001723181.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2000530367.0000000002768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2001723181.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2000530367.0000000002768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2001723181.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2000530367.0000000002768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2001723181.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2000530367.0000000002768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-ocsp.ws.symantec.com0;
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1935438601.000000000539F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/id/
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1997876465.0000000002762000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2001723181.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2000530367.0000000002768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.certum.pl/CPS0
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1935438601.000000000539F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.color.org)
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1997876465.0000000002762000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.dns-sd.org/ServiceTypes.html
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.globalsign.net/repository/0
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.globalsign.net/repository/03
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.globalsign.net/repository09
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.gnu.org/licenses/
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.gnu.org/philosophy/why-not-lgpl.html
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1937267938.0000000002768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.phreedom.org/md5)
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1937267938.0000000002768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.phreedom.org/md5)08:27
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1997876465.0000000002762000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.plutinosoft.com
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1997876465.0000000002762000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.plutinosoft.com/blog/projects/platinum
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1997876465.0000000002762000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.plutinosoft.com/blog/projects/platinumDMR-1.50urn:schemas-upnp-org:metadata-1-0/AVT/urn:u
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1997876465.0000000002762000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.plutinosoft.comDevice
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2030842122.0000000002761000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.zlib.net/D
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2022852168.0000000002837000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bugs.freedesktop.org/enter_bug.cgi?product=Mesa
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2039883635.0000000002769000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.staticfile.org/axios/1.4.0/axios.min.js
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2039883635.0000000002769000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.staticfile.org/layui/2.8.11/css/layui.min.css
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2039883635.0000000002769000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.staticfile.org/layui/2.8.11/layui.js
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2072473118.0000000002768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.staticfile.org/layui/2.8.3/css/layui.min.css
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2072473118.0000000002768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.staticfile.org/layui/2.8.3/layui.js
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.freescale.com/message/493287#493287
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2001723181.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2000530367.0000000002768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d.symcb.com/cps0%
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2001723181.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2000530367.0000000002768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d.symcb.com/rpa0
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2001723181.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2000530367.0000000002768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d.symcb.com/rpa0.
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000002.2149947105.0000000000591000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1752250340.0000000002767000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1925391754.000000000276E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://douwan.video/compatibility
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1960046524.00000000005CD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://douwan.video/compatibility.html
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000002.2149947105.0000000000591000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1752250340.0000000002767000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://douwan.videoPublisher
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2047407200.0000000002762000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/hsiangleev/eleTree.git
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1980844814.0000000002763000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://streams.videolan.org/upload/
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2001723181.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2000530367.0000000002768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.certum.pl/CPS0
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1938693832.0000000002769000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2059564165.0000000002769000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1930517129.0000000002BE0000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1935438601.000000000539F000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2036460974.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2067024729.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2060362109.00000000027C9000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1945133125.0000000002763000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1991642582.0000000002765000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1994133238.0000000002767000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2064503548.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2058236702.0000000002767000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2063026937.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2066028695.0000000002766000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2057603547.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2068735910.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2058945176.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2065331964.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1937267938.0000000002768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.digicert.com/CPS0
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1997876465.0000000002762000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.douwan.video
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1997876465.0000000002762000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.douwan.video/
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1997876465.0000000002762000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.douwan.video/https://www.douwan.video
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1946757341.0000000002768000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2003555293.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1991137382.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1980844814.0000000002763000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2035023796.0000000002767000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2025081385.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2035809160.000000000276A000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2027026799.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1990132241.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1898729932.000000000276E000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2069552452.0000000002765000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2027698850.0000000002764000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2070158162.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2022852168.0000000002837000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2030065014.000000000276D000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2070785688.000000000276C000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2002612781.0000000002768000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1997876465.0000000002762000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2030842122.0000000002761000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.globalsign.com/repository/0
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2001723181.000000000276B000.00000004.00000020.00020000.00000000.sdmp, DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2000530367.0000000002768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.openssl.org/H
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1997876465.0000000002762000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.openssl.org/docs/faq.html
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1997876465.0000000002762000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://xindawn.douwan.video/
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1997876465.0000000002762000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://xindawn.douwan.video/0000000012345678TEST

Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443

Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.4:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 173.222.162.32:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.31.73:443 -> 192.168.2.4:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.4:49758 version: TLS 1.2

Key, Mouse, Clipboard, Microphone and Screen Capturing

Contains functionality for read data from the clipboard

Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe

0_2_00405582

Installs a raw input device (often for capturing keystrokes)

Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1946757341.0000000002768000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: GetRawInputData

memstr_393c1d4b-b

Yara detected Keylogger Generic

Source: Yara match

File source: Process Memory Space: DouWan-Video-Setup-En-4.3.0.3-x64.exe PID: 6552, type: MEMORYSTR

System Summary

Contains functionality to shutdown / reboot the system

Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe

0_2_0040348F

Creates driver files

Source: C:\Program Files\douwan\DouWan.exe

File created: C:\Users\user\AppData\Local\Temp\libusb0.sys

Jump to behavior

Detected potential crypto function

Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Code function: 0_2_00406AFA	0_2_00406AFA
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_665A96B0	13_2_665A96B0
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_6AD02285	13_2_6AD02285
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_6AD03B22	13_2_6AD03B22
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_6AD0BC8D	13_2_6AD0BC8D
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_6AD01CA2	13_2_6AD01CA2
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF83380A0	13_2_00007FFDF83380A0
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF83130C0	13_2_00007FFDF83130C0
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF832B8D0	13_2_00007FFDF832B8D0
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF833F060	13_2_00007FFDF833F060
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF832D890	13_2_00007FFDF832D890
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF82FA0A0	13_2_00007FFDF82FA0A0
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF8316130	13_2_00007FFDF8316130
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF830D140	13_2_00007FFDF830D140
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF8323950	13_2_00007FFDF8323950
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF834E0F0	13_2_00007FFDF834E0F0
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF833E110	13_2_00007FFDF833E110
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF834F9A0	13_2_00007FFDF834F9A0
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF83521B0	13_2_00007FFDF83521B0
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF83399D0	13_2_00007FFDF83399D0
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF834A1D0	13_2_00007FFDF834A1D0
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF82F2960	13_2_00007FFDF82F2960
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF8349980	13_2_00007FFDF8349980
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF8313190	13_2_00007FFDF8313190
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF8309A20	13_2_00007FFDF8309A20
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF830A220	13_2_00007FFDF830A220
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF82F7A10	13_2_00007FFDF82F7A10
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF8341230	13_2_00007FFDF8341230
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF8334A50	13_2_00007FFDF8334A50
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF83389E0	13_2_00007FFDF83389E0
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF83449E0	13_2_00007FFDF83449E0
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF82F6A50	13_2_00007FFDF82F6A50
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF83439F0	13_2_00007FFDF83439F0
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF8309200	13_2_00007FFDF8309200
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF83432A0	13_2_00007FFDF83432A0
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF83482A0	13_2_00007FFDF83482A0
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF8348AB0	13_2_00007FFDF8348AB0
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF83072C0	13_2_00007FFDF83072C0
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF832FA90	13_2_00007FFDF832FA90
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF8320A90	13_2_00007FFDF8320A90
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF8324290	13_2_00007FFDF8324290
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF8345350	13_2_00007FFDF8345350
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF8344310	13_2_00007FFDF8344310
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF8306B70	13_2_00007FFDF8306B70
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF830BB80	13_2_00007FFDF830BB80
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF8339390	13_2_00007FFDF8339390
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF83213F0	13_2_00007FFDF83213F0
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF83253F0	13_2_00007FFDF83253F0
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF8306440	13_2_00007FFDF8306440
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF830EC60	13_2_00007FFDF830EC60
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF8305CD0	13_2_00007FFDF8305CD0
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF831C480	13_2_00007FFDF831C480
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF8351490	13_2_00007FFDF8351490
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF8344520	13_2_00007FFDF8344520
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF831D530	13_2_00007FFDF831D530
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF8330540	13_2_00007FFDF8330540
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF8321D40	13_2_00007FFDF8321D40
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF8325D40	13_2_00007FFDF8325D40
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF83354E0	13_2_00007FFDF83354E0
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF833BCF0	13_2_00007FFDF833BCF0
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF8336CF0	13_2_00007FFDF8336CF0
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF831CCF0	13_2_00007FFDF831CCF0
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF82F7D40	13_2_00007FFDF82F7D40
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF833DDB0	13_2_00007FFDF833DDB0
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF831DDB0	13_2_00007FFDF831DDB0
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF830FDC0	13_2_00007FFDF830FDC0
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF8342D60	13_2_00007FFDF8342D60
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF834AD60	13_2_00007FFDF834AD60
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF8309570	13_2_00007FFDF8309570
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF833A620	13_2_00007FFDF833A620
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF832F630	13_2_00007FFDF832F630
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF8343650	13_2_00007FFDF8343650
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF8308DF0	13_2_00007FFDF8308DF0
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF8315E10	13_2_00007FFDF8315E10
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF83226A0	13_2_00007FFDF83226A0
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF82F7680	13_2_00007FFDF82F7680
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF831E6C0	13_2_00007FFDF831E6C0
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF82F9660	13_2_00007FFDF82F9660
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF832CE60	13_2_00007FFDF832CE60
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF82F1EC0	13_2_00007FFDF82F1EC0
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF82FB6B0	13_2_00007FFDF82FB6B0
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF83A58A0	13_2_00007FFDF83A58A0
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF83908B0	13_2_00007FFDF83908B0
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF83830D0	13_2_00007FFDF83830D0
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF839F880	13_2_00007FFDF839F880
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF83A6090	13_2_00007FFDF83A6090
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF83AB9C0	13_2_00007FFDF83AB9C0
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF8382A60	13_2_00007FFDF8382A60
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF83992F0	13_2_00007FFDF83992F0

Found potential string decryption / allocating functions

Source: C:\Program Files\douwan\DouWan.exe	Code function: String function: 665B5C00 appears 63 times
Source: C:\Program Files\douwan\DouWan.exe	Code function: String function: 00007FFDF8395B40 appears 91 times

One or more processes crash

Source: C:\Windows\System32\conhost.exe

Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 488 -p 6016 -ip 6016

PE file contains executable resources (Code or Archives)

Source: ucrtbase.dll.0.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: winusbcoinstaller2.dll.13.dr	Static PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, Microsoft Standalone Update, 256987 bytes, 4 files, at 0x44 +A "WSUSSCAN.cab" +A "Windows6.0-KB971286-x64.cab", flags 0x4, number 1, extra bytes 20 in head, 9 datablocks, 0x1 compression
Source: winusbcoinstaller2.dll.13.dr	Static PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows

PE file contains more sections than normal

Source: zlib.dll.0.dr	Static PE information: Number of sections : 20 > 10
Source: libyuv.dll.0.dr	Static PE information: Number of sections : 11 > 10
Source: SDL2.dll.0.dr	Static PE information: Number of sections : 12 > 10

PE file does not import any functions

Source: api-ms-win-core-interlocked-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-processenvironment-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-util-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-private-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-console-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-process-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-timezone-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l2-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-debug-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-string-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-localization-l1-2-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-profile-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-datetime-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-math-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-locale-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-time-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-namedpipe-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-2-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-sysinfo-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-libraryloader-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-heap-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-environment-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-stdio-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-errorhandling-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-handle-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-2-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-1.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-utility-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-filesystem-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-multibyte-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-rtlsupport-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-conio-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-heap-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-convert-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-runtime-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-string-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-memory-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found

Sample file is different than original file name gathered from version info

Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1946757341.0000000002768000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSDL2.dllR vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2061092199.000000000276D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqpdf.dll( vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1974462657.0000000002768000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1938693832.0000000002769000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameQt5Svg.dll( vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2003555293.000000000276E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamemDNSResponder.exe0 vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2059564165.0000000002769000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqico.dll( vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1970961082.0000000002767000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1930517129.0000000002BE0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameQt5Core.dll( vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1967927887.000000000539F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1935438601.000000000539F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameQt5Gui.dll( vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1950528544.000000000539F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2036460974.000000000276B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqgenericbearer.dll( vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2067024729.000000000276D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqwebp.dll( vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1975833286.0000000002760000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2026176484.0000000002765000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameucrtbase.dllj% vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2060362109.00000000027C9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqjpeg.dll( vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1966796857.0000000002767000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1952159816.0000000002763000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1960704021.0000000002764000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1975555251.0000000002764000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1945133125.0000000002763000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameQt5Widgets.dll( vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2008620374.0000000002763000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamemsvcr120.dll^ vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2035023796.0000000002767000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameDouWan-VcamD vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2001723181.000000000276B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamelibsslH vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2005869200.0000000002763000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamemsvcp140_1.dllT vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2029501912.0000000002768000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamevcruntime140_1.dllT vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1991642582.0000000002765000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamelibEGL.dll. vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1971477190.0000000002765000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1994133238.0000000002767000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamelibGLESv2.dll4 vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2064503548.000000000276A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqtga.dll( vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2058236702.0000000002767000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqgif.dll( vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2063026937.0000000002762000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqsvg.dll( vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1980040599.000000000276B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: WM/OriginalFilename vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1980040599.000000000276B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: WM/AlbumArtistalbum_artistWM/AlbumTitlealbumAuthorartistDescriptioncommentWM/ComposercomposerWM/EncodedByencoded_byWM/EncodingSettingsencoderWM/GenregenreWM/LanguagelanguageWM/OriginalFilenamefilenameWM/PartOfSetdiscWM/PublisherpublisherWM/ToolWM/TrackNumbertrackWM/MediaStationCallSignservice_providerWM/MediaStationNameservice_name vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1962649521.0000000002769000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1969291087.0000000002766000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2007148156.0000000002776000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamemsvcp140_atomic_wait.dllT vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2006507143.0000000002765000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamemsvcp140_2.dllT vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2007460777.0000000002760000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamemsvcp140_codecvt_ids.dllT vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2066028695.0000000002766000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqwbmp.dll( vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2035809160.000000000276A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameDouWan-VcamD vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2027026799.000000000276D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameUpdater.exe> vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1957395280.0000000002763000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1975064291.0000000002767000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2000530367.0000000002768000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamelibcryptoH vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1961200502.000000000276D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2005336941.0000000002766000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamemsvcp140.dllT vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2057603547.000000000276B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqsvgicon.dll( vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1968718763.000000000276B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1958028208.0000000002763000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1958336058.0000000002760000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2028977593.000000000276B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamevcruntime140.dllT vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1951145726.0000000002764000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2068735910.000000000276E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqwindows.dll( vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1967370015.000000000539F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1953634392.0000000002768000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1954389433.000000000276E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1959537310.0000000002766000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1972586201.0000000002762000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2058945176.000000000276B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqicns.dll( vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2004495885.0000000002763000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamemsvcp120.dll^ vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1968211264.0000000002760000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1956289930.000000000539F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1981616576.0000000002769000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameconcrt140.dllT vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2009613605.000000000276C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamemsvcrt.dllj% vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1973073432.000000000276A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1973926819.0000000002765000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2065331964.000000000276A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqtiff.dll( vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSFXCAB.EXEj% vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameWUDF_UPDATE_PACKAGE_NAME.dllj% vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamelibusb0.dllF vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameinstall-filter.exe\ vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamelibusb0.sysZ vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamelibusbK.sys8 vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamelibusbK.dll8 vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1955770091.000000000276C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1970380215.000000000276E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1961731915.0000000002767000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1960125828.000000000276C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1971962294.000000000539F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1937267938.0000000002768000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameQt5Network.dll( vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1963965499.000000000276E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1954930161.0000000002769000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1969876451.000000000276B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2030842122.0000000002761000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamezlib1.dll* vs DouWan-Video-Setup-En-4.3.0.3-x64.exe
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1952925751.0000000002769000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs DouWan-Video-Setup-En-4.3.0.3-x64.exe

Uses 32bit PE files

Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: Qt5Core.dll.0.dr	Static PE information: Section: .qtmimed ZLIB complexity 0.997458770800317
Source: adb.exe.0.dr	Static PE information: Section: .data ZLIB complexity 0.989382571585903

Source: classification engine

Classification label: sus26.evad.winEXE@24/194@2/5

Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe

0_2_0040348F

Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe

Code function: 0_2_00404822 GetDlgItem,SetWindowTextW,SHAutoComplete,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceExW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,

0_2_00404822

Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe

Code function: 0_2_004021A2 CoCreateInstance,

0_2_004021A2

Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe

File created: C:\Program Files\douwan

Jump to behavior

Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DouWan

Jump to behavior

Source: C:\Program Files\douwan\DouWan.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4520:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5820:120:WilError_03
Source: C:\Program Files\douwan\DouWan.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\wdi_destroy_list
Source: C:\Program Files\douwan\DouWan.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\wdi_create_list
Source: C:\Windows\System32\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6016
Source: C:\Program Files\douwan\DouWan.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\wdi_register_logger

Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe

File created: C:\Users\user\AppData\Local\Temp\nsfFCB5.tmp

Jump to behavior

Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe

File read: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe "C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe"
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Process created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall add rule name="DouWan" dir=in action=allow program="C:\Program Files\douwan\DouWan.exe"
Source: C:\Windows\SysWOW64\netsh.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /i /s "C:\Program Files\douwan\VCam\douwan-virtualcam32.dll"
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /i /s "C:\Program Files\douwan\VCam\douwan-virtualaud32.dll"
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /i /s "C:\Program Files\douwan\VCam\douwan-virtualcam64.dll"
Source: C:\Windows\SysWOW64\regsvr32.exe	Process created: C:\Windows\System32\regsvr32.exe /i /s "C:\Program Files\douwan\VCam\douwan-virtualcam64.dll"
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /i /s "C:\Program Files\douwan\VCam\douwan-virtualaud64.dll"
Source: C:\Windows\SysWOW64\regsvr32.exe	Process created: C:\Windows\System32\regsvr32.exe /i /s "C:\Program Files\douwan\VCam\douwan-virtualaud64.dll"
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Process created: C:\Program Files\douwan\DouWan.exe "C:\Program Files\douwan\DouWan.exe"
Source: C:\Program Files\douwan\DouWan.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get uuid
Source: C:\Windows\System32\wbem\WMIC.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\conhost.exe	Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 488 -p 6016 -ip 6016
Source: C:\Program Files\douwan\DouWan.exe	Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 6016 -s 3156
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Process created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall add rule name="DouWan" dir=in action=allow program="C:\Program Files\douwan\DouWan.exe"	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /i /s "C:\Program Files\douwan\VCam\douwan-virtualcam32.dll"	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /i /s "C:\Program Files\douwan\VCam\douwan-virtualaud32.dll"	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /i /s "C:\Program Files\douwan\VCam\douwan-virtualcam64.dll"	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /i /s "C:\Program Files\douwan\VCam\douwan-virtualaud64.dll"	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Process created: C:\Program Files\douwan\DouWan.exe "C:\Program Files\douwan\DouWan.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Process created: C:\Windows\System32\regsvr32.exe /i /s "C:\Program Files\douwan\VCam\douwan-virtualcam64.dll"	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Process created: C:\Windows\System32\regsvr32.exe /i /s "C:\Program Files\douwan\VCam\douwan-virtualaud64.dll"	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get uuid	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process created: unknown unknown

Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: ifmon.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: mprapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: rasmontr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: mfc42u.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: authfwcfg.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: fwpolicyiomgr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: firewallapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: fwbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: dhcpcmonitor.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: dot3cfg.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: dot3api.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: onex.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: eappcfg.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: eappprxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: fwcfg.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: hnetmon.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: netshell.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: netsetupapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: netiohlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: nshhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: httpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: nshipsec.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: activeds.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: polstore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: winipsec.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: adsldpc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: adsldpc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: nshwfp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: p2pnetsh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: p2p.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: rpcnsh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: whhelper.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: wlancfg.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: wlanapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: wshelper.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: wevtapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: peerdistsh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: wcmapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: rmclient.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: mobilenetworking.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: ktmw32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: mprmsg.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: quartz.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: devenum.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: quartz.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: devenum.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: quartz.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: devenum.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: vcruntime140_1.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: quartz.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: devenum.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: avformat-58.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: avcodec-58.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: avutil-56.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: swresample-3.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: libairplay.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: vcam.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: sdl2.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: libyuv.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: qt5widgets.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: qt5gui.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: qt5network.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: qt5core.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: wlanapi.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: opengl32.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: d3d9.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: d3dx9_43.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: douwanaudio.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: vcruntime140_1.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: avutil-56.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: mfplat.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: qt5core.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: vcruntime140_1.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: qt5core.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: msvcp140_1.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: vcruntime140_1.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: qt5core.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: vcruntime140_1.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: vcruntime140_1.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: msvcp140_1.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: vcruntime140_1.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: douwan.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: glu32.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: w32-pthreads.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: swscale-5.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: zlib.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: rtworkq.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: quserex.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: appxdeploymentclient.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: netprofm.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: npmproxy.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: libcrypto-1_1-x64.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: mmdevapi.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: avrt.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: wscapi.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: airplayinput.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: windows.devices.radios.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: windows.devices.bluetooth.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: windows.networking.hostname.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: windows.networking.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: biwinrt.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: windows.networking.connectivity.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: firewallapi.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: fwbase.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: mdnsresponder.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: capabilityaccessmanagerclient.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: cryptdll.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: windows.devices.enumeration.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: structuredquery.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: windows.globalization.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: bcp47mrm.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: icu.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: mswb7.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: devdispitemprovider.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: qt5pdf.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: qt5svg.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: dataexchange.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: framedynos.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: msxml6.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: vcruntime140.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: vcruntime140_1.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: vbscript.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: sxs.dll

Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

Jump to behavior

Source: DouWan.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\douwan\DouWan.exe
Source: DouWan.lnk0.0.dr	LNK file: ..\..\..\Program Files\douwan\DouWan.exe
Source: Uninstall DouWan.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\douwan\uninst.exe

Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe

File written: C:\Users\user\AppData\Local\Temp\nsaFD81.tmp\ioSpecial.ini

Jump to behavior

Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Automated click: Next >
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Automated click: I accept the terms of the License Agreement
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Automated click: Next >
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Automated click: Install

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe

Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\AdbWinApi.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\AdbWinUsbApi.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\AirPlayInput.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\DouWan.exe	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\EndUserLicenseAgreement.rtf	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\Qt5Core.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\Qt5Gui.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\Qt5Network.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\Qt5Svg.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\Qt5Widgets.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\SDL2.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\SoftwareLicence.txt	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\adb.exe	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-console-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-datetime-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-debug-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-errorhandling-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-file-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-file-l1-2-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-file-l2-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-handle-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-heap-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-interlocked-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-libraryloader-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-localization-l1-2-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-memory-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-namedpipe-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-processenvironment-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-processthreads-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-processthreads-l1-1-1.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-profile-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-rtlsupport-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-string-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-synch-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-synch-l1-2-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-sysinfo-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-timezone-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-core-util-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-crt-conio-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-crt-convert-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-crt-environment-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-crt-filesystem-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-crt-heap-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-crt-locale-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-crt-math-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-crt-multibyte-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-crt-private-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-crt-process-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-crt-runtime-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-crt-stdio-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-crt-string-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-crt-time-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\api-ms-win-crt-utility-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\avcodec-58.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\avformat-58.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\avutil-56.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\concrt140.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\d3dcompiler_47.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\d3dx9_43.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\douwan.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\douwanaudio.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\libEGL.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\libGLESv2.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\libairplay.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\libcrypto-1_1-x64.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\libssl-1_1-x64.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\libyuv.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\mDNSResponder.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\msvcp120.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\msvcp140.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\msvcp140_1.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\msvcp140_2.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\msvcp140_atomic_wait.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\msvcp140_codecvt_ids.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\msvcr120.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\msvcrt.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\opengl32sw.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\swresample-3.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\swscale-5.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\ucrtbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\updater.exe	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\vcam.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\vccorlib140.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\vcruntime140_1.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\w32-pthreads.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\zlib.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\VCam	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\VCam\default.png	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\VCam\default_p.png	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\VCam\douwan-virtualaud32.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\VCam\douwan-virtualaud64.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\VCam\douwan-virtualcam32.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\VCam\douwan-virtualcam64.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\bearer	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\bearer\qgenericbearer.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\dashboard.css	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\dashboard.html	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\icon	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\icon\details.svg	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\icon\edit.svg	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\icon\group.svg	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\js	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\js\DlgDeviceGroupEditor.min.js	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\js\DlgDevicePreview.min.js	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\js\DlgGroupEditor.min.js	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\js\api.min.js	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\js\app.min.js	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\js\deviceGrid.min.js	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\js\deviceGridItem.min.js	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\js\deviceGroupServ.min.js	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\js\deviceServ.min.js	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\js\ws.min.js	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\vendors	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\vendors\eleTree	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\vendors\eleTree\CORS	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\vendors\eleTree\eleTree.js	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\vendors\eleTree\css	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\vendors\eleTree\css\icon.css	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\vendors\eleTree\fonts	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\vendors\eleTree\fonts\eletree_icon.eot	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\vendors\eleTree\fonts\eletree_icon.svg	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\vendors\eleTree\fonts\eletree_icon.ttf	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\vendors\eleTree\fonts\eletree_icon.woff	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\vendors\eleTree\images	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\vendors\eleTree\images\checkFull.png	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\vendors\eleTree\images\checkHalf.png	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\vendors\eleTree\images\checkNone.png	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\vendors\eleTree\images\dropdownOff.png	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\vendors\eleTree\images\dropdownOn.png	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\vendors\eleTree\images\fold.jpg	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\vendors\eleTree\images\fold.png	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\vendors\eleTree\images\leaf.jpg	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\vendors\eleTree\images\leaf.png	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\vendors\eleTree\images\radioCheck.png	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\dashboard\vendors\eleTree\images\radioCheckNone.png	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\iconengines	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\iconengines\qsvgicon.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\imageformats	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\imageformats\qgif.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\imageformats\qicns.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\imageformats\qico.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\imageformats\qjpeg.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\imageformats\qpdf.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\imageformats\qsvg.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\imageformats\qtga.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\imageformats\qtiff.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\imageformats\qwbmp.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\imageformats\qwebp.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\platforms	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\platforms\qwindows.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\plugins	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\plugins\64bit	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\plugins\64bit\win-wasapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\plugins\64bit\xindawn-audio.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\plugins\64bit\xindawn-output.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\restful	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\restful\api.html	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\restful\api.js	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\restful\help.html	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\styles	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\styles\qwindowsvistastyle.dll	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations\qt_ar.qm	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations\qt_bg.qm	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations\qt_ca.qm	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations\qt_cs.qm	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations\qt_da.qm	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations\qt_de.qm	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations\qt_en.qm	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations\qt_es.qm	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations\qt_fi.qm	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations\qt_fr.qm	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations\qt_gd.qm	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations\qt_he.qm	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations\qt_hu.qm	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations\qt_it.qm	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations\qt_ja.qm	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations\qt_ko.qm	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations\qt_lv.qm	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations\qt_pl.qm	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations\qt_ru.qm	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations\qt_sk.qm	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations\qt_tr.qm	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations\qt_uk.qm	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\translations\qt_zh_TW.qm	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Directory created: C:\Program Files\douwan\uninst.exe	Jump to behavior

Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe

Static PE information: certificate valid

Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe

Static file information: File size 46547184 > 1048576

Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1973926819.0000000002765000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtsvg\plugins\imageformats\qsvg.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2063026937.0000000002762000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d3dx9_43.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1987242741.000000000276E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ucrtbase.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2026176484.0000000002765000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-file-l1-2-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1954389433.000000000276E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qico.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2059564165.0000000002769000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-debug-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1952159816.0000000002763000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Dev\XindawnGit\qtscrcpy\win_updater\bin\x64\Release\Updater.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2027026799.000000000276D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: msvcrt.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2009613605.000000000276C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Network.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1937267938.0000000002768000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1966796857.0000000002767000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: z:\projects\libusb-win32-stage\ddk_make\output\amd64\install-filter.pdbH source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1969876451.000000000276B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\a01\_work\2\s\\binaries\amd64ret\bin\amd64\\msvcp140_1.amd64.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2005869200.0000000002763000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: z:\svnmain\googlecode\usb-travis\trunk\libusbk\bin\sys\amd64\libusbK.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\bearer\qgenericbearer.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2036460974.000000000276B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\Android\libairplay\iRecorder\src\main\cpp\build-64\LibAirPlay\Release\libairplay.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1997876465.0000000002762000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: z:\projects\libusb-win32-stage\ddk_make\output\amd64\install-filter.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-heap-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1956289930.000000000539F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtsvg\lib\Qt5Svg.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1938693832.0000000002769000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1969291087.0000000002766000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\work\mesa\git\mesa\build\windows-x86_64\gallium\targets\libgl-gdi\opengl32.pdbu source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2022852168.0000000002837000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qwebp.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2067024729.000000000276D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qico.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2059564165.0000000002769000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\a01\_work\2\s\\binaries\amd64ret\bin\amd64\\concrt140.amd64.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1981616576.0000000002769000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1960125828.000000000276C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-console-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1950528544.000000000539F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\a01\_work\2\s\\binaries\amd64ret\bin\amd64\\msvcp140_atomic_wait.amd64.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2007148156.000000000276C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-private-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1972586201.0000000002762000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: msvcr120.amd64.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2008620374.0000000002763000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: z:\svnmain\googlecode\usb-travis\trunk\libusbk\bin\dll\amd64\libusbK.pdbH source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Gui.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1935438601.000000000539F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\a01\_work\2\s\\binaries\amd64ret\bin\amd64\\msvcp140_2.amd64.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2006507143.0000000002765000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-profile-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1961200502.000000000276D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-time-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1975555251.0000000002764000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qtiff.pdbBB source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2065331964.000000000276A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: z:\svnmain\googlecode\usb-travis\trunk\libusbk\bin\dll\amd64\libusbK.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-handle-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1955770091.000000000276C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: sfxcab.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Core.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1930517129.0000000002BE0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qgif.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2058236702.0000000002767000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1959537310.0000000002766000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qtga.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2064503548.000000000276A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: F:\Temp\openssl-1.1.1g\libcrypto-1_1-x64.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2000530367.0000000002768000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-localization-l1-2-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1958028208.0000000002763000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1960704021.0000000002764000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qicns.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2058945176.000000000276B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-multibyte-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1971962294.000000000539F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\qtscrcpy-new-new\output\win\x64\release\DouWan.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1961731915.0000000002767000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\Android\libairplay\iRecorder\src\main\cpp\build-64\LibAirPlay\Release\libairplay.pdb} source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1997876465.0000000002762000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-process-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1973073432.000000000276A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Dev\XindawnGit\ffmpeg\build_sdk-win-x64-clvs2017\libswscale\swscale-5.pdb''' source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2025081385.000000000276D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\work\mesa\git\mesa\build\windows-x86_64\gallium\targets\libgl-gdi\opengl32.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2022852168.0000000002837000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Z:\airparrot-windows\dependencies\mdnsresponder\mDNSResponder\mDNSWindows\SystemService\x64\Release\mDNSResponder.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2003555293.000000000276E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\platforms\qwindows.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2068735910.000000000276E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\a01\_work\2\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2029501912.0000000002768000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\libEGL.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1991642582.0000000002765000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MT /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2000530367.0000000002768000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1970380215.000000000276E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-string-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1975064291.0000000002767000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1970961082.0000000002767000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: z:\projects\libusb-win32-stage\ddk_make\output\i386\install-filter.pdbp source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: z:\projects\libusb-win32-stage\ddk_make\output\amd64\libusb0.pdbH source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtsvg\plugins\iconengines\qsvgicon.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2057603547.000000000276B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: F:\Temp\openssl-1.1.1g\libssl-1_1-x64.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2001723181.000000000276B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\a01\_work\2\s\\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2005336941.0000000002766000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: `OTHER`TEMP`PACKED<%s return value>internal error: failed to write debug data to pdb streaminternal error: failed to add section contributioninternal warning: PDB Error string is "%S"internal error: failed to close debug infointernal error: failed to close PDBinternal error: failed to open PDB for writing in streaminternal error: failed to create debug info in PDBinternal error: failed to add code section to debug infointernal error: failed to add module to debug infointernal error: failed to create type info in PDBinternal error: failed to create inline type info in PDBinternal error: failed to create source file store in PDBinternal error: failed to close source file store in PDBinternal error: failed to close module in debug infointernal error: failed to commit type info in PDBinternal error: failed to commit inline type info in PDBinternal error: failed to add section header to debug infointernal error: failed to append section header to pdbinternal error: failed to close section header in debug infointernal error: failed to close debug info in PDBinternal error: failed to commit PDBinternal error: PDB data too largeinternal error: PDB stream truncatedinternal error: failed to close source file storeinternal error: failed to close type infointernal error: pdb append failedfxl_4_0too many arguments to target TXtoo many outputs to target TXclip not supported in texture shadersinvalid reference to input semantic '%s%d'invalid reference to output semantic '%s%d'0123456789abcdef.pdbVPosSV_ViewportArrayIndexColorFailed to log error, redirecting to debug output: source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1985016363.0000000002768000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-memory-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1958336058.0000000002760000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: z:\projects\libusb-win32-stage\ddk_make\output\amd64\libusb0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1974462657.0000000002768000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\a01\_work\2\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2028977593.000000000276B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Dev\XindawnGit\ffmpeg\build_sdk-win-x64-clvs2017\libswscale\swscale-5.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2025081385.000000000276D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-util-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1967927887.000000000539F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: msvcp120.amd64.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2004495885.0000000002763000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-synch-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1963965499.000000000276E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Dev\XindawnGit\ffmpeg\build_sdk-win-x64-clvs2017\libavutil\avutil-56.pdbggg source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1980844814.0000000002763000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1952925751.0000000002769000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-file-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1953634392.0000000002768000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\bearer\qgenericbearer.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2036460974.000000000276B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Core.pdbT source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1930517129.0000000002BE0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D3DCompiler_47.pdbGCTL source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1985016363.0000000002768000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1968718763.000000000276B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qjpeg.pdbRR source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2060362109.00000000027C9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtsvg\lib\Qt5Svg.pdb** source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1938693832.0000000002769000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ucrtbase.pdbUGP source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2026176484.0000000002765000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\libGLESv2.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1994133238.0000000002767000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: z:\svnmain\googlecode\usb-travis\trunk\libusbk\bin\dll\i386\libusbK.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d3dx9_43.pdbH source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1987242741.000000000276E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qtiff.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2065331964.000000000276A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Dev\XindawnGit\ffmpeg\build_sdk-win-x64-clvs2017\libavformat\avformat-58.pdb{{{ source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1980040599.000000000276B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1951145726.0000000002764000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1968211264.0000000002760000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: z:\projects\libusb-win32-stage\ddk_make\output\i386\libusb0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-math-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1971477190.0000000002765000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: F:\Temp\openssl-1.1.1g\libcrypto-1_1-x64.pdbj source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2000530367.0000000002768000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: z:\projects\libusb-win32-stage\ddk_make\output\i386\install-filter.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\libGLESv2.pdb2 source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1994133238.0000000002767000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1975833286.0000000002760000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D3DCompiler_47.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1985016363.0000000002768000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Dev\XindawnGit\ffmpeg\build_sdk-win-x64-clvs2017\libavutil\avutil-56.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1980844814.0000000002763000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1967370015.000000000539F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-string-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1962649521.0000000002769000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-file-l2-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1954930161.0000000002769000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\hudun\AirPlayInput\x64\Release\AirPlayInput.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1898729932.000000000276E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1957395280.0000000002763000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\SDK\Qt\5.15.2\Src\qtwebengine\build_x64\plugins\imageformats\qpdf.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2061092199.000000000276D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MT /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1g 21 Apr 2020built on: Tue Apr 21 14:24:00 2020 UTCplatform: VC-WIN64A-rttOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2000530367.0000000002768000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Widgets.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1945133125.0000000002763000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Dev\XindawnGit\ffmpeg\build_sdk-win-x64-clvs2017\libavformat\avformat-58.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1980040599.000000000276B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: z:\projects\libusb-win32-stage\ddk_make\output\i386\libusb0.pdbP source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qjpeg.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2060362109.00000000027C9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qwbmp.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2066028695.0000000002766000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\a01\_work\2\s\\binaries\amd64ret\bin\amd64\\msvcp140_codecvt_ids.amd64.pdb source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2007460777.0000000002760000.00000004.00000020.00020000.00000000.sdmp

Data Obfuscation

Binary contains a suspicious time stamp

Source: msvcrt.dll.0.dr

Static PE information: 0xF5BDEFD7 [Wed Aug 25 08:27:03 2100 UTC]

PE file contains an invalid checksum

Source: qpdf.dll.0.dr	Static PE information: real checksum: 0x0 should be: 0x9d25
Source: FindProcDLL.dll.0.dr	Static PE information: real checksum: 0x0 should be: 0xf1e2
Source: System.dll.0.dr	Static PE information: real checksum: 0x0 should be: 0x82fd
Source: nsExec.dll.0.dr	Static PE information: real checksum: 0x0 should be: 0xc5ea
Source: uninst.exe.0.dr	Static PE information: real checksum: 0x2c6f39c should be: 0x6a125
Source: douwan-virtualaud32.dll.0.dr	Static PE information: real checksum: 0x0 should be: 0x5f3e6
Source: avformat-58.dll.0.dr	Static PE information: real checksum: 0x0 should be: 0xacaca
Source: douwan-virtualaud64.dll.0.dr	Static PE information: real checksum: 0x0 should be: 0x72f39
Source: InstallOptions.dll.0.dr	Static PE information: real checksum: 0x0 should be: 0xf13f

PE file contains sections with non-standard names

Source: Qt5Core.dll.0.dr	Static PE information: section name: .qtmimed
Source: SDL2.dll.0.dr	Static PE information: section name: .xdata
Source: adb.exe.0.dr	Static PE information: section name: .buildid
Source: adb.exe.0.dr	Static PE information: section name: .gcc_exc
Source: qsvgicon.dll.0.dr	Static PE information: section name: .qtmetad
Source: qgif.dll.0.dr	Static PE information: section name: .qtmetad
Source: qicns.dll.0.dr	Static PE information: section name: .qtmetad
Source: qico.dll.0.dr	Static PE information: section name: .qtmetad
Source: qjpeg.dll.0.dr	Static PE information: section name: .qtmetad
Source: qpdf.dll.0.dr	Static PE information: section name: .qtmetad
Source: qsvg.dll.0.dr	Static PE information: section name: .qtmetad
Source: qtga.dll.0.dr	Static PE information: section name: .qtmetad
Source: qtiff.dll.0.dr	Static PE information: section name: .qtmetad
Source: qwbmp.dll.0.dr	Static PE information: section name: .qtmetad
Source: qwebp.dll.0.dr	Static PE information: section name: .qtmetad
Source: qwindows.dll.0.dr	Static PE information: section name: .qtmetad
Source: qwindowsvistastyle.dll.0.dr	Static PE information: section name: .qtmetad
Source: douwan.dll.0.dr	Static PE information: section name: _RDATA
Source: libyuv.dll.0.dr	Static PE information: section name: .00cfg
Source: libyuv.dll.0.dr	Static PE information: section name: .gehcont
Source: libyuv.dll.0.dr	Static PE information: section name: .gxfg
Source: libyuv.dll.0.dr	Static PE information: section name: .voltbl
Source: libyuv.dll.0.dr	Static PE information: section name: _RDATA
Source: opengl32sw.dll.0.dr	Static PE information: section name: _RDATA
Source: vcam.dll.0.dr	Static PE information: section name: _RDATA
Source: vcruntime140.dll.0.dr	Static PE information: section name: _RDATA
Source: zlib.dll.0.dr	Static PE information: section name: .xdata
Source: zlib.dll.0.dr	Static PE information: section name: /4
Source: zlib.dll.0.dr	Static PE information: section name: /19
Source: zlib.dll.0.dr	Static PE information: section name: /31
Source: zlib.dll.0.dr	Static PE information: section name: /45
Source: zlib.dll.0.dr	Static PE information: section name: /57
Source: zlib.dll.0.dr	Static PE information: section name: /70
Source: zlib.dll.0.dr	Static PE information: section name: /81
Source: zlib.dll.0.dr	Static PE information: section name: /92
Source: douwan-virtualcam64.dll.0.dr	Static PE information: section name: _RDATA
Source: qgenericbearer.dll.0.dr	Static PE information: section name: .qtmetad

Registers a DLL

Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe

Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /i /s "C:\Program Files\douwan\VCam\douwan-virtualcam32.dll"

Uses code obfuscation techniques (call, push, ret)

Source: C:\Program Files\douwan\DouWan.exe

Code function: 13_2_6AD1844E push rbx; ret

13_2_6AD1844F

Persistence and Installation Behavior

Drops PE files

Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\libairplay.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\msvcp140_1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\msvcp140_codecvt_ids.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\api-ms-win-crt-convert-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\libcrypto-1_1-x64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\avcodec-58.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\iconengines\qsvgicon.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\msvcp120.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\api-ms-win-core-memory-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\api-ms-win-crt-multibyte-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\vcruntime140_1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\SDL2.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\msvcr120.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\api-ms-win-core-debug-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\styles\qwindowsvistastyle.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\Qt5Network.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\api-ms-win-core-timezone-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\mDNSResponder.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\w32-pthreads.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\VCam\douwan-virtualcam64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\api-ms-win-crt-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\bearer\qgenericbearer.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\plugins\64bit\win-wasapi.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\api-ms-win-core-file-l2-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\AdbWinUsbApi.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Users\user\AppData\Local\Temp\nsaFD81.tmp\System.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\api-ms-win-core-errorhandling-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\libEGL.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\api-ms-win-core-namedpipe-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\imageformats\qtiff.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\Qt5Svg.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Users\user\AppData\Local\Temp\nsaFD81.tmp\FindProcDLL.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\AdbWinApi.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\platforms\qwindows.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\api-ms-win-core-file-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\concrt140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\api-ms-win-crt-process-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\api-ms-win-core-handle-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\api-ms-win-core-processthreads-l1-1-1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\api-ms-win-crt-time-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\libGLESv2.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\msvcp140_atomic_wait.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Users\user\AppData\Local\Temp\nsaFD81.tmp\nsExec.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\api-ms-win-crt-conio-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\api-ms-win-crt-locale-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\swscale-5.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\adb.exe	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\douwan.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\d3dcompiler_47.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\Qt5Gui.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\imageformats\qgif.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\ucrtbase.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\api-ms-win-crt-private-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\Qt5Core.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\api-ms-win-core-datetime-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\VCam\douwan-virtualcam32.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\api-ms-win-core-file-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\api-ms-win-crt-runtime-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\api-ms-win-crt-utility-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\api-ms-win-core-console-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\plugins\64bit\xindawn-audio.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\api-ms-win-core-localization-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\api-ms-win-core-util-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\api-ms-win-core-profile-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\imageformats\qwebp.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\imageformats\qwbmp.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\VCam\douwan-virtualaud32.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\api-ms-win-core-processenvironment-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\douwan\DouWan.exe	File created: C:\Users\user\AppData\Local\Temp\libusbK.sys	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Users\user\AppData\Local\Temp\nsaFD81.tmp\InstallOptions.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\api-ms-win-core-processthreads-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\imageformats\qpdf.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\libyuv.dll	Jump to dropped file
Source: C:\Program Files\douwan\DouWan.exe	File created: C:\Users\user\AppData\Local\Temp\winusbcoinstaller2.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\VCam\douwan-virtualaud64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\api-ms-win-crt-stdio-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\api-ms-win-crt-filesystem-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\vcam.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\DouWan.exe	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\api-ms-win-core-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\uninst.exe	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\api-ms-win-crt-math-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\swresample-3.dll	Jump to dropped file
Source: C:\Program Files\douwan\DouWan.exe	File created: C:\Users\user\AppData\Local\Temp\libusb0.sys	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\api-ms-win-core-synch-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\api-ms-win-crt-environment-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\imageformats\qsvg.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\api-ms-win-core-interlocked-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\imageformats\qico.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\vccorlib140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\api-ms-win-core-rtlsupport-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\msvcrt.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\api-ms-win-core-string-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\libssl-1_1-x64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\opengl32sw.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\zlib.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\imageformats\qtga.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\imageformats\qjpeg.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\d3dx9_43.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\imageformats\qicns.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\api-ms-win-core-sysinfo-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\douwanaudio.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\Qt5Widgets.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\plugins\64bit\xindawn-output.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\avutil-56.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\api-ms-win-crt-string-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\msvcp140_2.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\updater.exe	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\avformat-58.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\api-ms-win-core-libraryloader-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\api-ms-win-core-synch-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\AirPlayInput.dll	Jump to dropped file

Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\EndUserLicenseAgreement.rtf			Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Program Files\douwan\EndUserLicenseAgreement.rtf			Jump to behavior

Boot Survival

Stores files to the Windows start menu directory

Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DouWan	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DouWan\DouWan.lnk	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DouWan\Uninstall DouWan.lnk	Jump to behavior

Hooking and other Techniques for Hiding and Protection

Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Query firmware table information (likely to detect VMs)

Source: C:\Program Files\douwan\DouWan.exe	System information queried: FirmwareTableInformation			Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	System information queried: FirmwareTableInformation			Jump to behavior

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\api-ms-win-crt-private-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\msvcp140_codecvt_ids.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\api-ms-win-crt-convert-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\api-ms-win-core-datetime-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\VCam\douwan-virtualcam32.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\api-ms-win-core-file-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\api-ms-win-crt-runtime-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\api-ms-win-crt-utility-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\iconengines\qsvgicon.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\msvcp120.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\api-ms-win-core-console-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\api-ms-win-core-localization-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\api-ms-win-crt-multibyte-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\api-ms-win-core-memory-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\plugins\64bit\xindawn-audio.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\msvcr120.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\api-ms-win-core-util-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\api-ms-win-core-debug-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\styles\qwindowsvistastyle.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\api-ms-win-core-profile-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\imageformats\qwebp.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\imageformats\qwbmp.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\api-ms-win-core-timezone-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\VCam\douwan-virtualcam64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\api-ms-win-crt-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\bearer\qgenericbearer.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\VCam\douwan-virtualaud32.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\plugins\64bit\win-wasapi.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\api-ms-win-core-processenvironment-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\douwan\DouWan.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\libusbK.sys	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\api-ms-win-core-file-l2-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\AdbWinUsbApi.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\api-ms-win-core-processthreads-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsaFD81.tmp\InstallOptions.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsaFD81.tmp\System.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\api-ms-win-core-errorhandling-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\imageformats\qpdf.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\libEGL.dll	Jump to dropped file
Source: C:\Program Files\douwan\DouWan.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\winusbcoinstaller2.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\VCam\douwan-virtualaud64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\api-ms-win-crt-stdio-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\api-ms-win-crt-filesystem-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\api-ms-win-core-namedpipe-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\imageformats\qtiff.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\api-ms-win-core-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\uninst.exe	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsaFD81.tmp\FindProcDLL.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\api-ms-win-crt-math-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\douwan\DouWan.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\libusb0.sys	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\AdbWinApi.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\platforms\qwindows.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\api-ms-win-core-synch-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\api-ms-win-core-file-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\concrt140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\api-ms-win-crt-environment-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\imageformats\qsvg.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\api-ms-win-core-interlocked-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\api-ms-win-crt-process-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\imageformats\qico.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\vccorlib140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\api-ms-win-core-rtlsupport-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\api-ms-win-core-handle-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\api-ms-win-core-processthreads-l1-1-1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\libssl-1_1-x64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\api-ms-win-core-string-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\opengl32sw.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\api-ms-win-crt-time-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\imageformats\qtga.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\libGLESv2.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\msvcp140_atomic_wait.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\api-ms-win-crt-conio-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsaFD81.tmp\nsExec.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\api-ms-win-crt-locale-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\imageformats\qjpeg.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\adb.exe	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\imageformats\qicns.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\api-ms-win-core-sysinfo-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\plugins\64bit\xindawn-output.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\api-ms-win-crt-string-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\msvcp140_2.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\updater.exe	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\d3dcompiler_47.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\api-ms-win-core-libraryloader-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\api-ms-win-core-synch-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Dropped PE file which has not been started: C:\Program Files\douwan\imageformats\qgif.dll	Jump to dropped file

Queries disk information (often used to detect virtual machines)

Source: C:\Program Files\douwan\DouWan.exe

File opened: PhysicalDrive0

Jump to behavior

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Source: C:\Windows\System32\wbem\WMIC.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UUID FROM Win32_ComputerSystemProduct

Sample execution stops while process was sleeping (likely an evasion)

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File Volume queried: C:\Program Files FullSizeInformation			Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	File Volume queried: C:\Program Files FullSizeInformation			Jump to behavior

Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Code function: 0_2_00406739 FindFirstFileW,FindClose,	0_2_00406739
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Code function: 0_2_00405AED GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,	0_2_00405AED
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Code function: 0_2_00402902 FindFirstFileW,	0_2_00402902

Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2022852168.0000000002837000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware, Inc.
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2022852168.0000000002837000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: LLVMX86_FP80TypeKind
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2022852168.0000000002837000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: invalid PARAM usage_mesa_symbol_table_push_scope_mesa_symbol_table_add_global_symbol_mesa_symbol_table_add_symbolARB_ARB_position_invariantexpfog_linearexp2nicestprecision_hint_draw_buffersfastestfragment_coord_fragment_program_shadowpixel_center_integerorigin_upper_leftATI_fatal flex scanner internal error--no action foundfatal error - scanner input buffer overflowfatal flex scanner internal error--end of buffer missedout of dynamic memory in yy_get_next_buffer()input in flex scanner failedout of dynamic memory in _mesa_program_lexer__create_buffer()flex scanner push-back overflowout of dynamic memory in _mesa_program_lexer__scan_buffer()out of dynamic memory in _mesa_program_lexer_ensure_buffer_stack()bad buffer in _mesa_program_lexer__scan_bytes()out of dynamic memory in _mesa_program_lexer__scan_bytes()_mesa_program_lexer_set_column called with no buffer_mesa_program_lexer_set_lineno called with no bufferVMware, Inc.SOFTPIPE_USE_LLVMUnexpected PIPE_CAP %d query
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.2022852168.0000000002837000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: t2t1dst0t3dst2dst1dst3LLVMVoidTypeKindLLVMDoubleTypeKindLLVMFloatTypeKindLLVMFP128TypeKindLLVMX86_FP80TypeKindLLVMLabelTypeKindLLVMPPC_FP128TypeKindLLVMFunctionTypeKindLLVMIntegerTypeKindLLVMArrayTypeKindLLVMStructTypeKindLLVMVectorTypeKindLLVMPointerTypeKindunknown LLVMTypeKindLLVMMetadataTypeKindVector [%u] of %s
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1924613470.000000000276C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMWare, Inc.
Source: DouWan-Video-Setup-En-4.3.0.3-x64.exe, 00000000.00000003.1935438601.000000000539F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: .?AVQEmulationPaintEngine@@

Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe

API call chain: ExitProcess graph end node

Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Program Files\douwan\DouWan.exe

13_2_00007FFDF8354A60

Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_6AD13D30 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	13_2_6AD13D30
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF8354A60 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	13_2_00007FFDF8354A60
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF8354BAC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	13_2_00007FFDF8354BAC
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF83B30D4 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	13_2_00007FFDF83B30D4
Source: C:\Program Files\douwan\DouWan.exe	Code function: 13_2_00007FFDF83B3220 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	13_2_00007FFDF83B3220

HIPS / PFW / Operating System Protection Evasion

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Process created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall add rule name="DouWan" dir=in action=allow program="C:\Program Files\douwan\DouWan.exe"			Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get uuid			Jump to behavior

Language, Device and Operating System Detection

Queries information about the installed CPU (vendor, model number etc)

Source: C:\Program Files\douwan\DouWan.exe

Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0

Jump to behavior

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Queries volume information: C:\Program Files\douwan\platforms\qwindows.dll VolumeInformation	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Queries volume information: C:\Program Files\douwan\styles\qwindowsvistastyle.dll VolumeInformation	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Queries volume information: C:\Program Files\douwan\bearer\qgenericbearer.dll VolumeInformation	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Queries volume information: C:\Program Files\douwan\Qt5Network.dll VolumeInformation	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Queries volume information: C:\Program Files\douwan\Qt5Network.dll VolumeInformation	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Queries volume information: C:\Program Files\douwan\Qt5Network.dll VolumeInformation	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Queries volume information: C:\Program Files\douwan\imageformats\qgif.dll VolumeInformation	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Queries volume information: C:\Program Files\douwan\imageformats\qicns.dll VolumeInformation	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Queries volume information: C:\Program Files\douwan\imageformats\qico.dll VolumeInformation	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Queries volume information: C:\Program Files\douwan\imageformats\qjpeg.dll VolumeInformation	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Queries volume information: C:\Program Files\douwan\imageformats\qpdf.dll VolumeInformation	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Queries volume information: C:\Program Files\douwan\imageformats\qtga.dll VolumeInformation	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Queries volume information: C:\Program Files\douwan\imageformats\qwbmp.dll VolumeInformation	Jump to behavior
Source: C:\Program Files\douwan\DouWan.exe	Queries volume information: C:\Program Files\douwan\iconengines\qsvgicon.dll VolumeInformation	Jump to behavior

Source: C:\Program Files\douwan\DouWan.exe

Code function: 13_2_6AD13C50 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,

13_2_6AD13C50

Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe

0_2_0040348F

Source: C:\Program Files\douwan\DouWan.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Lowering of HIPS / PFW / Operating System Security Settings

Modifies the windows firewall

Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe

Process created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall add rule name="DouWan" dir=in action=allow program="C:\Program Files\douwan\DouWan.exe"

Uses netsh to modify the Windows network and firewall settings

Source: C:\Users\user\Desktop\DouWan-Video-Setup-En-4.3.0.3-x64.exe

Process created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall add rule name="DouWan" dir=in action=allow program="C:\Program Files\douwan\DouWan.exe"

ID:	1467120
Product:	CloudBasic
Start time:	17:59:33
Start date:	03.07.2024
Sample:	DouWan-Video-Setup-En-4.3.0.3-x64.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	54f1dfbda1d18a3cdb6055546d45dc84
SHA1:	3ff5de326326a96db424dd27df20d1d855a61570
SHA256:	d6916e1f1e375b82dcdde615a6fdadeadda98788ce084812ccd6ba133b8a447c
Filetype:	Win32 Executable (generic) a (10002005/4) 99.96%

Name	Type	MD5	SHA1	SHA256
C:\Program Files\douwan\AdbWinApi.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	ED5A809DC0024D83CBAB4FB9933D598D	0BC5A82327F8641D9287101E4CC7041AF20BAD57	D60103A5E99BC9888F786EE916F5D6E45493C3247972CB053833803DE7E95CF9
C:\Program Files\douwan\AdbWinUsbApi.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	0E24119DAF1909E398FA1850B6112077	293EEDADB3172E756A421790D551E407457E0A8C	25207C506D29C4E8DCEB61B4BD50E8669BA26012988A43FBF26A890B1E60FC97
C:\Program Files\douwan\AirPlayInput.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	149211C249C058C7E5169B5AF005EC27	CA8D3656837CB611F2BD9385142BA4792C44C55C	FFEFB6962A0F1FEA4B69D6F70856E47E0D7266716154BE35D8C512F5206F42D0
C:\Program Files\douwan\DouWan.exe	PE32+ executable (GUI) x86-64, for MS Windows	E9A3B9746938F5A64159092AB84A9A9E	008A2BD684BC44AB4EE285E754BABBB69E8920AA	7EB32BE702274510889601D2078BE62F786D3FFD80BD71F75EDC584D0772168C
C:\Program Files\douwan\EndUserLicenseAgreement.rtf	Rich Text Format data, version 1, ANSI, code page 936, default middle east language ID 1025	ADF1CE3B1BA19C00EB98C4C227920DB6	82BDDD283C03BAC6008F6D67B158D9D309DAD3C0	8D1CDA37DF7FDFF78F409C7327E409CF79BD032F18120EE2DA495223D1EDA97E
C:\Program Files\douwan\Qt5Core.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	817520432A42EFA345B2D97F5C24510E	FEA7B9C61569D7E76AF5EFFD726B7FF6147961E5	8D2FF4CE9096DDCCC4F4CD62C2E41FC854CFD1B0D6E8D296645A7F5FD4AE565A
C:\Program Files\douwan\Qt5Gui.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	47307A1E2E9987AB422F09771D590FF1	0DFC3A947E56C749A75F921F4A850A3DCBF04248	5E7D2D41B8B92A880E83B8CC0CA173F5DA61218604186196787EE1600956BE1E
C:\Program Files\douwan\Qt5Network.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	3569693D5BAE82854DE1D88F86C33184	1A6084ACFD2AA4D32CEDFB7D9023F60EB14E1771	4EF341AE9302E793878020F0740B09B0F31CB380408A697F75C69FDBD20FC7A1
C:\Program Files\douwan\Qt5Svg.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	03761F923E52A7269A6E3A7452F6BE93	2CE53C424336BCC8047E10FA79CE9BCE14059C50	7348CFC6444438B8845FB3F59381227325D40CA2187D463E82FC7B8E93E38DB5
C:\Program Files\douwan\Qt5Widgets.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	4CD1F8FDCD617932DB131C3688845EA8	B090ED884B07D2D98747141AEFD25590B8B254F9	3788C669D4B645E5A576DE9FC77FCA776BF516D43C89143DC2CA28291BA14358
C:\Program Files\douwan\SDL2.dll	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows	C77C66F7C9BFD217A6E98F373EBA9DCA	6F2620B6696EAF1D1612764120240525533735F9	C0EA0AE92A8BECE1D0013004D443DB8076565E843CCBF434107DCAE11AD88FA6
C:\Program Files\douwan\SoftwareLicence.txt	ISO-8859 text, with very long lines (489), with CRLF line terminators	F72D6D2612CA3E8B67D51E476375DCDC	D4C444EE5DDF654151ABEA2F3B794C83B7FC0746	7C6163C086B84D88007E4C753052174EAFA607BBF45495BBBE91F0A2578724D3
C:\Program Files\douwan\VCam\default.png	PNG image data, 1920 x 1080, 8-bit/color RGB, non-interlaced	A4B283F470C19FF38434A413D4DAAFF7	47E5E8FE704D27681C882D735E35F35A279066F9	1645921EBBD0E19E1D68A881988400C0D6A0D79EFBA6C2BE92F16F21AC6E484E
C:\Program Files\douwan\VCam\default_p.png	PNG image data, 1080 x 1920, 8-bit/color RGB, non-interlaced	8D694DC935C445FBE72AADE248D8FE9E	A00B070017632177F1D04370580B6998D57FF484	A5EE2B2C570DD5C4B86130BD787855FCF7B97BC2D0AD42CBB656F57300444F2E
C:\Program Files\douwan\VCam\douwan-virtualaud32.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	2465B102E66FFC0F3F60C2A91677B6C3	20C95ED7221AF160ADEE6290CA0E1397932E6754	F56A07CC259656B15E1EF0E52C4BB8D204239B73232E959E6BB488EB36F538F6
C:\Program Files\douwan\VCam\douwan-virtualaud64.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	00422B0D543E059D3205AAF098BE929B	BD50AD243DB64EEA16498945C2C90A935A103619	37F8B8AF15E802A3F3A282878AC968D54168604276704A5A93335BC05F20732A
C:\Program Files\douwan\VCam\douwan-virtualcam32.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	7001AC4CEA57EE0EC7E94033E314BE43	DBA06DD023FCF4AD322DCD278F8CAC470C73546F	4123F2E442B58EE1A1EBCB4F2B28233F9C34A21F5D76A4764DF0551B9D007195
C:\Program Files\douwan\VCam\douwan-virtualcam64.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	B15156490BBF33C4C63338A09E92D1FB	2C73D2A34288CE92F8E17A4F34CB9F2CC59D08BA	878EB097795F24E9B5F91DAAF692A2E03CB2EC1F3F4B27650127F3CAE854CA12
C:\Program Files\douwan\adb.exe	PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows	C752064585CE1C47CF113FC776E0D678	91F594BFD06BA34BDC4A0ACD2B0D570DA0FEB7BC	F1F654DF0A74B171DA34750B4FF34F15A49B75D45AED54123B72998AEF619968
C:\Program Files\douwan\api-ms-win-core-console-l1-1-0.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	CDE2424D99DB56DD0D1EAF34811738C1	CC7889C43729B93A4E193B2FD6AE5F22B6AD6B8F	4CEAF28CADFD0929B44E9C686B93432A7151504C8FFE2A6AFE516F9B16538131
C:\Program Files\douwan\api-ms-win-core-datetime-l1-1-0.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	ACF4321AC8C8FF4D0442C799D621F8D9	B12F87E6AFC48697F1CE8B587715361E89B79CAE	69B84F7318798A91143E3D273AE9C0BEDAABBA930E3702447D493E2B8DD70725
C:\Program Files\douwan\api-ms-win-core-debug-l1-1-0.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	3C47C25B8141D20B2B4D576000000A61	04543F9CDD847FF66389C9FD1E12B444DAE6383A	290030199E8B47D6BCF466F9FC81FEE7E6AEBC2C16A3F26DD77019F795658956
C:\Program Files\douwan\api-ms-win-core-errorhandling-l1-1-0.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	E05CE0232E64328C62C9DA37698566BF	50C25E6ECEC2CD17ECF3117BB9A646BA107D2B84	573AED3F3EB436F9B7C24D51BE3BE2105DEB8149EBDA9B964660930C957B2410
C:\Program Files\douwan\api-ms-win-core-file-l1-1-0.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	A26C7FFCF18B62904DAB7786DE638EA6	B28489BC38EE2F522EE83DCF49FAEB96F39A77E3	74075B7AF84378CEE0D035C020B320EE52A120B21F71A4972093C9E23D534830
C:\Program Files\douwan\api-ms-win-core-file-l1-2-0.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	6A55A7E284B51B086B63CC6F2061CE8B	46A48A1CCF5262038B71ED4BE09CF625009D078D	D9973270A952B4CE615104520051E847B26E4B1CC330A5A95BA1AE128F0DFDEB
C:\Program Files\douwan\api-ms-win-core-file-l2-1-0.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	6E38A6BED88E1C27155E4DC428188EF0	8B47A1960ED157F7BEEB80FA4A16A723279C4EFA	144D3A28E43E47FC1CCE956255CC80467D4A6FBBB8F612EC6D85F62DE030A924
C:\Program Files\douwan\api-ms-win-core-handle-l1-1-0.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	9304209688E2A18D0B26997BC78FDA7A	5D4332CF1C5123418C6419D0291486C3939E8785	D6BC1509FD2D4EA07E661F2F59395B4D71907D16F59942443A5D460DF343DBF4
C:\Program Files\douwan\api-ms-win-core-heap-l1-1-0.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	F42A84D78A5A15FF1A4DBAC591E95783	1CD5B5E68FD729BDD340463B53728634D342B0CD	F60267CAB87DFC1ACCF912C212186112ABA38742F621549D6BC8D67E217E7234
C:\Program Files\douwan\api-ms-win-core-interlocked-l1-1-0.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	9F286E57E5B1C1A347ADF9EEF059AD5D	631AA1AA364234ACC5AD20B27F926E9CB9EE4276	F93DDEF4AC14EF778790F3F00057AB6CAFC0C99DFF52CC24F523D63917719970
C:\Program Files\douwan\api-ms-win-core-libraryloader-l1-1-0.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	BEAAE8294DB31AFA04FA60795C6E02AE	8A32EBD843E461864747FE0AEBF4BBF83C4EC093	F8E8D85035BCB478CE2AB47A6476A8C756A7C8FA05BAD66B9A03ECE6A2CED141
C:\Program Files\douwan\api-ms-win-core-localization-l1-2-0.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	2AC1289E4DBAB076B332869BEF26D3CE	60570DDD06B671E26C6A814B9C08CDFA0EF38ABA	6475F20F46814D28845C2FA73E9C283A8504483FA16D911325588C778CF76C26
C:\Program Files\douwan\api-ms-win-core-memory-l1-1-0.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	A2661A468BB87EE9CC5DEE968FD3805C	9B17FBD552E34888F1453F9113FF4C42EFAF6D6A	DC41DA54E717AEF60228EE11D10669C31D3DDD532EEE9ECAD944C09B71B762DD
C:\Program Files\douwan\api-ms-win-core-namedpipe-l1-1-0.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	ACBFC011D5842BA60C372BA3D222AB70	16B8014060A04BB03215F6CE4C118BAE48653BD5	B0AE48EB5FF51FA038E1ED23C7C48D266C20C2AF3F9907EE6906BB0346DF7F9E
C:\Program Files\douwan\api-ms-win-core-processenvironment-l1-1-0.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	19D14D348AC38737431A7EE2F82973E6	11CD8F5DC5C08D133B9B006DA5C84946F012CBB6	1CD9CFF9F7D24B22993A207CB81F15CE2792FA5F941E77E8280DB00DB6A273AE
C:\Program Files\douwan\api-ms-win-core-processthreads-l1-1-0.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	EA0E13FEAC13DC18C79EB682BEF4676E	B9DB47624345C68CF07BD2677DF537E0F975CAF9	2658242CCD090181ED944F682C435E5FB880F3B21D1811D43B93478901D701B0
C:\Program Files\douwan\api-ms-win-core-processthreads-l1-1-1.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	1AF2A91DC0A4E48BAB0CA123073ADF30	CF6625FD31B17D46DD31B16372840C74026D0BA2	AE574C9B8A2467C3EE0AC3E862255E93A02627BCE146AD7B720B99905DC224FC
C:\Program Files\douwan\api-ms-win-core-profile-l1-1-0.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	9B9D1949B75DF171884F6F8CABA7FF59	411ADF413F53C56488D5CF68E9B4B692889F3C4B	CFFB2007C31932B092CDA3A0A39F1CFCC5766B6A1C05E5EAEABC53660CBBE786
C:\Program Files\douwan\api-ms-win-core-rtlsupport-l1-1-0.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	C6E268C877A9BE5B43877308B1231120	949105C826DEE6A32FE1288285E3E41CB7D04821	EAE3CD8747DA3B435846901A1DBE0E430666D3D8D7BA6E54307CFF5D6EE0592F
C:\Program Files\douwan\api-ms-win-core-string-l1-1-0.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	5122B8AA14A25C8567D9D0335036446F	81961F2C8A331136F8156930779964A71E0BADC4	7B5393E2CB79F0396D5D97510E8F0955A2586AACAF60EB8DE3676006CB81DC5C
C:\Program Files\douwan\api-ms-win-core-synch-l1-1-0.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	E1B30D56617709CF7DFF5F464D7566D9	E29646B1C90550CB86ED42782C764D41F2C70651	5D1A854A0C5121E2E8866DAD26545F7F8C2D2F1B15ED7F1ED0B72654A1FC299B
C:\Program Files\douwan\api-ms-win-core-synch-l1-2-0.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	E4B64B2710725EC3332021BD8044D884	2D7F8D87D0F395296ECDF277084D23CB9E0880E8	9566B81B1C6DB1727A4BB3A7A3DE12247FF5297F34548593280EC31F2B2E2C65
C:\Program Files\douwan\api-ms-win-core-sysinfo-l1-1-0.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	67FD470A60FE8FB3F9FBE32FA52871D0	09ABA019A0D0DAE7415B6D9A39E1DC67D93F130B	1F98F9E044D32E61445C5FAB3C80C2F37CA6BAB3D5B22CD5611FB5DF73DB04A8
C:\Program Files\douwan\api-ms-win-core-timezone-l1-1-0.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	F53ED8A0C18157B9E37500621DFAB9EE	B8A3131150CFD46052353309843C802D9F43DF03	5909E928D791F67A13E3130033CB0E2178F5167A644C3AB5336322D38356DB47
C:\Program Files\douwan\api-ms-win-core-util-l1-1-0.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	2B9F551CDDD662C618432A75C546B296	1DDD65FCC8BB401C734EBC2014D057328F771744	070AFBDBE5B3F3B76B6B7EA2DBB9F8DEFF81C6EC8706EEF9080671543E2AE28B
C:\Program Files\douwan\api-ms-win-crt-conio-l1-1-0.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	7D943F85FF8D1515A02D202AE79453D3	94DEF1F7368172AC50B665E74B89E8F7AAE2857B	1D4464FE335470452E58D613028DDE2F105EDF969D411E90BA7CA9E343C3FC89
C:\Program Files\douwan\api-ms-win-crt-convert-l1-1-0.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	278857B86F667C47CBCCE94F5EC73CA8	A0F5B7E7C67F3C6B8F285D39D08B740E49445755	91C5966932287078D0E616D8E0369347991F39765749BBFFA1ED3A9DF49776D9
C:\Program Files\douwan\api-ms-win-crt-environment-l1-1-0.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	6493B21FEFAE874655C62A56A156F3EB	C65BEB46F9F03D35867FF008026D3A56FA26FB65	8D9D3E905D072C4465E4787DD5BD843D3A5DD5AC5AD9D7F232032B25FACC82AB
C:\Program Files\douwan\api-ms-win-crt-filesystem-l1-1-0.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	AE83311041EE793253FF10736317A09E	C62D06CB6CBD9D997C42A6AD7F13C06F38725069	8F9361D02F68392127FE264655EAC4FEF4A4A1BF63571F184CE26FAA98670702
C:\Program Files\douwan\api-ms-win-crt-heap-l1-1-0.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	12311308D7D65895B3920B3DD3E54B3B	3FAA74C6913F451D9C575761630B507AF0C15EE3	76DAD3E04C9FF61B40AE1C9E039837CD1C077D59B6A008643E4FBF2DBDB564DC
C:\Program Files\douwan\api-ms-win-crt-locale-l1-1-0.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	3DAFCF25A2AC1BECF40ACBEC8FC7134B	0729FDC617403622C2EDD77FDB7DD49B530E2037	BA1458F730FF90009483C763926D1C74383480E529541C0EF5D4DE44E7A4F14C
C:\Program Files\douwan\api-ms-win-crt-math-l1-1-0.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	F32BD567D35D2E85504C39DEDE609E72	B7A7145956466E45BBE6F7FE41E935A152C2C325	5F2BB085217304006C81C55214C6093EC476E554E31808026E424DA82F58AA0E
C:\Program Files\douwan\api-ms-win-crt-multibyte-l1-1-0.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	56C02FABC2C64174009C905570C3A22D	E52154112AD127AB01937453490091DEF4D21AD2	0AA2CF2CC029C95FC053374071D7873EDDDC410FF8858720EE5C29BFEE62DDDC
C:\Program Files\douwan\api-ms-win-crt-private-l1-1-0.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	4B27CF5CDB20AEBF113DF752019FFCA3	B02C6E45F704DAC118F81C324122C189E3E61E17	C1E206AA4C8014DCFDAD15C16F50FBF4E3CE8E76E9406AF923131EBC001DD5AC
C:\Program Files\douwan\api-ms-win-crt-process-l1-1-0.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	FA677CFB18BA1370D8BB98681C48CFBD	CBCCD561BF53C59254FB04AB136996B81CC80D3A	36589E9738A9358065D5A72F4276505D6C2F78101508BEDE05BDCCEEA46A8CD8
C:\Program Files\douwan\api-ms-win-crt-runtime-l1-1-0.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	595A997BD415C8AE0EF1E3C3B73E6091	10F34BC2F474A43BFAAC26F66EC8081106C12253	11ACA97ACDA31203AEEE496C9F183B49DB1C54D0EFA48888A15AB4EA47EE080F
C:\Program Files\douwan\api-ms-win-crt-stdio-l1-1-0.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	415D765AA267382A79E56E428C80B1E1	1BF13460B8AAAC1538BF45186A1624825BB8C355	CF7BBE93AE75A1C46A38204A6ACEF71BF2F5E3CD34501825601900E07D3D7B15
C:\Program Files\douwan\api-ms-win-crt-string-l1-1-0.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	5BD5A9001CB0555C5B2B14E0CBC8D922	4562D23FBA312FE95CBC777FD7C2E37CA1E76AD9	B516D1772B75714F039440CF5D070B87A187D2F67B7F891C94CF1C60330FBFA7
C:\Program Files\douwan\api-ms-win-crt-time-l1-1-0.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	F719AD4C04043F55A21E73805997B287	0E88B1271B242F7933E78EDCB05131612CEA061E	A4B0F75854949980D410C5DA90C36DDB94BE292431C89FD3E992F9D5F8EE9983
C:\Program Files\douwan\api-ms-win-crt-utility-l1-1-0.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	A405399D5B958A03E6054307A631553A	DBA43F0AFD8C6E1F61CF0BE7503C6F70B48B8240	D675EE0C418C4CD7FF0C19C2D945331C8E6072A51ABBCA548E7D9D2F1BF288DD
C:\Program Files\douwan\avcodec-58.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	BA33896F7BB11B42F4A6E38A70932A98	597D5465F34E70B4FA635EA9555D7ACE6A2E7C1D	C9C1592372D39A010EF1BDE1C970C84FE2989EA36EB2489A7551F4A2FC3730D3
C:\Program Files\douwan\avformat-58.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	9ED6B5DC835087ED146F532F543B6B77	5FBAE3F7101C24EF2A48C97D9998C9A4C33D90E0	2699953D2308E4E83AA641F034AD2301D80C2EB3CD696B267395C78875C1BCDE
C:\Program Files\douwan\avutil-56.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	EBE64CD6BF7F56655D7812EB73D0CD91	6448689C4D29821A83AC281F5841CF804765133F	FD1E8C7F3284C9334E64B86179FC0492364EBFDD4CCE68E936EB8A77AE4B7761
C:\Program Files\douwan\bearer\qgenericbearer.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	14D67B1249A52090A8D3EDCA9FDCC262	25854E05F742EC256D438537E32E3C4D4EDEB020	0534CEF5F54EB6D10B2E90BD6089DC413C555771E12220BE9A5CC48ADDDC803D
C:\Program Files\douwan\concrt140.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	C4FE3F03EFD3188252CAA101F954FFEB	98B613AEE45C71AED9D2BE0D61D7ACE323929E9C	95BB425BE3D515A6A58F7399D44DD9E032BAEA11667DFDBA29517C460171880A
C:\Program Files\douwan\d3dcompiler_47.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	CB9807F6CF55AD799E920B7E0F97DF99	BB76012DED5ACD103ADAD49436612D073D159B29	5653BC7B0E2701561464EF36602FF6171C96BFFE96E4C3597359CD7ADDCBA88A
C:\Program Files\douwan\d3dx9_43.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	7160FC226391C0B50C85571FA1A546E5	2BF450850A522A09E8D1CE0F1E443D86D934F4AD	84B900DBD7FA978D6E0CAEE26FC54F2F61D92C9C75D10B35F00E3E82CD1D67B4
C:\Program Files\douwan\dashboard\dashboard.css	ASCII text, with CRLF line terminators	20E1C84A50A3488683284CD95DCA2B80	0F302CEFB5924B960B25BF10D70D388429DF49A8	195C908E5C1A5768E9503E226784DBBE900C321C6469C7916CE86FDC5A0E4B45
C:\Program Files\douwan\dashboard\dashboard.html	HTML document, Unicode text, UTF-8 text, with CRLF line terminators	F41DE93C99139CC40C3FEFCFF270A5DF	1EFEEB43EB2039E5002F2EA04F4B141304A8EAB9	DE20648118E0FB31B944685FEBC68A5C8B7CBB8D25030172F6C81DD886C7AFB9
C:\Program Files\douwan\dashboard\icon\details.svg	SVG Scalable Vector Graphics image	0EA9E817FE607AD65BF58EBEC8CE27C5	9D820577FF8FDD7D4783C70F00564A8256F7D4AE	CB99B5F1776FAFAE3367617DFB829BEA92FF189B308AA32E27CDE873E4716C26
C:\Program Files\douwan\dashboard\icon\edit.svg	SVG Scalable Vector Graphics image	182089AA7C312430F3511B96D493227B	4098CFA18795C88BC8C99B7C426788610D4A601B	4C52204707144681A71E569F7C2F7E210636AD46AF1C82318674FA499889C0E0
C:\Program Files\douwan\dashboard\icon\group.svg	SVG Scalable Vector Graphics image	AD17E910F53B6AB941C01C3D0E357BCF	8577D20DC7EA7B5EDB3FA1137B14ACC9DA779B85	B83BF7D072373B85A4BF2B07D70DAC9007F0A098BA1995CA85D07F0920FECC3B
C:\Program Files\douwan\dashboard\js\DlgDeviceGroupEditor.min.js	C++ source, Unicode text, UTF-8 text, with very long lines (643), with no line terminators	C2E1FF0F8A2710A16419607A7406923D	C5459312669FBB04616E8825DD04D339BD6856F3	5B4E0FFA0F65C26B5D7A16BA8AF6CF1A0DB837C7CE805D28A1ACFA9A067B38F8
C:\Program Files\douwan\dashboard\js\DlgDevicePreview.min.js	C++ source, Unicode text, UTF-8 text, with very long lines (1189), with no line terminators	177DC6411E67E513105E89BF7DC7609B	0F1F2569D583EBA75F239917CFE00C2BFDA8D685	14109F3867AB18C66213FD5B80F8C877950776B2508FE70B46B92EF37A844A0C
C:\Program Files\douwan\dashboard\js\DlgGroupEditor.min.js	C++ source, ASCII text, with no line terminators	8FE3359CCB22B4465F80C71245304BF9	867768BF27328FF2FA934074AFC604D179705E63	CC80D74E42D9D0D617923D69255913548312936058BBFAF6BE5E192564887AEC
C:\Program Files\douwan\dashboard\js\api.min.js	ASCII text, with very long lines (2438), with no line terminators	37D07F893ECEA50995352D3FD0C56CD0	6A4404A5A7F0655ABADDC22ADD10219894CD4218	903F97420CCF1107C7B425844ABD6F2854FC184F9B146C34E5ADA77E68DBDD63
C:\Program Files\douwan\dashboard\js\app.min.js	Unicode text, UTF-8 text, with very long lines (6597), with no line terminators	80DD23D32BFA54DFD0CA8551AF861CEF	04B4438566A6E0B8A9F31FB5C6EE19F0C77FCDD4	76ACC9FFEB05772299D7DDC872653AAF08EECEB3824BCDEDE4ECD192FA9129DF
C:\Program Files\douwan\dashboard\js\deviceGrid.min.js	ASCII text, with very long lines (5548), with no line terminators	9EC84C3F86106C3B48A388323D4A3086	B567BC845418ED6207EBECE76A9FBEEF25690CDF	08A0FB857B23E789380A7CAE37EC478CE6C0041560C7C3600262369FB5B15108
C:\Program Files\douwan\dashboard\js\deviceGridItem.min.js	Unicode text, UTF-8 text, with very long lines (4801), with no line terminators	2E9F357E531D5E17D62392D7162E4D2A	F15A76B7FB0B04BFE073454E74C2C44C32E9D780	16AC7A75492789B1FB8424C1EB9BA74D9101AFDA4DB39C5389AAAC13942F9774
C:\Program Files\douwan\dashboard\js\deviceGroupServ.min.js	C++ source, Unicode text, UTF-8 text, with very long lines (2365), with no line terminators	618C5028C449F8E15EC544CB90F7CDEF	E0ADD391453AC2FBA632F901ADBD9EBC869C3BDB	C37A6F5EE7E85F486736F426D1CE5AEF52B1482EC9C48B055FA2C570994AE044
C:\Program Files\douwan\dashboard\js\deviceServ.min.js	C++ source, ASCII text, with very long lines (416), with no line terminators	BF22FCDE858FCBF2FBA3C107F7945A40	5E7A05CCD8113B7A774BDE67CE5DA0F59CF71C08	30D95DFFFE77BD8F8ED20EF1AC97C5719353835BDB96B1927DCF25EF7F0BCA8E
C:\Program Files\douwan\dashboard\js\ws.min.js	Unicode text, UTF-8 text, with very long lines (2446), with no line terminators	3ABDC1F21C32657A69229E18C3F29A2C	9BDE28A961AB5544D88784D0F982D7C456761519	E68F78F4BC408E0AE93E8886954223A24CDD5DB09043A12F425BDF374729D3A8
C:\Program Files\douwan\dashboard\vendors\eleTree\CORS	very short file (no magic)	3389DAE361AF79B04C9C8E7057F60CC6	DF58248C414F342C81E056B40BEE12D17A08BF61	684888C0EBB17F374298B65EE2807526C066094C701BCC7EBBE1C1095F494FC1
C:\Program Files\douwan\dashboard\vendors\eleTree\css\icon.css	ASCII text, with CRLF line terminators	BC3D569152FDE761EB8BDA1584F4B8E7	2E4EE49FB13F6D287806CE1B280F0B9DC7C8F5F6	D41498F51B75320A27FF0A64C2AD7368DDB1005849F91931EDB9D80697FBB104
C:\Program Files\douwan\dashboard\vendors\eleTree\eleTree.js	Unicode text, UTF-8 text, with very long lines (48612), with CRLF, NEL line terminators	01B5ADBB12E402C4244332C3927DC5DC	385DDF4569A0CB645E1164DA0C850D681CFA0BCC	FDC9187CDCF3654DC1799215EECEBB868D32A3038CC3EA18FBD371A496D7DA3E
C:\Program Files\douwan\dashboard\vendors\eleTree\fonts\eletree_icon.eot	Embedded OpenType (EOT), icomoon family	BEBE81AA1BE23C66C42FCBFAFCBCE1F0	04CFD5DE1F03573C01E7138F5E8A2F7CB4A2A892	30DDCBD0303CFC43ECE37A35F6501307355E3F836229B9B8C545D3B318441809
C:\Program Files\douwan\dashboard\vendors\eleTree\fonts\eletree_icon.svg	SVG Scalable Vector Graphics image	CF8069B57C731B670064AEA169F9114D	B601B1C3EF4C8431164A1E10FA44FEE2FB2F9D46	44A9E973C2573806A48CD88C1FB7E342068158EDF405C620B121D288B7179BB5
C:\Program Files\douwan\dashboard\vendors\eleTree\fonts\eletree_icon.ttf	TrueType Font data, 11 tables, 1st "OS/2", 14 names, Macintosh, type 1 string, icomoon	F2A86A599C879D05441AD014734CD8BD	88030278B5008DE7D96278CCFBE7EFC5797518E0	9F00CE76B5A225AA66EFEEBDA8E8D7B7BDB0D79708700721594FB0C71CC5D1EE
C:\Program Files\douwan\dashboard\vendors\eleTree\fonts\eletree_icon.woff	Web Open Font Format, TrueType, length 7120, version 0.0	4111DE0E495E954FAAE52A2A3DC8F1A0	ED34F6A3B6CE13ED5B7D18283073321D0C2AEC5D	224D0BD9D5343C70B29CF46BD382962A87AB58387130BF3893D6C01780B5801F
C:\Program Files\douwan\dashboard\vendors\eleTree\images\checkFull.png	PNG image data, 18 x 18, 8-bit/color RGB, non-interlaced	64E200699A953FFBF2F912E536B04307	2DEABCC196AF691E99A4B675231E9B4704968089	B97B706D0708C0701ACDA1494F5B0E7B06AFF2E71D4750F4871336DD2E585272
C:\Program Files\douwan\dashboard\vendors\eleTree\images\checkHalf.png	PNG image data, 18 x 18, 8-bit/color RGB, non-interlaced	7B03C7D0370687B680B5B77B64459C31	07C0076F0B4678E49762A473077824D08937675E	C85A07F06DEE1CEC43D8F41FB342EF2014F636DE92EAD5FF16F7F921C3D77FDF
C:\Program Files\douwan\dashboard\vendors\eleTree\images\checkNone.png	PNG image data, 18 x 18, 8-bit/color RGB, non-interlaced	A39E6C554CA285F4DC2A624D59BCDF9B	F59CFEAB2A4097506D69C59C98CB7BF9A7BC3D94	9E9EA71DB25C6AC375C18AFBDED42436A6D7E1ABD4A8C6795A558EA707925BBF
C:\Program Files\douwan\dashboard\vendors\eleTree\images\dropdownOff.png	PNG image data, 29 x 29, 8-bit/color RGBA, non-interlaced	24D8E00AF6AC2CD281A305620218BB6A	FFC5678BF2482BF3B53935599C4B488A7F93947D	ADA66BAFF96EEC5E6BDD6D53119833943F63A134ADB0A45A5C2424B7883427EC
C:\Program Files\douwan\dashboard\vendors\eleTree\images\dropdownOn.png	PNG image data, 29 x 29, 8-bit/color RGBA, non-interlaced	68ABB5FDDB1D51AC5B9D05E18873C988	6F6421D23DD14BE5A8925A2492742251D1C9D7FF	C354EDAEFDCC3F20B891BA4FA11F9A259784439C32D69DD370D46E24AA0E2138
C:\Program Files\douwan\dashboard\vendors\eleTree\images\fold.jpg	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 13x16, components 3	002BD7B6BAC4E2968865B7AD4ED1FB03	BCBCA24C51D5D0348388DF6A66C78A7EADB1FD08	3FF55BCE0E33CFBE82645DE1F31B581ADDA4814C3717EC1231C5917B1D432E7B
C:\Program Files\douwan\dashboard\vendors\eleTree\images\fold.png	PNG image data, 13 x 16, 8-bit/color RGB, non-interlaced	D6E9F823419EE5F7F385112B4E6297AE	E11AACB932FC277EAA4479221A43565676D2934B	CB983D04B9F2870A73F8E2A6B3E17B3C91F78138453CEDDBE3C38D7310851088
C:\Program Files\douwan\dashboard\vendors\eleTree\images\leaf.jpg	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 13x16, components 3	DDC9184B73D8C326C65944EB916C85CE	5AC56EAA37BCE0545CDC6CB14B4EFD1C850CCF90	A3EACB2E66D53682B61E6F9A6A7406972C939AD88E2627D4720FB84E2341DE81
C:\Program Files\douwan\dashboard\vendors\eleTree\images\leaf.png	PNG image data, 13 x 16, 8-bit/color RGB, non-interlaced	DE644A6870C53E4E80010BAFB3E05721	823DF1B2E524F8159692A911B8802B25EBC66F66	BE4C8D2310F8DA0F03D2405AFB360F3A58F50814931092A483E18F23B80CBBAE
C:\Program Files\douwan\dashboard\vendors\eleTree\images\radioCheck.png	PNG image data, 18 x 18, 8-bit/color RGB, non-interlaced	610E7ECD5E891C358D9B62B624CF2B1B	0EC498E798A7282AED72644C75BDE62DC410B014	D7C01BDB246E176A3DA2ED079A31256D6CA36FF0CA58F472F9AD17C0FB88CC94
C:\Program Files\douwan\dashboard\vendors\eleTree\images\radioCheckNone.png	PNG image data, 18 x 18, 8-bit/color RGB, non-interlaced	F2F4DB0D205412B2392772FC4BF4F346	0424588728FA2656F1B6948CB01CFCD7BEFB2D1E	3B251071ED53D30C0C8C8EF5924E19BC9A2D335F8ECEDFFC676345B5D4D81C85
C:\Program Files\douwan\douwan.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	966127E7856D02D9CF7A4F5CCC02E29E	93C25C6539B9BF90312B340AB65FE8C4D70D8C14	B2D67F6811D39574F41203DAE2E108B2729DADBF9BA2943BB526715966B874DC
C:\Program Files\douwan\douwanaudio.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	1A47B789F81A72E464644C64DEDAC0D2	4E9C5CECA7BF0DD5212C29AAF44148BB0E16EE4C	BA3CF1C7661F5B8C4883AB4309BCE1513A87C3AAF1FEA60A6650A626A9FFE338
C:\Program Files\douwan\iconengines\qsvgicon.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	313F89994F3FEA8F67A48EE13359F4BA	8C7D4509A0CAA1164CC9415F44735B885A2F3270	42DDE60BEFCF1D9F96B8366A9988626B97D7D0D829EBEA32F756D6ECD9EA99A8
C:\Program Files\douwan\imageformats\qgif.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	52FD90E34FE8DED8E197B532BD622EF7	834E280E00BAE48A9E509A7DC909BEA3169BDCE2	36174DD4C5F37C5F065C7A26E0AC65C4C3A41FDC0416882AF856A23A5D03BB9D
C:\Program Files\douwan\imageformats\qicns.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	AD84AF4D585643FF94BFA6DE672B3284	5D2DF51028FBEB7F6B52C02ADD702BC3FA781E08	F4A229A082D16F80016F366156A2B951550F1E9DF6D4177323BBEDD92A429909
C:\Program Files\douwan\imageformats\qico.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	A9ABD4329CA364D4F430EDDCB471BE59	C00A629419509929507A05AEBB706562C837E337	1982A635DB9652304131C9C6FF9A693E70241600D2EF22B354962AA37997DE0B
C:\Program Files\douwan\imageformats\qjpeg.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	16ABCCEB70BA20E73858E8F1912C05CD	4B3A32B166AB5BBBEE229790FDAE9CBC84F936BA	FB4E980CB5FAFA8A4CD4239329AED93F7C32ED939C94B61FB2DF657F3C6AD158
C:\Program Files\douwan\imageformats\qpdf.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	043F65C95409CF107C732ADA97345811	BC916748148F4D475E6591C442F94EC20AF85929	6F5A878610A76EAF931B76E1309E1A850869E85432470CE8E9B6685401B243C8
C:\Program Files\douwan\imageformats\qsvg.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	C0DE135782FA0235A0EA8E97898EAF2A	FCF5FD99239BF4E0B17B128B0EBEC144C7A17DE2	B3498F0A10AC4CB42CF7213DB4944A34594FF36C78C50A0F249C9085D1B1FF39
C:\Program Files\douwan\imageformats\qtga.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	A913276FA25D2E6FD999940454C23093	785B7BC7110218EC0E659C0E5ACE9520AA451615	5B641DEC81AEC1CF7AC0CCE9FC067BB642FBD32DA138A36E3BDAC3BB5B36C37A
C:\Program Files\douwan\imageformats\qtiff.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	9C0ACF12D3D25384868DCD81C787F382	C6E877ABA3FB3D2F21D86BE300E753E23BB0B74E	825174429CED6B3DAB18115DBC6C9DA07BF5248C86EC1BD5C0DCAECA93B4C22D
C:\Program Files\douwan\imageformats\qwbmp.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	68919381E3C64E956D05863339F5C68C	CE0A2AD1F1A46B61CB298CEC5AA0B25FF2C12992	0F05969FB926A62A338782B32446EA3E28E4BFBFFC0DBD25ED303FAB3404ABAC
C:\Program Files\douwan\imageformats\qwebp.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	308E4565C3C5646F9ABD77885B07358E	71CB8047A9EF0CDB3EE27428726CACD063BB95B7	6E37ACD0D357871F92B7FDE7206C904C734CAA02F94544DF646957DF8C4987AF
C:\Program Files\douwan\libEGL.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	BB00EF1DD81296AF10FDFA673B4D1397	773FFCF4A231B963BAAC36CBEF68079C09B62837	32092DE077FD57B6EF355705EC46C6D21F6D72FBE3D3A5DD628F2A29185A96FA
C:\Program Files\douwan\libGLESv2.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	2247EE4356666335DF7D72129AF8D600	F0131C1A67FC17C0E8DCC4A4CA38C9F1780E7182	50FAD5605B3D57627848B3B84A744DFB6A045609B8236B04124F2234676758D8
C:\Program Files\douwan\libairplay.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	E8996B63BA48031BE01D9917C1F8AFED	1130ECC583F2317AF2B6658E0853365F52EB1B40	FFBB79294446633B45ACE6D0DE1A8A60BC1DD163D95A702D7155BB8C365A8635
C:\Program Files\douwan\libcrypto-1_1-x64.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	EC30AF8B370DFDA303AFCBE84A9C99E9	C10BA98A22204E765EBAC6C8B2FA970B87C0CB41	1B97C49C37064DFA1A2DDA16D5403DC95E3C02A49CB17450DE95651400D70237
C:\Program Files\douwan\libssl-1_1-x64.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	6EE31F5AB7DD86BE80B4F4F6807C14B1	05D5E12FD75F9B8D27597E752AC990C1B0829B72	1A30E44A4AD72171BDB208721BD43F4591E76E9CCD28E86089F1625BEBC91FD3
C:\Program Files\douwan\libyuv.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	6E5EB16A5B7F10D0932D169F0D5429CC	C359316D3C5DA0C588FC5F3E9BD59AEAC90C7EB2	911FA09EFBE09A462C52FFC92B3398E6127777E7792DC521750091E9D1DDBA33
C:\Program Files\douwan\mDNSResponder.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	529EB7D34B947A62F6E17246D164963D	8CE4DB8F1F7598DA8AFC8745373F8CDD6AAA7D7B	16AFF3E6647D782CEB4FB840E486FA4897569AABBE74AF979C4AA066AF67B94D
C:\Program Files\douwan\msvcp120.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	0A097D81514751B500690CE3FC3223FA	7983F0E18D2C54416599E6C192D6D2B151A2175C	E299B35D1E3B87930A4F9A9EF90526534E8796B0DEF177FB2A849C27F42F1DF2
C:\Program Files\douwan\msvcp140.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	CD0C37F1875B704F8EB08E397381AC16	249D33C43E105A1C36EC6A24E5EF8DBC5F56B31B	D86AC158123A245B927592C80CC020FEA29C8C4ADDC144466C4625A00CA9C77A
C:\Program Files\douwan\msvcp140_1.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	8AD9C7CFFBB2413F4D5FF9F3AAA1A69B	2B5116E49AC5913EF8A512A7299E9A459DAB4778	18AEF42187072C35B537BE80E3B2DA7CE4919B2C9574ADD19409D98E3026D916
C:\Program Files\douwan\msvcp140_2.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	84269806DCE633E56E492EF060FA8F88	A1E71CB750D25E7A63E0C9D0B01063DF421F1938	5FCA695ED2CEFEC010D546310699226EEF4B305DF38CBE3DEA2FDF9494ABC163
C:\Program Files\douwan\msvcp140_atomic_wait.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	1D2A0D23E35B93464BB5B09E5E4C02B2	04D1A1EED3868433C5B7652ECAE0FDCD29E1EF39	A577B5FC4E3A14AE141657C30A38D11FF8593135E51E55485B252EB821D47E75
C:\Program Files\douwan\msvcp140_codecvt_ids.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	4266E7BB9BFCE998083D2F4F938B11C9	23FC9C4C9DE9FD3E71941DF86E26C4DD44F2A95B	E1EE6D29E30708AD5812035626BBC1058EA12FD5503D5A79D28C9CB67FAB4A14
C:\Program Files\douwan\msvcr120.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	E2CA271748E872D1A4FD5AC5D8C998B1	5020B343F28349DA8C3EA48FB96C0FBAB757BD5C	0D00BF1756A95679715E93DC82B1B31994773D029FBBD4E0E85136EF082B86A9
C:\Program Files\douwan\msvcrt.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	36354D9B5B0A58A4B9A19103852C00A2	0EA4B3CFB14E49CEC0D42FF0F1FA989E69647A8F	E5A863D3F4BFEFED7D73A7B1499F81B7235BC9AE3C108065041BCB8E5446B1BB
C:\Program Files\douwan\opengl32sw.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	C8EBA2CC4CA68565D5602D98D559B416	0426031495C366C327E518CD51B895F4F3F136AA	4A73400E653E13B72FE46528FE14FA8FA802AD81C70A4AF4A498AF7603456113
C:\Program Files\douwan\platforms\qwindows.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	4931FCD0E86C4D4F83128DC74E01EAAD	AC1D0242D36896D4DDA53B95812F11692E87D8DF	3333BA244C97264E3BD19DB5953EFA80A6E47AACED9D337AC3287EC718162B85
C:\Program Files\douwan\plugins\64bit\win-wasapi.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	57793518C2166B2505C67A7568D92E50	1512223733E0335B61BBB7EBA93BB5BC2B3252A6	74BCC6A590FDCAEC2531AC98A8298613BFF3A236B5847CFE5C234794E31F8F6F
C:\Program Files\douwan\plugins\64bit\xindawn-audio.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	EADC4551B5C6C97504BA6EB8A008A1CA	F9D61AB0F0A0C94FD3259269FC7D18B51B64EF7F	FB41642E4CAEC3F372C78167C2E18F6C000C6E9BADAB1C4005AAF8C310BA0A21
C:\Program Files\douwan\plugins\64bit\xindawn-output.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	8EB3B8AE485A641FED75F6901862C286	8C7233F7C96309C1E568F530F98F7AE229D01003	2DE46CE09C116E966A393352C5D22F6FDBE43F340FBA1DA20109CEFE567D87F7
C:\Program Files\douwan\restful\api.html	HTML document, Unicode text, UTF-8 text, with CRLF line terminators	9D47AAA97DC269DE3F1CD84B1086738E	292E169143F4FFB6B6F543F28FA0B365EF823998	F9D4BAD40B618B34FB6C8B0F9B3E60A42F5FDDA2E20BE72E8E48F08E1314FC06
C:\Program Files\douwan\restful\api.js	ASCII text, with CRLF line terminators	F58EF6AAA2127E152F4A52611B946313	FC039611A6BB9A57836CDB9889864D60C2EFED37	1806F2954A725C496990D868C330665CE019181E52727300F716693AA854E78E
C:\Program Files\douwan\restful\help.html	HTML document, Unicode text, UTF-8 text, with very long lines (549), with CRLF line terminators	DB6B4AD596456C40894152C1DE819237	61AA483132B8FF79A59095F98779956308F73AD9	CC5CCDCF7CA7E89D4BAD896DB7849A1EB687F9113A26D4F2BD18DD533FF46BA2
C:\Program Files\douwan\styles\qwindowsvistastyle.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	53A85F51054B7D58D8AD7C36975ACB96	893A757CA01472A96FB913D436AA9F8CFB2A297F	D9B21182952682FE7BA63AF1DF24E23ACE592C35B3F31ECEEF9F0EABEB5881B9
C:\Program Files\douwan\swresample-3.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	09EF2883A1861A9F94D1EBC70C870DC9	B750F98170F1485CB888E6BA32BCD42AF61FA4B9	A95D5FCDAFA91B2F2C41501C1BBF7D5ECD836CC195678984554550E7F101223C
C:\Program Files\douwan\swscale-5.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	8EF0D25DEA268F75A17E9CA10CF13842	1E987C7D4C4D6DC48AAC9DEC03A3723C2D08183C	F5F96073FCC01A7F87DB9F4503DADB3BC9A683BF2B8B1C916AEFA390C47B1838
C:\Program Files\douwan\translations\qt_ar.qm	Qt Translation file	257BCE0D43476FF6548F7D9D2C3A5809	3D7B581860C381FC5644F739850F4C126F27838D	C14EBFAA0FECB341B43ED2179DF9372D27AD20A15BAFB9F5403D57838AE1D88A
C:\Program Files\douwan\translations\qt_bg.qm	Qt Translation file	660413AD666A6B31A1ACF8F216781D6E	654409CDF3F551555957D3DBCF8D6A0D8F03A6C5	E448AC9E3F16C29EB27AF3012EFE21052DAA78FABFB34CD6DFF2F69EE3BD3CDB
C:\Program Files\douwan\translations\qt_ca.qm	Qt Translation file	1D351670EA821DB3BBB5AEE0AD186F10	AC0548EB87E7E4A12A604523713E5B08DF88FB50	235F502810D5750A47421D3E57620DCAE5CFCFD83BC97766AD8B99B75238A544
C:\Program Files\douwan\translations\qt_cs.qm	Qt Translation file	C57D0DE9D8458A5BEB2114E47B0FDE47	3A0E777539C51BB65EE76B8E1D8DCE4386CBC886	03028B42DF5479270371E4C3BDC7DF2F56CBBE6DDA956A2864AC6F6415861FE8
C:\Program Files\douwan\translations\qt_da.qm	Qt Translation file	859CE522A233AF31ED8D32822DA7755B	70B19B2A6914DA7D629F577F8987553713CD5D3F	7D1E5CA3310B54D104C19BF2ABD402B38E584E87039A70E153C4A9AF74B25C22
C:\Program Files\douwan\translations\qt_de.qm	Qt Translation file	40760A3456C9C8ABE6EA90336AF5DA01	B249AA1CBF8C2636CE57EB4932D53492E4CE36AC	553C046835DB9ADEF15954FA9A576625366BA8BFD16637038C4BCD28E5EBACE1
C:\Program Files\douwan\translations\qt_en.qm	Qt Translation file	AAEA7BA475C961F941D0A23488457BEB	2BF0054002C8F7D85DD080DF332553BF9B3A8E26	494AC9A2B2CB2FDECED353F4A9F898ED8DCF616E9BC667438C62681E3F7F79CF
C:\Program Files\douwan\translations\qt_es.qm	Qt Translation file	C7C58A6D683797BFDD3EF676A37E2A40	809E580CDBF2FFDA10C77F8BE9BAC081978C102B	4FFDA56BA3BB5414AB0482D1DDE64A6F226E3488F6B7F3F11A150E01F53FA4C8
C:\Program Files\douwan\translations\qt_fi.qm	Qt Translation file	8472CF0BF6C659177AD45AA9E3A3247C	7B5313CDA126BB7863001499FB66FB1B56C255FC	E47FE13713E184D07FA4495DDE0C589B0E8F562E91574A3558A9363443A4FA72
C:\Program Files\douwan\translations\qt_fr.qm	Qt Translation file	1F41FF5D3A781908A481C07B35998729	ECF3B3156FFE14569ECDF805CF3BE12F29681261	EDB32A933CEF376A2636634E14E2977CED6284E4AA9A4AC7E2292F9CA54C384A
C:\Program Files\douwan\translations\qt_gd.qm	Qt Translation file	D512456777500DC13EF834ED528D3704	90A32284052C3FE12C18AFEC9F7FF56735E2E34B	C515DD2A2E00765B5F651AAE124A55D617B24777138019ABC5A7001DA7417561
C:\Program Files\douwan\translations\qt_he.qm	Qt Translation file	26B777C6C94C5AA6E61F949AA889BF74	F78DA73388C86D4D5E90D19BB3BD5F895C027F27	4281C421984772665A9D72AB32276CFE1E2A3B0EBE21D4B63C5A4C3BA1F49365
C:\Program Files\douwan\translations\qt_hu.qm	Qt Translation file	E9D302A698B9272BDA41D6DE1D8313FB	BBF35C04177CF290B43F7D2533BE44A15D929D02	C61B67BB9D1E84F0AB0792B6518FE055414A68E44D0C7BC7C862773800FA8299
C:\Program Files\douwan\translations\qt_it.qm	Qt Translation file	66C2DBE4E048D365AA3531409BB319E9	43376F186D324E261B0F6A2475FF2F0B5261B5E1	EEDA9549376601652F8E2F35048E56548F4C15BC6CCAB48F5A3D5A249D631BEE
C:\Program Files\douwan\translations\qt_ja.qm	Qt Translation file	608B80932119D86503CDDCB1CA7F98BA	7F440399ABA23120F40F6F4FCAE966D621A1CC67	CBA382ACC44D3680D400F2C625DE93D0C4BD72A90102769EDFD1FE91CB9B617B
C:\Program Files\douwan\translations\qt_ko.qm	Qt Translation file	082E361CBAC2E3A0849F87B76EF6E121	F10E882762DCD2E60041BDD6CC57598FC3DF4343	0179ED1B136E1CB3F583351EAA2C545BA3D83A6EE3F82C32505926A1A5F5F183
C:\Program Files\douwan\translations\qt_lv.qm	Qt Translation file	BD8BDC7BBDB7A80C56DCB61B1108961D	9538C4D8BB9A95C0D9DC57C7708A99DD53A32D1F	846E047573AE40C83671C3BA7F73E27EFC24B98C82701DA0DF9973E574178BB2
C:\Program Files\douwan\translations\qt_pl.qm	Qt Translation file	F9475A909A0BAF4B6B7A1937D58293C3	76B97225A11DD1F77CAC6EF144812F91BD8734BD	CE99032A3B0BF8ABAD758895CC22837088EAD99FD2D2514E2D180693081CFE57
C:\Program Files\douwan\translations\qt_ru.qm	Qt Translation file	7C1D56064AF52DC1C834FF709FC53609	C415A8B1B6B9D40DD68173A0772F32F639CD743A	B2C601C7DECB9F8D2D6DC3B1929F2EC20656FF21783BF283DF23B02DD022DC5B
C:\Program Files\douwan\translations\qt_sk.qm	Qt Translation file	5BBA1E27FCABC34B403CDF11F0A63CEF	EA02695BDBB9C7F55A94F60B306703F0D67B30C3	B70C6DE694E717FA05C46831B6A11927536AEAD937CCE6BA66665D5C496EED06
C:\Program Files\douwan\translations\qt_tr.qm	Qt Translation file	6CBC5D8E1EABEC96C281065ECC51E35E	4E1E6BA3772428227CB033747006B4887E5D9AD1	6A0BF6E70E7920C2B193E76E92F78F315936955D3B06AC039D917F2E06C43281
C:\Program Files\douwan\translations\qt_uk.qm	Qt Translation file	ACBE9498B42AE04A8A05DDB08F88DAF0	F847CC1A45A19B5527148BFBC93A3942819F22CD	4835B26FC4FCCBF4444E4AF1178BA89ADA88D340BA74D61EAE344D81B8A26461
C:\Program Files\douwan\translations\qt_zh_TW.qm	Qt Translation file	9C6A3721D01ECAF3F952CE96F46CE046	4A944E9E31DF778F7012D8E4A66497583BFD2118	085D29EAF9BBB788B2F2503D74A1EF963A9411CEB600441254CE49A120E1AB63
C:\Program Files\douwan\ucrtbase.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	ED82E9C6C4F7A475D7FD6EBABF3FAB2A	1062942B1BDFC8D7C8A941C152DF69216010D780	4C5B8E529854CEDFA8F46CD6906952400CDBBF25EFC4CF37DDA2C42D8E96DDCB
C:\Program Files\douwan\uninst.exe	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive	3D2543D64021E03CDA142D02C5ADE1D3	6999E54D537CED5563AAC7728C200D94545D6325	CA7B174701940789FC5F5874E527800486ADA1A770F0764306571619D01B7450
C:\Program Files\douwan\updater.exe	PE32+ executable (GUI) x86-64, for MS Windows	D4E1A7F6DC113144D94BC326EF4C1EBD	62B93B0CADD3FB684EE8776ED1C54AF9C860C80A	5721271AC42FF873CE4E226C2F787327BBE6D0C0EB6F7970DDDB489A97B1AB95
C:\Program Files\douwan\vcam.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	FBC00D53EB7E49DAB3C4C0D6DBC623F5	5AC7FEE759147B96C5423156167E479961CA5BF8	76F7CA0E68CE7CA87E417CA50E22BD97D21D7CBA4FB207C14615002128444991
C:\Program Files\douwan\vccorlib140.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	7EF7EAB654DF53E087AC4703C9EA0B16	743DC76D168326B60F09347945FE1342A6EFFC4C	13E568FDCDE1B7B7F2D1C97A474BDB8858F5AB761157F0FEA7201CCECF84B9B8
C:\Program Files\douwan\vcruntime140.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	11D9AC94E8CB17BD23DEA89F8E757F18	D4FB80A512486821AD320C4FD67ABCAE63005158	E1D6F78A72836EA120BD27A33AE89CBDC3F3CA7D9D0231AAA3AAC91996D2FA4E
C:\Program Files\douwan\vcruntime140_1.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	7667B0883DE4667EC87C3B75BED84D84	E6F6DF83E813ED8252614A46A5892C4856DF1F58	04E7CCBDCAD7CBAF0ED28692FB08EAB832C38AAD9071749037EE7A58F45E9D7D
C:\Program Files\douwan\w32-pthreads.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	1523F165B18D314E27E966F202174DC4	3831243BD442C238E216B6FF86E25DA1630B523D	9611A420C722EFDDF20E5E8D9CFFAF8DCF5ED4436BA6B14F7DAF4E811F9C14CA
C:\Program Files\douwan\zlib.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	92CF41B3DDE4FEBAB4377459289F5E30	B06F12D195A889677E870726840B0BED5D87D243	0674A818542011BAB13EA5C2EFBCA73C8CA500981D754C2E97E6295A7122C5BD
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_DouWan.exe_67477162ff25c5ce03785a08b739eb36875429_b90f673a_e36fff6b-09c9-41d3-9ef3-8044ffc3c43d\Report.wer	Unicode text, UTF-16, little-endian text, with CRLF line terminators	33798B1CC5C3519B62FADFF28539342E	9B84D7595C2E9B42C566BBF4FA70CA582CFE507F	BFB71DA594A9693811935E3042A0D31E5FB2E2EAB7DF13A81205540091E486F3
C:\ProgramData\Microsoft\Windows\WER\Temp\WERCC3A.tmp.dmp	Mini DuMP crash report, 15 streams, Wed Jul 3 16:01:25 2024, 0x1205a4 type	59091454736C603580B11571A2FA0734	325C3C1AEC4EDFD44256DFC03C8DBE88638D4A11	67FF11C118A7EDDBCF3D80A8EBCD9417B9F10057D486D7B71BD36502C2F237DF
C:\ProgramData\Microsoft\Windows\WER\Temp\WERCE3F.tmp.WERInternalMetadata.xml	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators	32670DF95A56236DC2EBAD968CC71242	1AF3198DA137A98830BF71EE7555CFE05013FA4A	042FDA2681B91E86D295888CDAC58817031D31A69B9FC2F990D50D5B4F82F541
C:\ProgramData\Microsoft\Windows\WER\Temp\WERCE7E.tmp.xml	XML 1.0 document, ASCII text, with CRLF line terminators	D39CAAFE7D760990A653028B557BE78E	E66AEE21F07C7A2644663D7A43D27281F037760C	54F962770A1F4B5B5458997766FDFD9ACBEC78947E1B7681D736218914CFA2B3
C:\Users\user\AppData\Local\DouWan\groups.conf (copy)	Unicode text, UTF-8 text	1A8B9DFE003812DB45A75B2E2C65CD79	175697EA19B4F9B4895EEE76DAC200B7E5C5BF95	0E4C2ECCB528BFCE61BFF9274ACC03C9F288EDF385C60DD178E6CADE2E4A4277
C:\Users\user\AppData\Local\DouWan\groups.conf.RafUQu	Unicode text, UTF-8 text	1A8B9DFE003812DB45A75B2E2C65CD79	175697EA19B4F9B4895EEE76DAC200B7E5C5BF95	0E4C2ECCB528BFCE61BFF9274ACC03C9F288EDF385C60DD178E6CADE2E4A4277
C:\Users\user\AppData\Local\DouWan\groups.conf.lock	ASCII text	BD5C4A0B8EB0F293DE5D7A344223050F	10EDA3AE2A678A90AEFE0953C175589732652FCA	423AD7C67ADB2F4669B7CD9E5A4503AB0ED3D82C6DB233746BDE77A0638CD31E
C:\Users\user\AppData\Local\DouWan\userdefaults.conf (copy)	JSON data	6741BEF53106B911FB31B02395F67CD1	750E4DF2D17A45E66F4979E99AFCC1E8D2DFDBEE	E3A241E54A09939FA8F245CB1993868ACD7231846CAF8762653E6C810ABF07DF
C:\Users\user\AppData\Local\DouWan\userdefaults.conf.QUKaGC	JSON data	6741BEF53106B911FB31B02395F67CD1	750E4DF2D17A45E66F4979E99AFCC1E8D2DFDBEE	E3A241E54A09939FA8F245CB1993868ACD7231846CAF8762653E6C810ABF07DF
C:\Users\user\AppData\Local\DouWan\userdefaults.conf.lock	ASCII text	BD5C4A0B8EB0F293DE5D7A344223050F	10EDA3AE2A678A90AEFE0953C175589732652FCA	423AD7C67ADB2F4669B7CD9E5A4503AB0ED3D82C6DB233746BDE77A0638CD31E
C:\Users\user\AppData\Local\Temp\libusb0.sys	PE32+ executable (native) x86-64, for MS Windows	16E18CED459B1824234890386EE66CD5	81D2B572EC0D24ABA11ED6BFA9174FFAD54140B7	8058F2AFE6EF96A7D2DED432997FD8655970C9EA75A938EE4557D6A2CB4CC989
C:\Users\user\AppData\Local\Temp\libusbK.sys	PE32+ executable (native) x86-64, for MS Windows	A814FF2972F55909AAFFD943EBB0E866	B966AD29D209C64B3F0D879703086DF1F6121E6B	1DF66FF22E2EAEC27180756D90926CA5B07E8BCF6B0E4E3C56471E63A3A05FA6
C:\Users\user\AppData\Local\Temp\nsaFD81.tmp\FindProcDLL.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	B4FAF654DE4284A89EAF7D073E4E1E63	8EFCFD1CA648E942CBFFD27AF429784B7FCF514B	C0948B2EC36A69F82C08935FAC4B212238B6792694F009B93B4BDB478C4F26E3
C:\Users\user\AppData\Local\Temp\nsaFD81.tmp\InstallOptions.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	0A9FB96A7579B685EC36B17FC354E6A3	355754104DD47D5FCF8918DEE0DC2E2EE53390A6	B34FB342F21D690AAC024B6F48A597E78D15791EF480AC55159CD585D0F64AF7
C:\Users\user\AppData\Local\Temp\nsaFD81.tmp\System.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	564BB0373067E1785CBA7E4C24AAB4BF	7C9416A01D821B10B2EEF97B80899D24014D6FC1	7A9DDEE34562CD3703F1502B5C70E99CD5BBA15DE2B6845A3555033D7F6CB2A5
C:\Users\user\AppData\Local\Temp\nsaFD81.tmp\ioSpecial.ini	Unicode text, UTF-16, little-endian text, with CRLF line terminators	40A6C6D370BF07B684962747FA0631C5	4E79422C60639628513D1F04C5A35A4F101BDBE7	D01FE0041D4C5A926961461E6B59A418A5C223D1AE6CC80F6C041C71CBC165A3
C:\Users\user\AppData\Local\Temp\nsaFD81.tmp\modern-wizard.bmp	PC bitmap, Windows 3.x format, 164 x 314 x 4, image size 26376, resolution 2834 x 2834 px/m, cbSize 26494, bits offset 118	CBE40FD2B1EC96DAEDC65DA172D90022	366C216220AA4329DFF6C485FD0E9B0F4F0A7944	3AD2DC318056D0A2024AF1804EA741146CFC18CC404649A44610CBF8B2056CF2
C:\Users\user\AppData\Local\Temp\nsaFD81.tmp\nsExec.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	4C77A65BB121BB7F2910C1FA3CB38337	94531E3C6255125C1A85653174737D275BC35838	5E66489393F159AA0FD30B630BB345D03418E9324E7D834B2E4195865A637CFE
C:\Users\user\AppData\Local\Temp\winusbcoinstaller2.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	246900CE6474718730ECD4F873234CF5	0C84B56C82E4624824154D27926DED1C45F4B331	981A17EFFDDBC20377512DDAEC9F22C2B7067E17A3E2A8CCF82BB7BB7B2420B6
C:\Users\user\AppData\Local\Temp\xindawn_list.log	ASCII text, with very long lines (376), with CRLF line terminators	1300522DCC94D26663FFA33CD0589C3C	301D4A72A5CC5E4F30B640144E399E2229E072BA	30D7FFEE30D403DCC867BB332FBFF53FDB054C3AAD4971CD3938A07AEF594F44
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DouWan\DouWan.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Sun Apr 28 02:59:08 2024, mtime=Wed Jul 3 15:00:48 2024, atime=Sun Apr 28 02:59:08 2024, length=19631720, window=hide	7F723478ECAC29E0FC83E94919167DD7	70625374388786F3CB14AB6C409A4B0436CFF6FF	6A078C52DA5D5BD7CC61820BB48A5B449BAA6D9E18B741D868A933BDFF81CBD1
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DouWan\Uninstall DouWan.lnk	MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide	C0CAF4EA066A40169E5ECE2BAA8777D4	90B97C8C4C9C1E6FADC59F422D4245B4BE893CBA	311B4EF1DAF8350FFBAFCC92F74CE66D20A76F00A0AA5C31EB0ECDCACBF4DDD9
C:\Users\user\Desktop\DouWan.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Sun Apr 28 02:59:08 2024, mtime=Wed Jul 3 15:01:05 2024, atime=Sun Apr 28 02:59:08 2024, length=19631720, window=hide	10D75434A8205CA7D4D71233F939ED62	84F2DE50C03A436378374CA20117801C31D3BBEE	C090FD38D519959F02C9022D1374AAA2D6AEBA2490DA0769F09E10648B0B5E0F
C:\Windows\appcompat\Programs\Amcache.hve	MS Windows registry file, NT/2000 or above	884F41FB3CEC262BB8776FAF6273B277	0233F273DCFCDDAE90DCFF3A2BE0D83D06C10DA9	F71F271218ACA29C902CF20B60E6F9051654C69CA1EB9D4C0E665B7C43E304A5

Windows Analysis Report DouWan-Video-Setup-En-4.3.0.3-x64.exe

Overview

General Information

Detection

Compliance

Signatures

Classification

Signatures

Cryptography

Privilege Escalation

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
DouWan-Video-Setup-En-4.3.0.3-x64.exe