Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
zDcNyG6Csn.exe

Overview

General Information

Sample name:zDcNyG6Csn.exe
renamed because original name is a hash value
Original sample name:ea9c85e8d44bc5d7b98a5f6f15c0929841ebdabf62e412247b112ca21de55287.exe
Analysis ID:1573182
MD5:71305067261ad445d787ba9b8a8f5343
SHA1:3a82a3e6b38355a78129497eb50c8ff257b963e6
SHA256:ea9c85e8d44bc5d7b98a5f6f15c0929841ebdabf62e412247b112ca21de55287
Tags:193-188-22-40exeuser-JAMESWT_MHT
Infos:

Detection

DanaBot
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected DanaBot stealer dll
AI detected suspicious sample
May use the Tor software to hide its network traffic
PE file has a writeable .text section
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Instant Messenger accounts or passwords
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected non-DNS traffic on DNS port
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Queries information about the installed CPU (vendor, model number etc)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries the installation date of Windows
Queries the product ID of Windows
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • zDcNyG6Csn.exe (PID: 4500 cmdline: "C:\Users\user\Desktop\zDcNyG6Csn.exe" MD5: 71305067261AD445D787BA9B8A8F5343)
    • VinylStudio.exe (PID: 6540 cmdline: "C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exe" MD5: 73979A5C684010903C2B85D78AACADED)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
DanaBotProofpoints describes DanaBot as the latest example of malware focused on persistence and stealing useful information that can later be monetized rather than demanding an immediate ransom from victims. The social engineering in the low-volume DanaBot campaigns we have observed so far has been well-crafted, again pointing to a renewed focus on quality over quantity in email-based threats. DanaBots modular nature enables it to download additional components, increasing the flexibility and robust stealing and remote monitoring capabilities of this banker.
  • SCULLY SPIDER
https://malpedia.caad.fkie.fraunhofer.de/details/win.danabot

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000004.00000003.2690829104.0000000006ABC000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
    00000004.00000003.2690829104.0000000006ABC000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_DanaBot_stealer_dllYara detected DanaBot stealer dllJoe Security
      00000004.00000003.2684285072.0000000005427000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        00000004.00000003.2684285072.0000000005427000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_DanaBot_stealer_dllYara detected DanaBot stealer dllJoe Security
          00000004.00000003.3030223169.0000000007259000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            Click to see the 31 entries

            Sigma Signatures

            No Sigma rule has matched

            Suricata Signatures

            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-12-11T16:19:11.189037+010020344651Malware Command and Control Activity Detected192.168.2.54994677.221.149.84443TCP
            2024-12-11T16:19:11.258928+010020344651Malware Command and Control Activity Detected192.168.2.54994789.116.191.177443TCP
            2024-12-11T16:19:11.307864+010020344651Malware Command and Control Activity Detected192.168.2.549948213.210.13.4443TCP
            2024-12-11T16:19:11.374390+010020344651Malware Command and Control Activity Detected192.168.2.549949193.188.22.40443TCP

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus / Scanner detection for submitted sample
            Source: zDcNyG6Csn.exeAvira: detected
            Antivirus detection for dropped file
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\imodel.dllAvira: detection malicious, Label: TR/Dldr.Rugmi.rxflt
            Multi AV Scanner detection for dropped file
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\imodel.dllReversingLabs: Detection: 50%
            Multi AV Scanner detection for submitted file
            Source: zDcNyG6Csn.exeReversingLabs: Detection: 42%
            Yara detected DanaBot stealer dll
            Source: Yara matchFile source: 00000004.00000003.2690829104.0000000006ABC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.2684285072.0000000005427000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.3030223169.0000000007259000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.2687682405.00000000059C4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.3029578609.0000000006514000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.2695780673.00000000059C4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.2688539770.00000000059CC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.2694856415.0000000006511000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.2689455592.00000000059C6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.2690264096.0000000006517000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.2698406593.0000000006510000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.2702181142.00000000059C0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.2683044684.0000000005F6A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.2682373684.00000000059C4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.2691547817.00000000059C2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.2696959590.00000000059CA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.2696465564.000000000651B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: VinylStudio.exe PID: 6540, type: MEMORYSTR
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 83.2% probability
            Source: zDcNyG6Csn.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: zDcNyG6Csn.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
            Source: Binary string: G:\source\VinylStudio\V15_00\Release\VinylStudio.pdb source: zDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004B53000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000000.2638736749.00000000009E5000.00000002.00000001.01000000.00000005.sdmp
            Source: Binary string: c:\starburn\Bin\Dynamic\Release\i386\StarBurn.pdb source: zDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004532000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\PDR14_AutoBuild\LayerTemplate_9\Generic\Trunk\bin\Win32\Release\CES_Picture.pdb source: zDcNyG6Csn.exe, 00000000.00000003.2631071020.00000000041CC000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: c:\starburn\Bin\Dynamic\Release\i386\StarBurn.pdb(_ source: zDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004532000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\PDR14_AutoBuild\LayerTemplate_9\Generic\Trunk\bin\Win32\Release\CES_Picture.pdb* source: zDcNyG6Csn.exe, 00000000.00000003.2631071020.00000000041CC000.00000004.00000020.00020000.00000000.sdmp
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\Jump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior

            Networking

            barindex
            Suricata IDS alerts for network traffic
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.5:49947 -> 89.116.191.177:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.5:49946 -> 77.221.149.84:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.5:49949 -> 193.188.22.40:443
            Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.5:49948 -> 213.210.13.4:443
            Source: global trafficTCP traffic: 192.168.2.5:49956 -> 8.8.8.8:53
            Source: Joe Sandbox ViewASN Name: LRTC-ASLT LRTC-ASLT
            Source: Joe Sandbox ViewASN Name: INFOBOX-ASInfoboxruAutonomousSystemRU INFOBOX-ASInfoboxruAutonomousSystemRU
            Source: Joe Sandbox ViewASN Name: EDGEtaGCIComGB EDGEtaGCIComGB
            Source: unknownTCP traffic detected without corresponding DNS query: 77.221.149.84
            Source: unknownTCP traffic detected without corresponding DNS query: 77.221.149.84
            Source: unknownTCP traffic detected without corresponding DNS query: 77.221.149.84
            Source: unknownTCP traffic detected without corresponding DNS query: 89.116.191.177
            Source: unknownTCP traffic detected without corresponding DNS query: 89.116.191.177
            Source: unknownTCP traffic detected without corresponding DNS query: 89.116.191.177
            Source: unknownTCP traffic detected without corresponding DNS query: 89.116.191.177
            Source: unknownTCP traffic detected without corresponding DNS query: 193.188.22.40
            Source: unknownTCP traffic detected without corresponding DNS query: 193.188.22.40
            Source: unknownTCP traffic detected without corresponding DNS query: 193.188.22.40
            Source: unknownTCP traffic detected without corresponding DNS query: 193.188.22.40
            Source: unknownTCP traffic detected without corresponding DNS query: 77.221.149.84
            Source: unknownTCP traffic detected without corresponding DNS query: 77.221.149.84
            Source: unknownTCP traffic detected without corresponding DNS query: 77.221.149.84
            Source: unknownTCP traffic detected without corresponding DNS query: 77.221.149.84
            Source: unknownTCP traffic detected without corresponding DNS query: 89.116.191.177
            Source: unknownTCP traffic detected without corresponding DNS query: 89.116.191.177
            Source: unknownTCP traffic detected without corresponding DNS query: 89.116.191.177
            Source: unknownTCP traffic detected without corresponding DNS query: 89.116.191.177
            Source: unknownTCP traffic detected without corresponding DNS query: 193.188.22.40
            Source: unknownTCP traffic detected without corresponding DNS query: 193.188.22.40
            Source: unknownTCP traffic detected without corresponding DNS query: 193.188.22.40
            Source: unknownTCP traffic detected without corresponding DNS query: 193.188.22.40
            Source: unknownTCP traffic detected without corresponding DNS query: 77.221.149.84
            Source: unknownTCP traffic detected without corresponding DNS query: 77.221.149.84
            Source: unknownTCP traffic detected without corresponding DNS query: 77.221.149.84
            Source: unknownTCP traffic detected without corresponding DNS query: 77.221.149.84
            Source: unknownTCP traffic detected without corresponding DNS query: 89.116.191.177
            Source: unknownTCP traffic detected without corresponding DNS query: 89.116.191.177
            Source: unknownTCP traffic detected without corresponding DNS query: 89.116.191.177
            Source: unknownTCP traffic detected without corresponding DNS query: 89.116.191.177
            Source: unknownTCP traffic detected without corresponding DNS query: 193.188.22.40
            Source: unknownTCP traffic detected without corresponding DNS query: 193.188.22.40
            Source: unknownTCP traffic detected without corresponding DNS query: 193.188.22.40
            Source: unknownTCP traffic detected without corresponding DNS query: 193.188.22.40
            Source: VinylStudio.exe, 00000004.00000000.2640778975.0000000000C4C000.00000002.00000001.01000000.00000005.sdmpString found in binary or memory: <l><h>https://www.facebook.com/alpinesoft|</h>www.facebook.com/alpinesoft</l>.Cannot recycle file: equals www.facebook.com (Facebook)
            Source: VinylStudio.exe, 00000004.00000000.2640778975.0000000000B30000.00000002.00000001.01000000.00000005.sdmpString found in binary or memory: And you will find us on Facebook here: <l><h>https://www.facebook.com/alpinesoft|</h>www.facebook.com/alpinesoft</l> equals www.facebook.com (Facebook)
            Source: VinylStudio.exe, 00000004.00000003.2698406593.0000000006510000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2694856415.0000000006511000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2688539770.00000000059CC000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2690829104.0000000006ABC000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2684285072.0000000005427000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2687682405.00000000059C4000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.3029578609.0000000006514000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2690264096.0000000006517000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2689455592.00000000059C6000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2695780673.00000000059C4000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2683044684.0000000005F6A000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2702181142.00000000059C0000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2691547817.00000000059C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://.css
            Source: VinylStudio.exe, 00000004.00000003.2698406593.0000000006510000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2694856415.0000000006511000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2688539770.00000000059CC000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2690829104.0000000006ABC000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2684285072.0000000005427000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2687682405.00000000059C4000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.3029578609.0000000006514000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2690264096.0000000006517000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2689455592.00000000059C6000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2695780673.00000000059C4000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2683044684.0000000005F6A000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2702181142.00000000059C0000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2691547817.00000000059C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://.jpg
            Source: zDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004B53000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000000.2638736749.00000000009E5000.00000002.00000001.01000000.00000005.sdmpString found in binary or memory: http://api.discogs.com/releases/%sCollection
            Source: zDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
            Source: zDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
            Source: zDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
            Source: zDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
            Source: zDcNyG6Csn.exe, 00000000.00000003.2630805664.0000000001A85000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004DB0000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2630949044.0000000001AAF000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2635111445.0000000001A85000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2635292554.0000000001AB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
            Source: zDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.duplexsecure.com/entity.crl0
            Source: zDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004293000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/ca/gstsacasha384g4.crl0
            Source: zDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004293000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0U
            Source: zDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004293000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0
            Source: zDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004293000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
            Source: zDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004293000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/root-r6.crl0G
            Source: zDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004293000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/root.crl0G
            Source: zDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.grsign.com/root.crl0Q
            Source: zDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.grsign.com/rootca.crl0Q
            Source: zDcNyG6Csn.exe, 00000000.00000003.2630805664.0000000001A85000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004DB0000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2630949044.0000000001AAF000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2635111445.0000000001A85000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2635292554.0000000001AB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
            Source: zDcNyG6Csn.exe, 00000000.00000003.2630805664.0000000001A85000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004DB0000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2630949044.0000000001AAF000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2635111445.0000000001A85000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2635292554.0000000001AB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
            Source: zDcNyG6Csn.exe, 00000000.00000003.2630805664.0000000001A85000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004DB0000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2630949044.0000000001AAF000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2635111445.0000000001A85000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2635292554.0000000001AB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0z
            Source: zDcNyG6Csn.exe, 00000000.00000003.2630805664.0000000001A85000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004DB0000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2630949044.0000000001AAF000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2635111445.0000000001A85000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2635292554.0000000001AB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl0
            Source: zDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
            Source: zDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
            Source: zDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
            Source: zDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
            Source: zDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
            Source: zDcNyG6Csn.exe, 00000000.00000003.2630805664.0000000001A85000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004DB0000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2630949044.0000000001AAF000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2635111445.0000000001A85000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2635292554.0000000001AB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
            Source: zDcNyG6Csn.exe, 00000000.00000003.2630805664.0000000001A85000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004DB0000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2630949044.0000000001AAF000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2635111445.0000000001A85000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2635292554.0000000001AB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
            Source: zDcNyG6Csn.exe, 00000000.00000003.2630805664.0000000001A85000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004DB0000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2630949044.0000000001AAF000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2635111445.0000000001A85000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2635292554.0000000001AB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#
            Source: zDcNyG6Csn.exe, 00000000.00000003.2630805664.0000000001A85000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004DB0000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2630949044.0000000001AAF000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2635111445.0000000001A85000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2635292554.0000000001AB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#
            Source: VinylStudio.exe, 00000004.00000003.2698406593.0000000006510000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2694856415.0000000006511000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2688539770.00000000059CC000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2690829104.0000000006ABC000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2684285072.0000000005427000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2687682405.00000000059C4000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.3029578609.0000000006514000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2690264096.0000000006517000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2689455592.00000000059C6000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2695780673.00000000059C4000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2683044684.0000000005F6A000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2702181142.00000000059C0000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2691547817.00000000059C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://html4/loose.dtd
            Source: zDcNyG6Csn.exe, 00000000.00000003.2630805664.0000000001A85000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004DB0000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2630949044.0000000001AAF000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2635111445.0000000001A85000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2635292554.0000000001AB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
            Source: zDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
            Source: zDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
            Source: zDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
            Source: zDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
            Source: zDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004293000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/ca/gstsacasha384g40C
            Source: zDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004293000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
            Source: zDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004293000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/gsgccr45evcodesignca20200U
            Source: zDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004293000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/rootr103
            Source: zDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004293000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/rootr30;
            Source: zDcNyG6Csn.exe, 00000000.00000003.2635292554.0000000001AB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.sectigo.com0
            Source: zDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004293000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp2.globalsign.com/rootr606
            Source: zDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004293000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
            Source: zDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004293000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?
            Source: zDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004293000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/gstsacasha384g4.crt0
            Source: zDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004293000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/root-r3.crt06
            Source: zDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004B53000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000000.2638736749.00000000009E5000.00000002.00000001.01000000.00000005.sdmpString found in binary or memory: http://www.alpinesoft.co.uk%s/%d.%d.%d
            Source: zDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
            Source: VinylStudio.exe, 00000004.00000003.2686047930.000000000397C000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2685827682.000000000397B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.gimp.org/xmp/
            Source: VinylStudio.exe, 00000004.00000003.3030745195.000000007ECF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.openssl.org/support/faq.html
            Source: VinylStudio.exe, 00000004.00000003.3030745195.000000007ECF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.openssl.org/support/faq.htmlRAND
            Source: zDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004B53000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000000.2638736749.00000000009E5000.00000002.00000001.01000000.00000005.sdmpString found in binary or memory: http://www.winimage.com/zLibDll
            Source: zDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004B53000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000000.2638736749.00000000009E5000.00000002.00000001.01000000.00000005.sdmpString found in binary or memory: https://%s/VinylStudio/register.aspx?platform=%s&partner=%s&email=%srecording_options_dialogrecordin
            Source: zDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004B53000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000000.2638736749.00000000009E5000.00000002.00000001.01000000.00000005.sdmpString found in binary or memory: https://%s/VinylStudio/register_partner.aspx?platform=%s&partner=%s&email=%s%s
            Source: zDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004DB0000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000000.2640778975.0000000000C4C000.00000002.00000001.01000000.00000005.sdmpString found in binary or memory: https://beebom.com/how-to-use-light-theme-with-dark-menu-bar-and-dock-in-macos-mojave/
            Source: zDcNyG6Csn.exe, 00000000.00000003.2631071020.00000000043B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://inivation.gitlab.io/dv/dv-docs/docs/update-firmware/
            Source: zDcNyG6Csn.exe, 00000000.00000003.2630805664.0000000001A85000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004DB0000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2630949044.0000000001AAF000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2635111445.0000000001A85000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2635292554.0000000001AB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sectigo.com/CPS0
            Source: VinylStudio.exe, 00000004.00000000.2640778975.0000000000C4C000.00000002.00000001.01000000.00000005.sdmpString found in binary or memory: https://www.alpinesoft.co.uk/VinylStudio/VinylStudio_premium.aspx
            Source: zDcNyG6Csn.exe, 00000000.00000003.2630805664.0000000001A85000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004DB0000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2630949044.0000000001AAF000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2635111445.0000000001A85000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2635292554.0000000001AB0000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000000.2640778975.0000000000C4C000.00000002.00000001.01000000.00000005.sdmpString found in binary or memory: https://www.alpinesoft.co.uk/VinylStudio/VinylStudio_pro.aspx
            Source: VinylStudio.exe, 00000004.00000000.2640778975.0000000000C4C000.00000002.00000001.01000000.00000005.sdmpString found in binary or memory: https://www.alpinesoft.co.uk/VinylStudio/download.aspx
            Source: zDcNyG6Csn.exe, 00000000.00000003.2630805664.0000000001A85000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004DB0000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2635111445.0000000001A85000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000000.2640778975.0000000000C4C000.00000002.00000001.01000000.00000005.sdmpString found in binary or memory: https://www.alpinesoft.co.uk/VinylStudio/download_mac.aspx
            Source: zDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004DB0000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000000.2640778975.0000000000C4C000.00000002.00000001.01000000.00000005.sdmpString found in binary or memory: https://www.alpinesoft.co.uk/VinylStudio/request_license_key.aspx
            Source: VinylStudio.exe, 00000004.00000000.2640778975.0000000000C4C000.00000002.00000001.01000000.00000005.sdmp, VinylStudio.exe, 00000004.00000000.2640778975.0000000000B30000.00000002.00000001.01000000.00000005.sdmpString found in binary or memory: https://www.alpinesoft.co.uk/contact_us.aspx
            Source: zDcNyG6Csn.exe, 00000000.00000003.2630805664.0000000001A85000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004DB0000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004B53000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2635111445.0000000001A85000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000000.2640778975.0000000000C4C000.00000002.00000001.01000000.00000005.sdmp, VinylStudio.exe, 00000004.00000000.2640778975.0000000000B30000.00000002.00000001.01000000.00000005.sdmpString found in binary or memory: https://www.alpinesoft.co.uk/forum
            Source: zDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004DB0000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000000.2640778975.0000000000C4C000.00000002.00000001.01000000.00000005.sdmpString found in binary or memory: https://www.alpinesoft.co.uk/forum/index.php?topic=18.0
            Source: zDcNyG6Csn.exe, 00000000.00000003.2630805664.0000000001A85000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004DB0000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2635111445.0000000001A85000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000000.2640778975.0000000000C4C000.00000002.00000001.01000000.00000005.sdmpString found in binary or memory: https://www.alpinesoft.co.uk/forum/index.php?topic=2567.0
            Source: zDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004B53000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000000.2640778975.0000000000B30000.00000002.00000001.01000000.00000005.sdmpString found in binary or memory: https://www.alpinesoft.co.uk/forum/index.php?topic=725.0
            Source: zDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004DB0000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000000.2640778975.0000000000C4C000.00000002.00000001.01000000.00000005.sdmpString found in binary or memory: https://www.apple.com/itunes/download/win64
            Source: zDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004B53000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000000.2638736749.00000000009E5000.00000002.00000001.01000000.00000005.sdmpString found in binary or memory: https://www.discogs.com/release/%s%s
            Source: zDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004293000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.globalsign.com/repository/0
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49887
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49885
            Source: unknownNetwork traffic detected: HTTP traffic on port 49951 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49949 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49947 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49885 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49887 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49954
            Source: unknownNetwork traffic detected: HTTP traffic on port 49889 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49948 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49952
            Source: unknownNetwork traffic detected: HTTP traffic on port 49950 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49951
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49950
            Source: unknownNetwork traffic detected: HTTP traffic on port 49952 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49946 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49954 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49949
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49948
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49947
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49946
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49889
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49888
            Source: unknownNetwork traffic detected: HTTP traffic on port 49888 -> 443

            E-Banking Fraud

            barindex
            Yara detected DanaBot stealer dll
            Source: Yara matchFile source: 00000004.00000003.2690829104.0000000006ABC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.2684285072.0000000005427000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.3030223169.0000000007259000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.2687682405.00000000059C4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.3029578609.0000000006514000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.2695780673.00000000059C4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.2688539770.00000000059CC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.2694856415.0000000006511000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.2689455592.00000000059C6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.2690264096.0000000006517000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.2698406593.0000000006510000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.2702181142.00000000059C0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.2683044684.0000000005F6A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.2682373684.00000000059C4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.2691547817.00000000059C2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.2696959590.00000000059CA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.2696465564.000000000651B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: VinylStudio.exe PID: 6540, type: MEMORYSTR

            System Summary

            barindex
            PE file has a writeable .text section
            Source: CES_Picture.dll.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
            Source: VinylStudio.exe.0.drStatic PE information: Resource name: RT_STRING type: 370 sysV executable not stripped
            Source: VinylStudio.exe.0.drStatic PE information: Resource name: RT_STRING type: DOS executable (COM, 0x8C-variant)
            Source: VinylStudio.exe.0.drStatic PE information: Resource name: RT_STRING type: basic-16 executable not stripped
            Source: zDcNyG6Csn.exe, 00000000.00000002.2644237794.0000000001A97000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameVinylStudio.exe8 vs zDcNyG6Csn.exe
            Source: zDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004DB0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameVinylStudio.exe8 vs zDcNyG6Csn.exe
            Source: zDcNyG6Csn.exe, 00000000.00000003.2631071020.00000000041CC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCES_Picture.dllh$ vs zDcNyG6Csn.exe
            Source: zDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004532000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameStarBurn vs zDcNyG6Csn.exe
            Source: zDcNyG6Csn.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: classification engineClassification label: mal100.phis.troj.spyw.evad.winEXE@3/19@0/5
            Source: C:\Users\user\Desktop\zDcNyG6Csn.exeCode function: 0_2_00937B50 ?openRtApi@RtAudio@@IAEXW4Api@1@@Z,??0RtApi@@QAE@XZ,CoInitialize,CoCreateInstance,0_2_00937B50
            Source: C:\Users\user\Desktop\zDcNyG6Csn.exeFile created: C:\Users\user\AppData\Local\ProgramsJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeMutant created: \Sessions\1\BaseNamedObjects\59474285
            Source: C:\Users\user\Desktop\zDcNyG6Csn.exeFile created: C:\Users\user\AppData\Local\Temp\TMP1A28.tmpJump to behavior
            Source: zDcNyG6Csn.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
            Source: C:\Users\user\Desktop\zDcNyG6Csn.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
            Source: C:\Users\user\Desktop\zDcNyG6Csn.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: VinylStudio.exe, 00000004.00000003.2698406593.0000000006510000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2694856415.0000000006511000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2688539770.00000000059CC000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2690829104.0000000006ABC000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2684285072.0000000005427000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2687682405.00000000059C4000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.3029578609.0000000006514000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2690264096.0000000006517000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2689455592.00000000059C6000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2695780673.00000000059C4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
            Source: VinylStudio.exe, 00000004.00000003.2698406593.0000000006510000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2694856415.0000000006511000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2688539770.00000000059CC000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2690829104.0000000006ABC000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2684285072.0000000005427000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2687682405.00000000059C4000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.3029578609.0000000006514000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2690264096.0000000006517000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2689455592.00000000059C6000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2695780673.00000000059C4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
            Source: VinylStudio.exe, 00000004.00000003.2698406593.0000000006510000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2694856415.0000000006511000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2688539770.00000000059CC000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2690829104.0000000006ABC000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2684285072.0000000005427000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2687682405.00000000059C4000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.3029578609.0000000006514000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2690264096.0000000006517000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2689455592.00000000059C6000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2695780673.00000000059C4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
            Source: VinylStudio.exe, 00000004.00000003.2698406593.0000000006510000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2694856415.0000000006511000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2688539770.00000000059CC000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2690829104.0000000006ABC000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2684285072.0000000005427000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2687682405.00000000059C4000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.3029578609.0000000006514000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2690264096.0000000006517000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2689455592.00000000059C6000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2695780673.00000000059C4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
            Source: zDcNyG6Csn.exeReversingLabs: Detection: 42%
            Source: unknownProcess created: C:\Users\user\Desktop\zDcNyG6Csn.exe "C:\Users\user\Desktop\zDcNyG6Csn.exe"
            Source: C:\Users\user\Desktop\zDcNyG6Csn.exeProcess created: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exe "C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exe"
            Source: C:\Users\user\Desktop\zDcNyG6Csn.exeProcess created: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exe "C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exe" Jump to behavior
            Source: C:\Users\user\Desktop\zDcNyG6Csn.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\zDcNyG6Csn.exeSection loaded: winmm.dllJump to behavior
            Source: C:\Users\user\Desktop\zDcNyG6Csn.exeSection loaded: mfplat.dllJump to behavior
            Source: C:\Users\user\Desktop\zDcNyG6Csn.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\zDcNyG6Csn.exeSection loaded: rtworkq.dllJump to behavior
            Source: C:\Users\user\Desktop\zDcNyG6Csn.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\zDcNyG6Csn.exeSection loaded: mmdevapi.dllJump to behavior
            Source: C:\Users\user\Desktop\zDcNyG6Csn.exeSection loaded: devobj.dllJump to behavior
            Source: C:\Users\user\Desktop\zDcNyG6Csn.exeSection loaded: winmmbase.dllJump to behavior
            Source: C:\Users\user\Desktop\zDcNyG6Csn.exeSection loaded: ksuser.dllJump to behavior
            Source: C:\Users\user\Desktop\zDcNyG6Csn.exeSection loaded: avrt.dllJump to behavior
            Source: C:\Users\user\Desktop\zDcNyG6Csn.exeSection loaded: audioses.dllJump to behavior
            Source: C:\Users\user\Desktop\zDcNyG6Csn.exeSection loaded: powrprof.dllJump to behavior
            Source: C:\Users\user\Desktop\zDcNyG6Csn.exeSection loaded: umpdc.dllJump to behavior
            Source: C:\Users\user\Desktop\zDcNyG6Csn.exeSection loaded: msacm32.dllJump to behavior
            Source: C:\Users\user\Desktop\zDcNyG6Csn.exeSection loaded: midimap.dllJump to behavior
            Source: C:\Users\user\Desktop\zDcNyG6Csn.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\zDcNyG6Csn.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\zDcNyG6Csn.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Users\user\Desktop\zDcNyG6Csn.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\zDcNyG6Csn.exeSection loaded: edputil.dllJump to behavior
            Source: C:\Users\user\Desktop\zDcNyG6Csn.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Users\user\Desktop\zDcNyG6Csn.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Users\user\Desktop\zDcNyG6Csn.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Users\user\Desktop\zDcNyG6Csn.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Users\user\Desktop\zDcNyG6Csn.exeSection loaded: windows.staterepositoryps.dllJump to behavior
            Source: C:\Users\user\Desktop\zDcNyG6Csn.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\zDcNyG6Csn.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\zDcNyG6Csn.exeSection loaded: appresolver.dllJump to behavior
            Source: C:\Users\user\Desktop\zDcNyG6Csn.exeSection loaded: bcp47langs.dllJump to behavior
            Source: C:\Users\user\Desktop\zDcNyG6Csn.exeSection loaded: slc.dllJump to behavior
            Source: C:\Users\user\Desktop\zDcNyG6Csn.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\zDcNyG6Csn.exeSection loaded: sppc.dllJump to behavior
            Source: C:\Users\user\Desktop\zDcNyG6Csn.exeSection loaded: onecorecommonproxystub.dllJump to behavior
            Source: C:\Users\user\Desktop\zDcNyG6Csn.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: starburn.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: msimg32.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: wsock32.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: winmm.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: imodel.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: winusb.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: libusbk.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: hid.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: riched20.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: usp10.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: msls31.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: devobj.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: winusb.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: libusbk.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: hid.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: devobj.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: libjack.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: fpres12-x64-0419.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: ces_picture.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: napinsp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: pnrpnsp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: wshbth.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: nlaapi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: textinputframework.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: coreuicomponents.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: coremessaging.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: coremessaging.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: windowscodecs.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: winrnr.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: textshaping.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: oleacc.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: wtsapi32.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: wshunix.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: mpr.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: netapi32.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: rasapi32.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: rasman.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: samcli.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: avifil32.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: msvfw32.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: msacm32.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: winmmbase.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: winmmbase.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: cryptui.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: pstorec.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: winnsi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: winsta.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: ieframe.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: wkscli.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: mlang.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: vaultcli.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: rtutils.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: sxs.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: dhcpcsvc.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: wlanapi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: netprofm.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: npmproxy.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: dhcpcsvc6.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: mmdevapi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: devobj.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: audioses.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: powrprof.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: umpdc.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: logoncli.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\zDcNyG6Csn.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BCDE0395-E52F-467C-8E3D-C4579291692E}\InprocServer32Jump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwnerJump to behavior
            Source: Window RecorderWindow detected: More than 3 window changes detected
            Source: zDcNyG6Csn.exeStatic PE information: More than 140 > 100 exports found
            Source: zDcNyG6Csn.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
            Source: zDcNyG6Csn.exeStatic file information: File size 14840744 > 1048576
            Source: zDcNyG6Csn.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x267a00
            Source: zDcNyG6Csn.exeStatic PE information: Raw size of .rsrc is bigger than: 0x100000 < 0xae1600
            Source: zDcNyG6Csn.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
            Source: Binary string: G:\source\VinylStudio\V15_00\Release\VinylStudio.pdb source: zDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004B53000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000000.2638736749.00000000009E5000.00000002.00000001.01000000.00000005.sdmp
            Source: Binary string: c:\starburn\Bin\Dynamic\Release\i386\StarBurn.pdb source: zDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004532000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\PDR14_AutoBuild\LayerTemplate_9\Generic\Trunk\bin\Win32\Release\CES_Picture.pdb source: zDcNyG6Csn.exe, 00000000.00000003.2631071020.00000000041CC000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: c:\starburn\Bin\Dynamic\Release\i386\StarBurn.pdb(_ source: zDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004532000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\PDR14_AutoBuild\LayerTemplate_9\Generic\Trunk\bin\Win32\Release\CES_Picture.pdb* source: zDcNyG6Csn.exe, 00000000.00000003.2631071020.00000000041CC000.00000004.00000020.00020000.00000000.sdmp
            Source: zDcNyG6Csn.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
            Source: zDcNyG6Csn.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
            Source: zDcNyG6Csn.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
            Source: zDcNyG6Csn.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
            Source: zDcNyG6Csn.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
            Source: fpres12-x64-0419.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x17a95e
            Source: CES_Picture.dll.0.drStatic PE information: real checksum: 0xdbf2e should be: 0xe3f2e
            Source: StarBurn.dll.0.drStatic PE information: real checksum: 0x98075 should be: 0x9033d
            Source: CES_Picture.dll.0.drStatic PE information: section name: .text1
            Source: CES_Picture.dll.0.drStatic PE information: section name: .data1
            Source: CES_Picture.dll.0.drStatic PE information: section name: .trace
            Source: CES_Picture.dll.0.drStatic PE information: section name: _RDATA
            Source: C:\Users\user\Desktop\zDcNyG6Csn.exeCode function: 0_2_00965A6C push ecx; ret 0_2_00965A7F
            Source: StarBurn.dll.0.drStatic PE information: section name: .text entropy: 6.997353967963893
            Source: C:\Users\user\Desktop\zDcNyG6Csn.exeFile created: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\StarBurn.dllJump to dropped file
            Source: C:\Users\user\Desktop\zDcNyG6Csn.exeFile created: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeJump to dropped file
            Source: C:\Users\user\Desktop\zDcNyG6Csn.exeFile created: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\imodel.dllJump to dropped file
            Source: C:\Users\user\Desktop\zDcNyG6Csn.exeFile created: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\fpres12-x64-0419.dllJump to dropped file
            Source: C:\Users\user\Desktop\zDcNyG6Csn.exeFile created: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\CES_Picture.dllJump to dropped file

            Hooking and other Techniques for Hiding and Protection

            barindex
            May use the Tor software to hide its network traffic
            Source: VinylStudio.exe, 00000004.00000003.3030223169.0000000007259000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2698406593.0000000006510000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2694856415.0000000006511000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2688539770.00000000059CC000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2690829104.0000000006ABC000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2684285072.0000000005427000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2687682405.00000000059C4000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.3029578609.0000000006514000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2690264096.0000000006517000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2689455592.00000000059C6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: torConnect
            Source: C:\Users\user\Desktop\zDcNyG6Csn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeWindow / User API: threadDelayed 364Jump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeWindow / User API: threadDelayed 726Jump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exe TID: 1524Thread sleep time: -75075s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exe TID: 6020Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exe TID: 6716Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeLast function: Thread delayed
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeThread delayed: delay time: 75075Jump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\Jump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior
            Source: VinylStudio.exe, 00000004.00000003.2644908742.0000000000ECD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
            Source: VinylStudio.exe, 00000004.00000003.2644524988.0000000000EE3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
            Source: zDcNyG6Csn.exe, 00000000.00000002.2644237794.0000000001A97000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}y2U
            Source: VinylStudio.exe, 00000004.00000003.2641897899.0000000000ED1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}7
            Source: VinylStudio.exe, 00000004.00000003.2644524988.0000000000EE3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
            Source: zDcNyG6Csn.exe, 00000000.00000002.2644237794.0000000001A97000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\y7V>T
            Source: VinylStudio.exe, 00000004.00000003.2642486880.0000000000ECD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
            Source: zDcNyG6Csn.exe, 00000000.00000002.2644237794.0000000001A2E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
            Source: VinylStudio.exe, 00000004.00000003.2644524988.0000000000EE3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Users\user\Desktop\zDcNyG6Csn.exeProcess created: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exe "C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exe" Jump to behavior
            Source: VinylStudio.exe, 00000004.00000000.2638736749.000000000087E000.00000002.00000001.01000000.00000005.sdmpBinary or memory string: Fg:\source\hpslib\v15_00\psutils.cpphBrushProgmanShell_TrayWndSideBar_AppBarBulletSideBar_HTMLHostWindow4
            Source: VinylStudio.exe, 00000004.00000003.3030223169.0000000007259000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2698406593.0000000006510000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2694856415.0000000006511000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Shell_TrayWndTrayNotifyWndSysPagerToolbarWindow32U
            Source: VinylStudio.exe, 00000004.00000003.3030223169.0000000007259000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2698406593.0000000006510000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2694856415.0000000006511000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: explorer.exeShell_TrayWnd
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1Jump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1Jump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1Jump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1Jump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1Jump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1Jump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1Jump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1Jump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1Jump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1Jump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1Jump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1Jump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1Jump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion InstallDateJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion ProductIdJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion ProductIdJump to behavior
            Source: C:\Users\user\Desktop\zDcNyG6Csn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\TMP1A28.tmp VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\zDcNyG6Csn.exeCode function: 0_2_00965D85 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00965D85
            Source: C:\Users\user\Desktop\zDcNyG6Csn.exeCode function: 0_2_00937AF0 ?getVersion@RtAudio@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ,0_2_00937AF0
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information

            barindex
            Yara detected DanaBot stealer dll
            Source: Yara matchFile source: 00000004.00000003.2690829104.0000000006ABC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.2684285072.0000000005427000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.3030223169.0000000007259000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.2687682405.00000000059C4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.3029578609.0000000006514000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.2695780673.00000000059C4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.2688539770.00000000059CC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.2694856415.0000000006511000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.2689455592.00000000059C6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.2690264096.0000000006517000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.2698406593.0000000006510000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.2702181142.00000000059C0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.2683044684.0000000005F6A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.2682373684.00000000059C4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.2691547817.00000000059C2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.2696959590.00000000059CA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.2696465564.000000000651B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: VinylStudio.exe PID: 6540, type: MEMORYSTR
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqliteJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PreferencesJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
            Tries to steal Instant Messenger accounts or passwords
            Source: C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exeFile opened: C:\Users\user\AppData\Roaming\Miranda\Jump to behavior
            Source: Yara matchFile source: 00000004.00000003.2690829104.0000000006ABC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.2684285072.0000000005427000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.3030223169.0000000007259000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.2687682405.00000000059C4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.3029578609.0000000006514000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.2695780673.00000000059C4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.2688539770.00000000059CC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.2694856415.0000000006511000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.2689455592.00000000059C6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.2690264096.0000000006517000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.2698406593.0000000006510000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.2702181142.00000000059C0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.2683044684.0000000005F6A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.2682373684.00000000059C4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.2691547817.00000000059C2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.2696959590.00000000059CA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.2696465564.000000000651B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: VinylStudio.exe PID: 6540, type: MEMORYSTR

            Remote Access Functionality

            barindex
            Yara detected DanaBot stealer dll
            Source: Yara matchFile source: 00000004.00000003.2690829104.0000000006ABC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.2684285072.0000000005427000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.3030223169.0000000007259000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.2687682405.00000000059C4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.3029578609.0000000006514000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.2695780673.00000000059C4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.2688539770.00000000059CC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.2694856415.0000000006511000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.2689455592.00000000059C6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.2690264096.0000000006517000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.2698406593.0000000006510000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.2702181142.00000000059C0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.2683044684.0000000005F6A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.2682373684.00000000059C4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.2691547817.00000000059C2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.2696959590.00000000059CA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.2696465564.000000000651B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: VinylStudio.exe PID: 6540, type: MEMORYSTR

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid Accounts11
            Windows Management Instrumentation            		1
            DLL Side-Loading            		12
            Process Injection            		1
            Masquerading            		1
            OS Credential Dumping            		1
            System Time Discovery            		Remote Services1
            Data from Local System            		2
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
            DLL Side-Loading            		131
            Virtualization/Sandbox Evasion            		1
            Credentials in Registry            		211
            Security Software Discovery            		Remote Desktop ProtocolData from Removable Media1
            Multi-hop Proxy            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)12
            Process Injection            		1
            Credentials In Files            		1
            Process Discovery            		SMB/Windows Admin SharesData from Network Shared Drive1
            Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook2
            Obfuscated Files or Information            		NTDS131
            Virtualization/Sandbox Evasion            		Distributed Component Object ModelInput Capture1
            Proxy            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            Software Packing            		LSA Secrets1
            Application Window Discovery            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
            DLL Side-Loading            		Cached Domain Credentials1
            System Owner/User Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync2
            File and Directory Discovery            		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem55
            System Information Discovery            		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            zDcNyG6Csn.exe42%ReversingLabsWin32.Trojan.Leonem
            zDcNyG6Csn.exe100%AviraTR/Dldr.Rugmi.zaxam

            Dropped Files

            SourceDetectionScannerLabelLink
            C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\imodel.dll100%AviraTR/Dldr.Rugmi.rxflt
            C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\CES_Picture.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\StarBurn.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exe0%ReversingLabs
            C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\fpres12-x64-0419.dll4%ReversingLabs
            C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\imodel.dll50%ReversingLabsWin32.Trojan.Dacic

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            https://www.alpinesoft.co.uk/forum0%Avira URL Cloudsafe
            https://www.alpinesoft.co.uk/VinylStudio/request_license_key.aspx0%Avira URL Cloudsafe
            http://crl.duplexsecure.com/entity.crl00%Avira URL Cloudsafe
            https://www.alpinesoft.co.uk/VinylStudio/VinylStudio_pro.aspx0%Avira URL Cloudsafe
            http://crl.grsign.com/rootca.crl0Q0%Avira URL Cloudsafe
            https://%s/VinylStudio/register_partner.aspx?platform=%s&partner=%s&email=%s%s0%Avira URL Cloudsafe
            https://%s/VinylStudio/register.aspx?platform=%s&partner=%s&email=%srecording_options_dialogrecordin0%Avira URL Cloudsafe
            https://www.alpinesoft.co.uk/forum/index.php?topic=2567.00%Avira URL Cloudsafe
            https://www.alpinesoft.co.uk/VinylStudio/download.aspx0%Avira URL Cloudsafe
            https://www.alpinesoft.co.uk/forum/index.php?topic=725.00%Avira URL Cloudsafe
            http://www.alpinesoft.co.uk%s/%d.%d.%d0%Avira URL Cloudsafe
            https://www.alpinesoft.co.uk/contact_us.aspx0%Avira URL Cloudsafe
            https://www.alpinesoft.co.uk/VinylStudio/VinylStudio_premium.aspx0%Avira URL Cloudsafe
            https://www.alpinesoft.co.uk/VinylStudio/download_mac.aspx0%Avira URL Cloudsafe
            http://crl.grsign.com/root.crl0Q0%Avira URL Cloudsafe
            https://inivation.gitlab.io/dv/dv-docs/docs/update-firmware/0%Avira URL Cloudsafe
            https://www.alpinesoft.co.uk/forum/index.php?topic=18.00%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            No contacted domains info

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            http://html4/loose.dtdVinylStudio.exe, 00000004.00000003.2698406593.0000000006510000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2694856415.0000000006511000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2688539770.00000000059CC000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2690829104.0000000006ABC000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2684285072.0000000005427000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2687682405.00000000059C4000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.3029578609.0000000006514000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2690264096.0000000006517000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2689455592.00000000059C6000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2695780673.00000000059C4000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2683044684.0000000005F6A000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2702181142.00000000059C0000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2691547817.00000000059C2000.00000004.00000020.00020000.00000000.sdmpfalse
              		high
              https://sectigo.com/CPS0zDcNyG6Csn.exe, 00000000.00000003.2630805664.0000000001A85000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004DB0000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2630949044.0000000001AAF000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2635111445.0000000001A85000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2635292554.0000000001AB0000.00000004.00000020.00020000.00000000.sdmpfalse
                		high
                http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#zDcNyG6Csn.exe, 00000000.00000003.2630805664.0000000001A85000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004DB0000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2630949044.0000000001AAF000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2635111445.0000000001A85000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2635292554.0000000001AB0000.00000004.00000020.00020000.00000000.sdmpfalse
                  		high
                  http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0zDcNyG6Csn.exe, 00000000.00000003.2630805664.0000000001A85000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004DB0000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2630949044.0000000001AAF000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2635111445.0000000001A85000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2635292554.0000000001AB0000.00000004.00000020.00020000.00000000.sdmpfalse
                    		high
                    http://ocsp.sectigo.com0zDcNyG6Csn.exe, 00000000.00000003.2635292554.0000000001AB0000.00000004.00000020.00020000.00000000.sdmpfalse
                      		high
                      https://www.alpinesoft.co.uk/forumzDcNyG6Csn.exe, 00000000.00000003.2630805664.0000000001A85000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004DB0000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004B53000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2635111445.0000000001A85000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000000.2640778975.0000000000C4C000.00000002.00000001.01000000.00000005.sdmp, VinylStudio.exe, 00000004.00000000.2640778975.0000000000B30000.00000002.00000001.01000000.00000005.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.gimp.org/xmp/VinylStudio.exe, 00000004.00000003.2686047930.000000000397C000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2685827682.000000000397B000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        http://crl.grsign.com/rootca.crl0QzDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004532000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://www.alpinesoft.co.uk/VinylStudio/request_license_key.aspxzDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004DB0000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000000.2640778975.0000000000C4C000.00000002.00000001.01000000.00000005.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://%s/VinylStudio/register.aspx?platform=%s&partner=%s&email=%srecording_options_dialogrecordinzDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004B53000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000000.2638736749.00000000009E5000.00000002.00000001.01000000.00000005.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#zDcNyG6Csn.exe, 00000000.00000003.2630805664.0000000001A85000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004DB0000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2630949044.0000000001AAF000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2635111445.0000000001A85000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2635292554.0000000001AB0000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          https://www.discogs.com/release/%s%szDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004B53000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000000.2638736749.00000000009E5000.00000002.00000001.01000000.00000005.sdmpfalse
                            		high
                            https://beebom.com/how-to-use-light-theme-with-dark-menu-bar-and-dock-in-macos-mojave/zDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004DB0000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000000.2640778975.0000000000C4C000.00000002.00000001.01000000.00000005.sdmpfalse
                              		high
                              http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#zDcNyG6Csn.exe, 00000000.00000003.2630805664.0000000001A85000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004DB0000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2630949044.0000000001AAF000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2635111445.0000000001A85000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2635292554.0000000001AB0000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                https://www.alpinesoft.co.uk/VinylStudio/VinylStudio_pro.aspxzDcNyG6Csn.exe, 00000000.00000003.2630805664.0000000001A85000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004DB0000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2630949044.0000000001AAF000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2635111445.0000000001A85000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2635292554.0000000001AB0000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000000.2640778975.0000000000C4C000.00000002.00000001.01000000.00000005.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://%s/VinylStudio/register_partner.aspx?platform=%s&partner=%s&email=%s%szDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004B53000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000000.2638736749.00000000009E5000.00000002.00000001.01000000.00000005.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://.cssVinylStudio.exe, 00000004.00000003.2698406593.0000000006510000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2694856415.0000000006511000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2688539770.00000000059CC000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2690829104.0000000006ABC000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2684285072.0000000005427000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2687682405.00000000059C4000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.3029578609.0000000006514000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2690264096.0000000006517000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2689455592.00000000059C6000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2695780673.00000000059C4000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2683044684.0000000005F6A000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2702181142.00000000059C0000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2691547817.00000000059C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  http://crl.duplexsecure.com/entity.crl0zDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004532000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.openssl.org/support/faq.htmlVinylStudio.exe, 00000004.00000003.3030745195.000000007ECF0000.00000004.00001000.00020000.00000000.sdmpfalse
                                    		high
                                    https://www.alpinesoft.co.uk/forum/index.php?topic=2567.0zDcNyG6Csn.exe, 00000000.00000003.2630805664.0000000001A85000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004DB0000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2635111445.0000000001A85000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000000.2640778975.0000000000C4C000.00000002.00000001.01000000.00000005.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl0zDcNyG6Csn.exe, 00000000.00000003.2630805664.0000000001A85000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004DB0000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2630949044.0000000001AAF000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2635111445.0000000001A85000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2635292554.0000000001AB0000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      https://www.alpinesoft.co.uk/forum/index.php?topic=725.0zDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004B53000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000000.2640778975.0000000000B30000.00000002.00000001.01000000.00000005.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.openssl.org/support/faq.htmlRANDVinylStudio.exe, 00000004.00000003.3030745195.000000007ECF0000.00000004.00001000.00020000.00000000.sdmpfalse
                                        		high
                                        http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0yzDcNyG6Csn.exe, 00000000.00000003.2630805664.0000000001A85000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004DB0000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2630949044.0000000001AAF000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2635111445.0000000001A85000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2635292554.0000000001AB0000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://www.alpinesoft.co.uk/VinylStudio/download.aspxVinylStudio.exe, 00000004.00000000.2640778975.0000000000C4C000.00000002.00000001.01000000.00000005.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://api.discogs.com/releases/%sCollectionzDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004B53000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000000.2638736749.00000000009E5000.00000002.00000001.01000000.00000005.sdmpfalse
                                            		high
                                            http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0zzDcNyG6Csn.exe, 00000000.00000003.2630805664.0000000001A85000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004DB0000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2630949044.0000000001AAF000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2635111445.0000000001A85000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2635292554.0000000001AB0000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              http://www.alpinesoft.co.uk%s/%d.%d.%dzDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004B53000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000000.2638736749.00000000009E5000.00000002.00000001.01000000.00000005.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://www.alpinesoft.co.uk/contact_us.aspxVinylStudio.exe, 00000004.00000000.2640778975.0000000000C4C000.00000002.00000001.01000000.00000005.sdmp, VinylStudio.exe, 00000004.00000000.2640778975.0000000000B30000.00000002.00000001.01000000.00000005.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://www.alpinesoft.co.uk/VinylStudio/VinylStudio_premium.aspxVinylStudio.exe, 00000004.00000000.2640778975.0000000000C4C000.00000002.00000001.01000000.00000005.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://www.alpinesoft.co.uk/forum/index.php?topic=18.0zDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004DB0000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000000.2640778975.0000000000C4C000.00000002.00000001.01000000.00000005.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.winimage.com/zLibDllzDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004B53000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000000.2638736749.00000000009E5000.00000002.00000001.01000000.00000005.sdmpfalse
                                                		high
                                                https://www.alpinesoft.co.uk/VinylStudio/download_mac.aspxzDcNyG6Csn.exe, 00000000.00000003.2630805664.0000000001A85000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004DB0000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2635111445.0000000001A85000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000000.2640778975.0000000000C4C000.00000002.00000001.01000000.00000005.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://.jpgVinylStudio.exe, 00000004.00000003.2698406593.0000000006510000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2694856415.0000000006511000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2688539770.00000000059CC000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2690829104.0000000006ABC000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2684285072.0000000005427000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2687682405.00000000059C4000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.3029578609.0000000006514000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2690264096.0000000006517000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2689455592.00000000059C6000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2695780673.00000000059C4000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2683044684.0000000005F6A000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2702181142.00000000059C0000.00000004.00000020.00020000.00000000.sdmp, VinylStudio.exe, 00000004.00000003.2691547817.00000000059C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://inivation.gitlab.io/dv/dv-docs/docs/update-firmware/zDcNyG6Csn.exe, 00000000.00000003.2631071020.00000000043B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://crl.grsign.com/root.crl0QzDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004532000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#zDcNyG6Csn.exe, 00000000.00000003.2630805664.0000000001A85000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2631071020.0000000004DB0000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2630949044.0000000001AAF000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2635111445.0000000001A85000.00000004.00000020.00020000.00000000.sdmp, zDcNyG6Csn.exe, 00000000.00000003.2635292554.0000000001AB0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high

                                                    World Map of Contacted IPs

                                                    • No. of IPs < 25%
                                                    • 25% < No. of IPs < 50%
                                                    • 50% < No. of IPs < 75%
                                                    • 75% < No. of IPs

                                                    Public IPs

                                                    IPDomainCountryFlagASNASN NameMalicious
                                                    8.8.8.8
                                                    		unknownUnited States
                                                    		15169GOOGLEUSfalse
                                                    89.116.191.177
                                                    		unknownLithuania
                                                    		15419LRTC-ASLTtrue
                                                    77.221.149.84
                                                    		unknownRussian Federation
                                                    		30968INFOBOX-ASInfoboxruAutonomousSystemRUtrue
                                                    213.210.13.4
                                                    		unknownUnited Kingdom
                                                    		8851EDGEtaGCIComGBtrue
                                                    193.188.22.40
                                                    		unknownRussian Federation
                                                    		49558LIVECOMM-ASRespublikanskayastr3k6RUtrue

                                                    General Information

                                                    Joe Sandbox version:41.0.0 Charoite
                                                    Analysis ID:1573182
                                                    Start date and time:2024-12-11 16:16:14 +01:00
                                                    Joe Sandbox product:CloudBasic
                                                    Overall analysis duration:0h 6m 35s
                                                    Hypervisor based Inspection enabled:false
                                                    Report type:full
                                                    Cookbook file name:default.jbs
                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                    Number of analysed new started processes analysed:5
                                                    Number of new started drivers analysed:0
                                                    Number of existing processes analysed:0
                                                    Number of existing drivers analysed:0
                                                    Number of injected processes analysed:0
                                                    Technologies:
                                                    • HCA enabled
                                                    • EGA enabled
                                                    • AMSI enabled
                                                    Analysis Mode:default
                                                    Analysis stop reason:Timeout
                                                    Sample name:zDcNyG6Csn.exe
                                                    renamed because original name is a hash value
                                                    Original Sample Name:ea9c85e8d44bc5d7b98a5f6f15c0929841ebdabf62e412247b112ca21de55287.exe
                                                    Detection:MAL
                                                    Classification:mal100.phis.troj.spyw.evad.winEXE@3/19@0/5
                                                    EGA Information:
                                                    • Successful, ratio: 100%
                                                    HCA Information:Failed
                                                    Cookbook Comments:
                                                    • Found application associated with file extension: .exe

                                                    Warnings

                                                    • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                    • Excluded IPs from analysis (whitelisted): 13.107.246.63, 20.109.210.53
                                                    • Excluded domains from analysis (whitelisted): ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                    • Report size getting too big, too many NtEnumerateKey calls found.
                                                    • Report size getting too big, too many NtEnumerateValueKey calls found.
                                                    • Report size getting too big, too many NtOpenFile calls found.
                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                                    • VT rate limit hit for: zDcNyG6Csn.exe

                                                    Simulations

                                                    Behavior and APIs

                                                    TimeTypeDescription
                                                    10:18:42API Interceptor98x Sleep call for process: VinylStudio.exe modified

                                                    Joe Sandbox View / Context

                                                    IPs

                                                    No context

                                                    Domains

                                                    No context

                                                    ASNs

                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                    INFOBOX-ASInfoboxruAutonomousSystemRUfile.exeGet hashmaliciousPureCrypterBrowse
                                                    • 109.120.137.89
                                                    file.exeGet hashmaliciousPureCrypterBrowse
                                                    • 109.120.137.89
                                                    USD470900_COPY_800BLHSBC882001_NOV202024.PDF.exeGet hashmaliciousRemcos, DBatLoaderBrowse
                                                    • 77.221.149.38
                                                    USD470900_COPY_800BLHSBC882001.PDF.batGet hashmaliciousRemcos, DBatLoaderBrowse
                                                    • 77.221.149.38
                                                    YDW0S5K7hi.exeGet hashmaliciousSilverRatBrowse
                                                    • 109.120.138.54
                                                    cDRgXaadjD.exeGet hashmaliciousSilverRatBrowse
                                                    • 109.120.138.220
                                                    botnet.x86.elfGet hashmaliciousMirai, MoobotBrowse
                                                    • 92.243.83.22
                                                    boatnet.arm.elfGet hashmaliciousMiraiBrowse
                                                    • 77.221.151.63
                                                    boatnet.mips.elfGet hashmaliciousMiraiBrowse
                                                    • 77.221.151.63
                                                    boatnet.x86.elfGet hashmaliciousMiraiBrowse
                                                    • 77.221.151.63
                                                    LRTC-ASLTjew.arm7.elfGet hashmaliciousMiraiBrowse
                                                    • 89.117.100.57
                                                    ET5.exeGet hashmaliciousUnknownBrowse
                                                    • 89.117.55.228
                                                    b1.exeGet hashmaliciousPureCrypter, MicroClipBrowse
                                                    • 89.117.79.31
                                                    b1.exeGet hashmaliciousPureCrypter, MicroClipBrowse
                                                    • 89.117.79.31
                                                    mipsel.elfGet hashmaliciousUnknownBrowse
                                                    • 84.46.252.91
                                                    aeI0ukq9TD.exeGet hashmaliciousUnknownBrowse
                                                    • 89.117.72.231
                                                    0ylPF4c3eF.exeGet hashmaliciousUnknownBrowse
                                                    • 89.117.72.231
                                                    0ylPF4c3eF.exeGet hashmaliciousUnknownBrowse
                                                    • 89.117.72.231
                                                    aeI0ukq9TD.exeGet hashmaliciousUnknownBrowse
                                                    • 89.117.72.231
                                                    apep.m68k.elfGet hashmaliciousUnknownBrowse
                                                    • 89.116.194.115
                                                    EDGEtaGCIComGBSupport.Client (1).exeGet hashmaliciousScreenConnect ToolBrowse
                                                    • 185.49.126.73
                                                    Support.Client (1).exeGet hashmaliciousScreenConnect ToolBrowse
                                                    • 185.49.126.73
                                                    la.bot.m68k.elfGet hashmaliciousUnknownBrowse
                                                    • 213.210.9.89
                                                    la.bot.powerpc.elfGet hashmaliciousUnknownBrowse
                                                    • 77.107.70.202
                                                    fvIqrxcfuL.exeGet hashmaliciousQuasarBrowse
                                                    • 89.213.56.109
                                                    la.bot.mipsel.elfGet hashmaliciousUnknownBrowse
                                                    • 89.213.146.12
                                                    arm7.elfGet hashmaliciousUnknownBrowse
                                                    • 77.107.120.22
                                                    JnC2t6WhUf.elfGet hashmaliciousMiraiBrowse
                                                    • 213.130.144.69
                                                    mhmdm9Hb6i.elfGet hashmaliciousMiraiBrowse
                                                    • 213.130.144.69
                                                    https://t.ly/nFp5iGet hashmaliciousUnknownBrowse
                                                    • 213.130.145.203

                                                    JA3 Fingerprints

                                                    No context

                                                    Dropped Files

                                                    No context

                                                    Created / dropped Files

                                                    C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\CES_Picture.dll

                                                    Download File
                                                    Process:C:\Users\user\Desktop\zDcNyG6Csn.exe
                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):889640
                                                    Entropy (8bit):6.364493902810947
                                                    Encrypted:false
                                                    SSDEEP:24576:uY4VVLzRyDWTDeZTN2iBtbIVil8BjV5myDcOoxjpr9hVMl0d6O:uY4vzRyDWTDeZTN2iBtbIVJV5myDSvrv
                                                    MD5:83714D9AB875B4CDEA81CB3D1A426DDA
                                                    SHA1:C6CA0E5ED7F6ADC2506D266E3DC698F323996924
                                                    SHA-256:076D930CB42C204899DC3B36496A27E5F75C60AD78720BB4F37338DA4EE81A6E
                                                    SHA-512:5CF6690A9A529247EA05923B6969B757D35C3EAA3645EC4D9161EC9FF8C60FA1D177380ED341816706F75819000C237FF74334F700E335E6DBBD1D15AC106E49
                                                    Malicious:true
                                                    Antivirus:
                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                    Reputation:low
                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.SU|.SU|.SK.#SW|.S..{SG|.S..ySn|.S..xS.|.S\.5ST|.S\.%SZ|.SU|.S.|.SU|.Sr|.S..|ST|.S...ST|.S..zST|.SRichU|.S........PE..L....!.T...........!.....6...&...............P............................................@.............................f...(........@...............`..(3...P...T..`R..8........................... ...@............P...............................text............................... ....text1.......0...................... ..`.rdata..&p...P...r...:..............@..@.data...lA......."..................@....data1....... ......................@....trace..............................@..@_RDATA..@....0......................@..@.rsrc........@......................@..@.reloc..2w...P...x..................@..B................................................................................................................................................

                                                    C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\ColorProfiles\Reservation.wav

                                                    Download File
                                                    Process:C:\Users\user\Desktop\zDcNyG6Csn.exe
                                                    File Type:RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz
                                                    Category:dropped
                                                    Size (bytes):3294764
                                                    Entropy (8bit):7.554270122814332
                                                    Encrypted:false
                                                    SSDEEP:98304:WSmV5gbunBDUmu80z3a70OeCSowz8y++L:WSrKndUb80WAAkzB+6
                                                    MD5:01D177688E395C53B82A379B7B908F8C
                                                    SHA1:807239BDFD727C5EF7B469B8EE16151F11F40EB3
                                                    SHA-256:7F2733EB690EAF13DD3F9D27AFE6DB6B2EFD125B513A233492F7A06B8C38BECD
                                                    SHA-512:73C86E835EC54886C78BD33340A1ACB8F7D1BEC910CFE44FF981BAD61637BD77156D8BF7326B5B397A7451EA6F94C0DCA1960D5493FE5366EB9A430FC6C25BDF
                                                    Malicious:false
                                                    Reputation:low
                                                    Preview:RIFF$F2.WAVEfmt ........D...........data.F2.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                    C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\Patches\Remote.db

                                                    Download File
                                                    Process:C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exe
                                                    File Type:data
                                                    Category:modified
                                                    Size (bytes):5855574
                                                    Entropy (8bit):7.999545017237168
                                                    Encrypted:true
                                                    SSDEEP:98304:pZRqC6MUBblcj6877bC+MnlbSyttNAlbcXRtB0nxXSc8tBFDIQFxVO5m4f0Nkuzp:pD7URlw777mRlOyVFBZtBjg5lTo
                                                    MD5:ACF212D8FEB30FB873FAED8BB7A09DD4
                                                    SHA1:B8B02BC50D8C17E76B7F27A1C4C515A2C10182C0
                                                    SHA-256:DE9C9A93D5497F079FA0B84C57B5CE0194E665B0999B01120CCB0698656CD866
                                                    SHA-512:5EB064E035E77AD072B12E8CA21519CDEAF013BF24506038D963A163C8E9A1195F79E2F86F787878BDDE6AADFA412953C4DD6721EF035A85F42CFB6D76D3BCC0
                                                    Malicious:false
                                                    Reputation:low
                                                    Preview:.......}x....r......................................1012546698.?=<>/! #rDPDNL[wxHA@Z4~70VTWVXX[Z.Y_^@HCBEprrxx~x.HONqqsru.rvyysz}|JGUWWP]Qbfihjjml.k...............s.......................^........................".......................!................................................................:>?8?;..>2546698.?=<>6! #KKPBTGIG$-,//QPS.PTWWQX[ZimihrupvJDGFHHKJ.IONpxsru........l.~aacbe.bfiocjmlSn..............k..................................................................g................W......................e.r.0.K.l.h.r.q.d.w.Y.t.h.}.h...10&254.0989.=<?.!P#P%K'A)Z+K-A/JQ1S&U5WsY.[/]/_1A.C'E0G.I<K+M?O%qhsrutwvy.~z}|.~a`zbed.fih.omlnd..............................................9.............................................l.........................#}t!%z#n`r.ooljode;{`3u.........4033.476.@.[...|@.G....@..M.......c`fg`f8.n.mk..tw]BED_FIH.OMLNlqps&9&..>...0=8.;+/.+!_._.!3.YZ..................................................................D...........

                                                    C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\Specification.dat

                                                    Download File
                                                    Process:C:\Users\user\Desktop\zDcNyG6Csn.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):5855352
                                                    Entropy (8bit):7.999545005212404
                                                    Encrypted:true
                                                    SSDEEP:98304:qZRqC6MUBblcj6877bC+MnlbSyttNAlbcXRtB0nxXSc8tBFDIQFxVO5m4f0Nkuzj:qD7URlw777mRlOyVFBZtBjg5lTu
                                                    MD5:AAD52F56E5B022A2BE90B2940CC0857A
                                                    SHA1:EF95A63359B01BB5696539E3D5C8A8DD454AF935
                                                    SHA-256:DE676F1EC756C6827648D867CDAF491DE155A81859EEC3253D2E68355D67DDD6
                                                    SHA-512:ED592F123A7C52569C0FB6715EE94CDABB921877A6C3F31FBF2BA979D7237160DE4D59B406E68CD51A8F6A6DAB5D563B52557F0AC250A54CD8B49E45EC22D95D
                                                    Malicious:false
                                                    Reputation:low
                                                    Preview:......d'.=5.\.....[.................................1012546698.?=<>/! #rDPDNL[wxHA@Z4~70VTWVXX[Z.Y_^@HCBEprrxx~x.HONqqsru.rvyysz}|JGUWWP]Qbfihjjml.k...............s.......................^........................".......................!................................................................:>?8?;..>2546698.?=<>6! #KKPBTGIG$-,//QPS.PTWWQX[ZimihrupvJDGFHHKJ.IONpxsru........l.~aacbe.bfiocjmlSn..............k..................................................................g................W......................e.r.0.K.l.h.r.q.d.w.Y.t.h.}.h...10&254.0989.=<?.!P#P%K'A)Z+K-A/JQ1S&U5WsY.[/]/_1A.C'E0G.I<K+M?O%qhsrutwvy.~z}|.~a`zbed.fih.omlnd..............................................9.............................................l.........................#}t!%z#n`r.ooljode;{`3u.........4033.476.@.[...|@.G....@..M.......c`fg`f8.n.mk..tw]BED_FIH.OMLNlqps&9&..>...0=8.;+/.+!_._.!3.YZ..................................................................D...........

                                                    C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\StarBurn.dll

                                                    Download File
                                                    Process:C:\Users\user\Desktop\zDcNyG6Csn.exe
                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):588200
                                                    Entropy (8bit):7.049548838106319
                                                    Encrypted:false
                                                    SSDEEP:6144:XO/y/giMzI+IOyLwjiwjD2S+HGN6TWjSp8Kl9xjp4cfSuHwQBGp88MRUssCR9CDl:j/gzbn+GgTWjg8S4cfSn8GpsCD0FdS
                                                    MD5:669198EEB088EE32BBE71045858DD0D1
                                                    SHA1:D970D2E7ECF511996A30D34E80689A4520CCF931
                                                    SHA-256:3887A0042F6C2E43734359C9AD27B64CEDA8DDC3BD8B0CF8C97405C947F917D2
                                                    SHA-512:D4EB8A50A6A753E31F437E78B13275FA09B91531E3CFFFC571DF6040F54479D02D14F8C67E0DB206E99FB84085DDE152CC9AD20EE326093F97243D15C98A036B
                                                    Malicious:true
                                                    Antivirus:
                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                    Reputation:low
                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PV..>...>...>...>...>...-...>..eC...>...?.b.>..eE...>..eS..>..eP...>..e@...>..eD...>..eB...>..eF...>.Rich..>.........PE..L...../I...........!.....4...........[.......P....@.......................... ......u...............................0..../......x...............................X>.. ...................................@...............(............................text....3.......4.................. ..`.data....K...P...<...8..............@....idata.. ............t..............@....rsrc...............................@..@.reloc...Z.......Z..................@..B................................................................................................................................................................................................................................................................................................................

                                                    C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exe

                                                    Download File
                                                    Process:C:\Users\user\Desktop\zDcNyG6Csn.exe
                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):9112184
                                                    Entropy (8bit):5.809706821513065
                                                    Encrypted:false
                                                    SSDEEP:196608:Bk1o1JZLTAPe+jpJm1H25okMKZeVVZ5ib8:aKnZLTAPeOJKH2akZZSVZ5iw
                                                    MD5:73979A5C684010903C2B85D78AACADED
                                                    SHA1:1826CD3575125DB232F07C1AC25C7E8483E82BC9
                                                    SHA-256:85AFAB823ADF585D8559D561C51EBB7E6BC53CF2D54CCA7898A6CB24E01355E9
                                                    SHA-512:8A3C37F41297577F5007A8E1879B2AF35BBFC9CE26C2D9705EDBC0A27EEB6DEA0DD2ECCE2338FB4CEA839DA327B4B18C4A4EB921DBFD9E3D54C1D140AE4FBAB2
                                                    Malicious:true
                                                    Antivirus:
                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                    Reputation:low
                                                    Preview:MZ......................@...................................`...........!..L.!This program cannot be run in DOS mode....$.......J.!..sO..sO..sO...)sO....sO...)sO.....sO.\.K..sO.\.L..sO.\.J. sO.....sO......sO..sO.drO.).2..sO...K..pO.....sO.....sO..sN..qO.).4..sO...K..sO...J.MsO...F.krO......sO..s..sO...M..sO.Rich.sO.........................PE..L......f..................G...C......'B.......G...@..................................e.......................................vq.T.....s..t.............x.............m.p...................p.m.......g.@.............G.\....tq.`....................text...k.G.......G................. ..`.rdata....)...G...)...G.............@..@.data...D8....q.......q.............@....rsrc....t....s..v...fr.............@..@................................................................................................................................................................................................................................................

                                                    C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\fpres12-x64-0419.dll

                                                    Download File
                                                    Process:C:\Users\user\Desktop\zDcNyG6Csn.exe
                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):1526784
                                                    Entropy (8bit):4.95663034685677
                                                    Encrypted:false
                                                    SSDEEP:12288:c2RsPax5+phlBW9jw75hiOtOYb+bxarHmAqbCWgCgaKavYu:zTohlw9jw75wsavR
                                                    MD5:1DA0AC0C020F668D9F851D6EA2185128
                                                    SHA1:06B82F54D0725E965019CE6E255665DBCEF07FCB
                                                    SHA-256:62A0BBAA2E745F9C03A125F496ECD61922900053739826CEB5AF3CEF00FD73CB
                                                    SHA-512:62ACC5B9AB7684DC9BB378F3AECB9E81FC1AE2082C2366BBD329CA0E9FEE08FA772F62D66534BC1FCFD49F7F8203DC5B1D4979531D6962F7C47F689B909907F0
                                                    Malicious:true
                                                    Antivirus:
                                                    • Antivirus: ReversingLabs, Detection: 4%
                                                    Reputation:low
                                                    Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......iK..-*..-*..-*..fR..!*..fR...*..fR..8*...\./*....:*....=*.....*.....'*..;....*...../*..fR..<*..-*...*..;...,*..;...,*..;.^.,*..;...,*..Rich-*..................PE..L......f...........!...(.....b.......?....................................................@..........................`..`....a...............................P..p<..8H..8....................H......xG..@............................................text............................... ..`.rdata...o.......p..................@..@.data....@...p...*...Z..............@....rsrc...............................@..@.reloc..p<...P...>..................@..B................................................................................................................................................................................................................................................................

                                                    C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\images.dat

                                                    Download File
                                                    Process:C:\Users\user\Desktop\zDcNyG6Csn.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):141461
                                                    Entropy (8bit):7.796575011484894
                                                    Encrypted:false
                                                    SSDEEP:3072:JJO3/tC/8IK3VRvXv9UQ/iksTPAgRL6jlkrrlxqMO++xqKR:JXKlRHpikWASLelkflxqMr+xqo
                                                    MD5:E6B1DE7D75D62346148FFD27107C4CED
                                                    SHA1:FB22F21237CF9D746A03A49D32ED400F170BEEA9
                                                    SHA-256:9820524D2950183143E275FEE011CAE37336AA21382D21C2017A32B990841C72
                                                    SHA-512:DDD5BCD78E7BB87D47C882D59AA578A387243DCB63A818861240C10D8F77AD1F1AF9B0A8F78046911B59EB55017B1512EB1FEDC643A8B470E43A648C34CC2A53
                                                    Malicious:false
                                                    Reputation:low
                                                    Preview:about.jpg..,.....<..........JFIF.....d.d......Ducky..............Adobe.d...............................................#%'%#.//33//@@@@@@@@@@@@@@@......................&.....&0#....#0+.'''.+550055@@?@@@@@@@@@@@@..........."..........u..................................................................!.1QA.aq2..."..BR..b3.....................!1QAa.q............?...................@.....ApYE@.@........................D.Q.TP.i..*.V..\.u.J...t.J..".......a&)Sq...............................k..,."....y.@HL...q..................(..k(......................(.............(,".._.1yD~O....t..2.y.a.-b..#...z..>.J..X.V?.%sf]'......5=Y..G.5.*A..............................._..?..................P..........................T..@...........P..5...........&}..&Yq.$..V..).X.0...o.~.qX...v.1..e...NV...k.....q..;dZ.Q.y.G...x..CH.6.h.QYL#S5.4.YtD..:..N.....*......SRj ........@...............................P@..@..................................P.TUHj......?.!...?...b.B.....Q-.i..Y...p...5...pN

                                                    C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\imodel.dll

                                                    Download File
                                                    Process:C:\Users\user\Desktop\zDcNyG6Csn.exe
                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):1594624
                                                    Entropy (8bit):5.078022258074917
                                                    Encrypted:false
                                                    SSDEEP:12288:Nh+c7O+K/lAqmqYR6D75wvaAtOYb+bxarHmAqbCWgCgaKavYNAK:T+c9uAqmz6D7u9avxK
                                                    MD5:7A2E86AAA761548DEB67202BA3BE141F
                                                    SHA1:AF0FEB19075C0C600286DA95FB4DB24A2D84895B
                                                    SHA-256:BEE2971C242A67D8F57D26CBEFEEEC020B2F9071F857AA7626C51FB87ED660A6
                                                    SHA-512:03480C448DA2C7881316F7FEFA09CE30243E78EE3300AE75E64256C44BB35F7335604D3771C97BAC63D1B8A32CEAD15460C349E6A25C21884FF6866264C84D18
                                                    Malicious:true
                                                    Antivirus:
                                                    • Antivirus: Avira, Detection: 100%
                                                    • Antivirus: ReversingLabs, Detection: 50%
                                                    Reputation:low
                                                    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......7L..s-..s-..s-..8U.a-..8U..-..8U.k-.....d-.....c-.....U-..`..r-..e..}-.....q-..8U..t-..s-...-..e...-..e...r-..e.?.r-..e..r-..Richs-..................PE..L......f...........!...(.....@...............................................p............@......................... `..4...Ti..P.......`y...........&.../...0...>...H..8....................I.......H..@............................................text............................... ..`.rdata...t.......v..................@..@.data...x ...........\..............@....rsrc...`y.......z...l..............@..@.reloc...>...0...@..................@..B........................................................................................................................................................................................................................................................................

                                                    C:\Users\user\AppData\Local\Temp\Aqpeawwtprthq

                                                    Download File
                                                    Process:C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):196608
                                                    Entropy (8bit):0.0
                                                    Encrypted:false
                                                    SSDEEP:3::
                                                    MD5:EF2E0D18474B2151EF5876B1E89C2F1D
                                                    SHA1:AEF9802FCF76C67D695BC77322BAE5400D3BBE82
                                                    SHA-256:3381DE4CA9F3A477F25989DFC8B744E7916046B7AA369F61A9A2F7DC0963EC9E
                                                    SHA-512:E81185705A3BD73645BF2B190BBF3AEE060C1C72F98FA39665F254A755B0A5723CE8296422874EB50C7B5E8D6BCD90175B0BA28061221039172A3F50E8902CC8
                                                    Malicious:false
                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                    C:\Users\user\AppData\Local\Temp\Ewsaydee

                                                    Download File
                                                    Process:C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):40960
                                                    Entropy (8bit):0.0
                                                    Encrypted:false
                                                    SSDEEP:3::
                                                    MD5:AB893875D697A3145AF5EED5309BEE26
                                                    SHA1:C90116149196CBF74FFB453ECB3B12945372EBFA
                                                    SHA-256:02B1C2234680617802901A77EAE606AD02E4DDB4282CCBC60061EAC5B2D90BBA
                                                    SHA-512:6B65C0A1956CE18DF2D271205F53274D2905C803D059A0801BF8331CCAA28A1D4842D3585DD9C2B01502A4BE6664BDE2E965B15FCFEC981E85EED37C595CD6BC
                                                    Malicious:false
                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                    C:\Users\user\AppData\Local\Temp\Eyasddqi

                                                    Download File
                                                    Process:C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):20480
                                                    Entropy (8bit):0.0
                                                    Encrypted:false
                                                    SSDEEP:3::
                                                    MD5:DAA100DF6E6711906B61C9AB5AA16032
                                                    SHA1:963FF6C2D517D188014D2EF3682C4797888E6D26
                                                    SHA-256:CC61635DA46B2C9974335EA37E0B5FD660A5C8A42A89B271FA7EC2AC4B8B26F6
                                                    SHA-512:548FAEE346D6C5700BB37D3D44B593E3C343CA7DC6B564F6D3DC7BD5463FBB925765D9C6EA3065BF19F3CCF7B2E1CB5C34C908057C60B62BE866D2566C0B9393
                                                    Malicious:false
                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                    C:\Users\user\AppData\Local\Temp\Fftsse

                                                    Download File
                                                    Process:C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):106496
                                                    Entropy (8bit):0.0
                                                    Encrypted:false
                                                    SSDEEP:3::
                                                    MD5:E6FF930C3FB6DE61F664581C1A85F60C
                                                    SHA1:F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
                                                    SHA-256:CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
                                                    SHA-512:60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
                                                    Malicious:false
                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                    C:\Users\user\AppData\Local\Temp\Hyaodds

                                                    Download File
                                                    Process:C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):106496
                                                    Entropy (8bit):0.0
                                                    Encrypted:false
                                                    SSDEEP:3::
                                                    MD5:E6FF930C3FB6DE61F664581C1A85F60C
                                                    SHA1:F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
                                                    SHA-256:CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
                                                    SHA-512:60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
                                                    Malicious:false
                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                    C:\Users\user\AppData\Local\Temp\Iafttdpwyfe

                                                    Download File
                                                    Process:C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):20480
                                                    Entropy (8bit):0.0
                                                    Encrypted:false
                                                    SSDEEP:3::
                                                    MD5:DAA100DF6E6711906B61C9AB5AA16032
                                                    SHA1:963FF6C2D517D188014D2EF3682C4797888E6D26
                                                    SHA-256:CC61635DA46B2C9974335EA37E0B5FD660A5C8A42A89B271FA7EC2AC4B8B26F6
                                                    SHA-512:548FAEE346D6C5700BB37D3D44B593E3C343CA7DC6B564F6D3DC7BD5463FBB925765D9C6EA3065BF19F3CCF7B2E1CB5C34C908057C60B62BE866D2566C0B9393
                                                    Malicious:false
                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                    C:\Users\user\AppData\Local\Temp\Psueteyufy

                                                    Download File
                                                    Process:C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):51200
                                                    Entropy (8bit):0.0
                                                    Encrypted:false
                                                    SSDEEP:3::
                                                    MD5:BF235F22DF3E004EDE21041978C24F2E
                                                    SHA1:7188972F71AEE4C62669330FF7776E48094B4D9D
                                                    SHA-256:16FA66A7DC98D93F2A4C5D20BAF5177F59C4C37FC62FACE65690C11C15FE6FF9
                                                    SHA-512:E76D7CBBAA2B3110D38425F7B579C6F94C29A162D3B4A3B9A4FEACEDE7CEC5EA5E30E455F9417A2C230390C78AB2FBC54C7B98C8F8F68955FE071C37C59D4046
                                                    Malicious:false
                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                    C:\Users\user\AppData\Local\Temp\Seyhaarq

                                                    Download File
                                                    Process:C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):98304
                                                    Entropy (8bit):0.0
                                                    Encrypted:false
                                                    SSDEEP:3::
                                                    MD5:0A9156C4E3C48EF827980639C4D1E263
                                                    SHA1:9F13A523321C66208E90D45F87FA0CD9B370E111
                                                    SHA-256:3A3ED164E42500A1C5B2D0093F0A813D27DC50D038F330CC100A7E70ECE2E6E4
                                                    SHA-512:8A46C1B44C0EA338AFF0D2E2D07C34430B67B68B6D27E1ADB8CF216B0F0994172CED106A90283F2F0469B5CAA40ACEDF101D45729B823E5179EA55AC507E04AD
                                                    Malicious:false
                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                    C:\Users\user\AppData\Local\Temp\Seyhaarq-shm

                                                    Download File
                                                    Process:C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):32768
                                                    Entropy (8bit):0.017262956703125623
                                                    Encrypted:false
                                                    SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                    MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                    SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                    SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                    SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                    Malicious:false
                                                    Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                    C:\Users\user\AppData\Local\Temp\TMP1A28.tmp

                                                    Download File
                                                    Process:C:\Users\user\Desktop\zDcNyG6Csn.exe
                                                    File Type:7-zip archive data, version 0.4
                                                    Category:dropped
                                                    Size (bytes):10263078
                                                    Entropy (8bit):7.999981860684179
                                                    Encrypted:true
                                                    SSDEEP:196608:5MWPkBxjNhvUzWMaIrdK3nDUpvbnqD86AF+d+DXjOi:LkBxjP+xaIBK3nDURDFLDXjOi
                                                    MD5:83B144265E4FE67E630154EDA7032F16
                                                    SHA1:B377EDB28E8EE16991F84CDF38E2F5B31CB7AB54
                                                    SHA-256:EE8954369761637307516E2976D9FB9E92FC975194D12A1A47CDA561EE46CAB3
                                                    SHA-512:CEFBF2D8803D32961C7B128F46EBB57945D6112A6AB347A7D2CB2383C9A3CD1107F94823393740328EF67EE4691897CCCB15F40C0277AD5894E34D5D09CFC307
                                                    Malicious:false
                                                    Preview:7z..'...........%.......1.e..0..Er.B..c~...V........0.f.{...[..xh..b.4....l$.y.._...U.*........w.F...gzh._..C..Pn..U..!........q..K.o..vl%...\qs.%..]......5c.T;...7.,..N..>..Q..V..%s...................Q...`..(.`e..a...R.}q...4x.'.<......y...s..00R.X.._~.......K.=b.\.........Q..kN.HB...,9eV....D....V.. ..W..j.L.lJ*... [..}........j.,B.ee.....O.N}....:U<.h..3....C...c..:.ID(.co.....P........h...2>.<...m..K.)"....Oc.b?I....B[. X6......7...6..l.O.w<h..`;...`Iu.g1..(.WY.c....Hb2....u2..p..D.....LcWWT.2......wTK2I\....q../..Y>.z...OU.4.k.......?.a.......F.B..Hr.O..4RL..~+.h..G.,.Z...ddm....s...Qa.....$h........d.QZ.tF..c.u.:.lz..r/`wB.=...'.N.....uo~W..S,s.I...5(....~...NZr.8..iWd.4E8.E.Y...BrL..(..m.j..O.7P.$.3r...........x%.<..4..6.......r..'>..V#.6..,..lu..b:}...........8|...K.['&C.S.9..M1....]B.o...$.1..}.tc.v..G.S\6.w...z8.QF.<+0..%.._...n............5N...U......6........^....D.....|w...H....@M2...}.e.:..I.....G.~.[.{....J..]jX.B.n..C."..;a.e.5

                                                    Static File Info

                                                    General

                                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                    Entropy (8bit):7.724115973851605
                                                    TrID:
                                                    • Win32 Executable (generic) a (10002005/4) 99.96%
                                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                                    • DOS Executable Generic (2002/1) 0.02%
                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                    File name:zDcNyG6Csn.exe
                                                    File size:14'840'744 bytes
                                                    MD5:71305067261ad445d787ba9b8a8f5343
                                                    SHA1:3a82a3e6b38355a78129497eb50c8ff257b963e6
                                                    SHA256:ea9c85e8d44bc5d7b98a5f6f15c0929841ebdabf62e412247b112ca21de55287
                                                    SHA512:9a4a8013c61ca3cc5e07c987f630c4e2420283a9ecc9429eefb15777969f86222913757b84285c3bcc16b9cfd20ac2a3627e8be72e07798ab5e5378b989e0b4c
                                                    SSDEEP:196608:mFSRLL6mXjJTP8MWPkBxjNhvUzWMaIrdK3nDUpvbnqD86AF+d+DXjO2:mwRFTPgkBxjP+xaIBK3nDURDFLDXjO2
                                                    TLSH:27E60102B7C24C63D5D2F6B5E583633E857ECD306B23D6C352A03E69B9346C1AE72295
                                                    File Content Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$...........................................W...........ZDF.....ZD......ZD......ZD......jE.......C..............jE.......C.............

                                                    File Icon

                                                    Icon Hash:076179b9b9593907

                                                    Static PE Info

                                                    General

                                                    Entrypoint:0x634d08
                                                    Entrypoint Section:.text
                                                    Digitally signed:true
                                                    Imagebase:0x400000
                                                    Subsystem:windows gui
                                                    Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                    DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                    Time Stamp:0x66C8D56B [Fri Aug 23 18:31:07 2024 UTC]
                                                    TLS Callbacks:0x6346a5
                                                    CLR (.Net) Version:
                                                    OS Version Major:6
                                                    OS Version Minor:0
                                                    File Version Major:6
                                                    File Version Minor:0
                                                    Subsystem Version Major:6
                                                    Subsystem Version Minor:0
                                                    Import Hash:ee7e9397f1dbc886b52174ff04fc0ac1

                                                    Authenticode Signature

                                                    Signature Valid:
                                                    Signature Issuer:
                                                    Signature Validation Error:
                                                    Error Number:
                                                    Not Before, Not After
                                                      Subject Chain
                                                        Version:
                                                        Thumbprint MD5:
                                                        Thumbprint SHA-1:
                                                        Thumbprint SHA-256:
                                                        Serial:

                                                        Entrypoint Preview

                                                        Instruction
                                                        call 00007FC0D4CD63FAh
                                                        jmp 00007FC0D4CD51AFh
                                                        int3
                                                        int3
                                                        int3
                                                        int3
                                                        int3
                                                        int3
                                                        int3
                                                        int3
                                                        int3
                                                        int3
                                                        int3
                                                        int3
                                                        int3
                                                        int3
                                                        cmp cl, 00000040h
                                                        jnc 00007FC0D4CD5347h
                                                        cmp cl, 00000020h
                                                        jnc 00007FC0D4CD5338h
                                                        shld edx, eax, cl
                                                        shl eax, cl
                                                        ret
                                                        mov edx, eax
                                                        xor eax, eax
                                                        and cl, 0000001Fh
                                                        shl edx, cl
                                                        ret
                                                        xor eax, eax
                                                        xor edx, edx
                                                        ret
                                                        int3
                                                        cmp cl, 00000040h
                                                        jnc 00007FC0D4CD5347h
                                                        cmp cl, 00000020h
                                                        jnc 00007FC0D4CD5338h
                                                        shrd eax, edx, cl
                                                        shr edx, cl
                                                        ret
                                                        mov eax, edx
                                                        xor edx, edx
                                                        and cl, 0000001Fh
                                                        shr eax, cl
                                                        ret
                                                        xor eax, eax
                                                        xor edx, edx
                                                        ret
                                                        int3
                                                        int3
                                                        push ebp
                                                        mov ebp, esp
                                                        and dword ptr [0072CB98h], 00000000h
                                                        sub esp, 28h
                                                        or dword ptr [00727458h], 01h
                                                        push 0000000Ah
                                                        call dword ptr [006692E4h]
                                                        test eax, eax
                                                        je 00007FC0D4CD563Bh
                                                        push ebx
                                                        push esi
                                                        push edi
                                                        xor eax, eax
                                                        lea edi, dword ptr [ebp-28h]
                                                        xor ecx, ecx
                                                        push ebx
                                                        cpuid
                                                        mov esi, ebx
                                                        pop ebx
                                                        nop
                                                        mov dword ptr [edi], eax
                                                        mov dword ptr [edi+04h], esi
                                                        mov dword ptr [edi+08h], ecx
                                                        xor ecx, ecx
                                                        mov dword ptr [edi+0Ch], edx
                                                        mov eax, dword ptr [ebp-28h]
                                                        mov edi, dword ptr [ebp-24h]
                                                        mov dword ptr [ebp-04h], eax
                                                        xor edi, 756E6547h
                                                        mov eax, dword ptr [ebp-1Ch]
                                                        xor eax, 49656E69h
                                                        mov dword ptr [ebp-18h], eax
                                                        mov eax, dword ptr [ebp-20h]
                                                        xor eax, 6C65746Eh
                                                        mov dword ptr [ebp-14h], eax
                                                        xor eax, eax
                                                        inc eax
                                                        push ebx
                                                        cpuid
                                                        mov esi, ebx

                                                        Data Directories

                                                        NameVirtual AddressVirtual Size Is in Section
                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x31f8d00x2390.rdata
                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x321c600xdc.rdata
                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x32e0000xae1532.rsrc
                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0xe256000x23a8.reloc
                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0xe100000x1b834.reloc
                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_TLS0x317d000x18.rdata
                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x317c000x40.rdata
                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_IAT0x2690000x400.rdata
                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                        Sections

                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                        .text0x10000x2678750x267a009b47b5b51ea4bcca651e9a3f1c211e5dunknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                        .rdata0x2690000xba2640xba4009d473e51354e3ea91e1e2ce7705fa93eFalse0.4148489932885906data5.720153487657997IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                        .data0x3240000x9b500x5e00c1311a5a6efd9de1f63ce7c9235aeb6aFalse0.40201130319148937data5.487383010318315IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                        .rsrc0x32e0000xae15320xae1600f6f412af5140c3dffaa14c1bab74a0b0unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                        .reloc0xe100000x1b8340x1ba00b9704f0ec960542e56db7da82f58d6f0False0.5823759191176471data6.594914625308364IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                        Resources

                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                        RT_ICON0x32e3c80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishUnited States0.7668918918918919
                                                        RT_ICON0x32e4f00x368Device independent bitmap graphic, 16 x 32 x 24, image size 832EnglishUnited States0.6731651376146789
                                                        RT_ICON0x32e8580x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishUnited States0.6187943262411347
                                                        RT_ICON0x32ecc00x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640EnglishUnited States0.5336021505376344
                                                        RT_ICON0x32efa80xca8Device independent bitmap graphic, 32 x 64 x 24, image size 3200EnglishUnited States0.5058641975308642
                                                        RT_ICON0x32fc500x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishUnited States0.45121951219512196
                                                        RT_ICON0x330cf80x668Device independent bitmap graphic, 48 x 96 x 4, image size 1536EnglishUnited States0.4768292682926829
                                                        RT_ICON0x3313600x1ca8Device independent bitmap graphic, 48 x 96 x 24, image size 7296EnglishUnited States0.5004089422028354
                                                        RT_ICON0x3330080x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishUnited States0.46721991701244814
                                                        RT_ICON0x3355b00xa68Device independent bitmap graphic, 64 x 128 x 4, image size 2560EnglishUnited States0.33708708708708707
                                                        RT_ICON0x3360180x3228Device independent bitmap graphic, 64 x 128 x 24, image size 12800EnglishUnited States0.4029595015576324
                                                        RT_ICON0x3392400x4228Device independent bitmap graphic, 64 x 128 x 32, image size 0EnglishUnited States0.38179026924893716
                                                        RT_ICON0x33d4680x108028Device independent bitmap graphic, 512 x 1024 x 32, image size 0EnglishUnited States0.0526275634765625
                                                        RT_RCDATA0x4454900x9c9a26dataEnglishUnited States1.0003108978271484
                                                        RT_GROUP_ICON0xe0eeb80xbcdataEnglishUnited States0.5851063829787234
                                                        RT_VERSION0xe0ef740x340dataEnglishUnited States0.46634615384615385
                                                        RT_MANIFEST0xe0f2b40x27eXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5501567398119123

                                                        Imports

                                                        DLLImport
                                                        KERNEL32.dllLoadResource, FindResourceW, QueueUserAPC, LocalFree, DeleteCriticalSection, WideCharToMultiByte, lstrcpyW, SleepEx, GetTempFileNameW, FormatMessageA, CreateIoCompletionPort, CloseHandle, GlobalAlloc, LockResource, TerminateThread, SetEvent, GetLastError, FormatMessageW, CreateEventW, PostQueuedCompletionStatus, WaitForSingleObject, FindClose, GetTempPathW, EnumResourceNamesW, GetEnvironmentVariableW, GetQueuedCompletionStatus, LeaveCriticalSection, InitializeCriticalSectionAndSpinCount, WaitForMultipleObjects, WriteConsoleW, GetProcessHeap, SetEnvironmentVariableW, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineW, GetCommandLineA, GetTimeZoneInformation, SetEndOfFile, EnumSystemLocalesW, GetUserDefaultLCID, IsValidLocale, GetLocaleInfoW, LCMapStringW, CompareStringW, GetTimeFormatW, GetDateFormatW, HeapFree, GetConsoleOutputCP, EnumResourceTypesW, CreateWaitableTimerW, lstrlenW, EnterCriticalSection, SetLastError, SetWaitableTimer, FindFirstFileW, SizeofResource, CreateDirectoryW, FlushFileBuffers, HeapAlloc, GetFileSizeEx, HeapSize, HeapReAlloc, FileTimeToSystemTime, SystemTimeToTzSpecificLocalTime, GetDriveTypeW, SetFilePointerEx, SetStdHandle, SetConsoleCtrlHandler, FreeLibraryAndExitThread, ExitThread, ExitProcess, LoadLibraryExW, RtlUnwind, InitializeSListHead, GetStartupInfoW, IsDebuggerPresent, TerminateProcess, SetUnhandledExceptionFilter, GetFileAttributesW, CreateFile2, MultiByteToWideChar, IsValidCodePage, GetACP, GetOEMCP, CreateFileA, CreateFileW, GetFileAttributesA, GetFileInformationByHandle, GetFileType, GetFullPathNameW, ReadFile, WriteFile, PeekNamedPipe, GetExitCodeProcess, Sleep, GetStdHandle, SearchPathA, DuplicateHandle, SetHandleInformation, CreatePipe, GetCurrentProcess, CreateProcessA, OpenProcess, GetProcAddress, LoadLibraryA, InitializeSRWLock, ReleaseSRWLockExclusive, ReleaseSRWLockShared, AcquireSRWLockExclusive, AcquireSRWLockShared, GetCurrentThreadId, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetModuleHandleExW, GetModuleHandleW, InitializeCriticalSection, ReleaseSemaphore, GetExitCodeThread, CreateSemaphoreA, VirtualFree, GetCurrentProcessId, GetSystemTimeAsFileTime, GetSystemTime, SystemTimeToFileTime, GetSystemDirectoryA, FreeLibrary, LoadLibraryW, FindNextFileW, GetConsoleMode, SetConsoleMode, ReadConsoleA, ReadConsoleW, GetShortPathNameW, GetModuleFileNameW, CreateEventA, CreateThread, SetThreadPriority, ResumeThread, RaiseException, GetLocaleInfoEx, QueryPerformanceCounter, QueryPerformanceFrequency, GetStringTypeW, GetCurrentDirectoryW, FindFirstFileExW, GetFileAttributesExW, AreFileApisANSI, GetFileInformationByHandleEx, InitializeCriticalSectionEx, EncodePointer, DecodePointer, LCMapStringEx, TryAcquireSRWLockExclusive, WakeAllConditionVariable, SleepConditionVariableSRW, CompareStringEx, GetCPInfo, IsProcessorFeaturePresent, UnhandledExceptionFilter
                                                        USER32.dllMessageBoxW, MessageBoxA, GetProcessWindowStation, GetUserObjectInformationW
                                                        SHELL32.dllShellExecuteW
                                                        WS2_32.dllconnect, closesocket, setsockopt, recv, WSASetLastError, getservbyname, getservbyport, gethostbyaddr, shutdown, getpeername, recvfrom, inet_ntoa, inet_addr, htons, htonl, WSAGetLastError, gethostbyname, select, ntohs, getsockopt, getsockname, ioctlsocket, WSACleanup, WSAStartup, sendto, send, socket
                                                        SHLWAPI.dllPathFileExistsW
                                                        CRYPT32.dllCertCloseStore, CertEnumCertificatesInStore, CertFindCertificateInStore, CertDuplicateCertificateContext, CertOpenStore, CertFreeCertificateContext, CertGetCertificateContextProperty, CertOpenSystemStoreW
                                                        WINMM.dllmidiInGetNumDevs, midiOutLongMsg, midiOutShortMsg, midiOutUnprepareHeader, midiOutPrepareHeader, midiOutClose, midiOutOpen, midiOutGetDevCapsA, midiOutGetNumDevs, midiInOpen, midiInClose, midiInPrepareHeader, midiInReset, midiInStop, midiInStart, midiInAddBuffer, midiInUnprepareHeader, midiInGetDevCapsA
                                                        MFPlat.DLLMFCreateMediaType, MFCreateSample, MFCreateMemoryBuffer, MFShutdown, MFStartup
                                                        ADVAPI32.dllCryptCreateHash, CryptEnumProvidersW, CryptSignHashW, CryptDestroyHash, CryptDecrypt, CryptExportKey, CryptGetUserKey, CryptGetProvParam, CryptSetHashParam, CryptReleaseContext, CryptGenRandom, DeregisterEventSource, RegisterEventSourceW, ReportEventW, CryptAcquireContextW, CryptDestroyKey
                                                        ole32.dllCoCreateInstance, PropVariantClear, CoTaskMemFree, CoInitialize, CoUninitialize

                                                        Exports

                                                        NameOrdinalAddress
                                                        ??0MidiApi@@QAE@ABV0@@Z10x60d0f0
                                                        ??0MidiApi@@QAE@XZ20x60d140
                                                        ??0MidiInApi@@QAE@ABV0@@Z30x60d190
                                                        ??0MidiInApi@@QAE@I@Z40x60d2d0
                                                        ??0MidiOutApi@@QAE@ABV0@@Z50x60d460
                                                        ??0MidiOutApi@@QAE@XZ60x60d4b0
                                                        ??0RtApi@@QAE@XZ70x602c00
                                                        ??0RtAudio@@QAE@W4Api@0@$$QAV?$function@$$A6AXW4RtAudioErrorType@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z@std@@@Z80x602e80
                                                        ??0RtMidi@@IAE@XZ90x60d6f0
                                                        ??0RtMidi@@QAE@$$QAV0@@Z100x60d700
                                                        ??0RtMidiError@@QAE@ABV0@@Z110x60d720
                                                        ??0RtMidiError@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4Type@0@@Z120x60d7a0
                                                        ??0RtMidiIn@@QAE@$$QAV0@@Z130x60d7d0
                                                        ??0RtMidiIn@@QAE@W4Api@RtMidi@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@I@Z140x60d800
                                                        ??0RtMidiOut@@QAE@$$QAV0@@Z150x60d970
                                                        ??0RtMidiOut@@QAE@W4Api@RtMidi@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z160x60d9a0
                                                        ??1MidiApi@@UAE@XZ170x60db70
                                                        ??1MidiInApi@@UAE@XZ180x60dbd0
                                                        ??1MidiOutApi@@UAE@XZ190x60db70
                                                        ??1RtApi@@UAE@XZ200x603a30
                                                        ??1RtAudio@@QAE@XZ210x450d10
                                                        ??1RtMidi@@MAE@XZ220x60dd40
                                                        ??1RtMidiError@@UAE@XZ230x60dd60
                                                        ??1RtMidiIn@@UAE@XZ240x60dd40
                                                        ??1RtMidiOut@@UAE@XZ250x60dd40
                                                        ??4MidiApi@@QAEAAV0@ABV0@@Z260x60de70
                                                        ??4MidiInApi@@QAEAAV0@ABV0@@Z270x60dec0
                                                        ??4MidiOutApi@@QAEAAV0@ABV0@@Z280x60de70
                                                        ??4RtAudio@@QAEAAV0@ABV0@@Z290x603d90
                                                        ??4RtMidiError@@QAEAAV0@ABV0@@Z300x60df80
                                                        ??_7MidiApi@@6B@310x704e48
                                                        ??_7MidiInApi@@6B@320x704e74
                                                        ??_7MidiOutApi@@6B@330x704ea8
                                                        ??_7RtApi@@6B@340x703794
                                                        ??_7RtMidi@@6B@350x704dc0
                                                        ??_7RtMidiError@@6B@360x704da8
                                                        ??_7RtMidiIn@@6B@370x704de4
                                                        ??_7RtMidiOut@@6B@380x704e0c
                                                        ??_FRtAudio@@QAEXXZ390x603f60
                                                        ??_FRtMidiIn@@QAEXXZ400x60e490
                                                        ??_FRtMidiOut@@QAEXXZ410x60e580
                                                        ?MAX_SAMPLE_RATES@RtApi@@1IB420x7034f4
                                                        ?SAMPLE_RATES@RtApi@@1QBIB430x7034f8
                                                        ?abortStream@RtAudio@@QAE?AW4RtAudioErrorType@@XZ440x604800
                                                        ?byteSwapBuffer@RtApi@@IAEXPADIK@Z450x604920
                                                        ?cancelCallback@MidiInApi@@QAEXXZ460x60f560
                                                        ?cancelCallback@RtMidiIn@@QAEXXZ470x60f5b0
                                                        ?clearStreamInfo@RtApi@@IAEXXZ480x604a20
                                                        ?closePort@RtMidiIn@@UAEXXZ490x4524b0
                                                        ?closePort@RtMidiOut@@UAEXXZ500x4524b0
                                                        ?closeStream@RtApi@@UAEXXZ510x4510f0
                                                        ?closeStream@RtAudio@@QAEXXZ520x452460
                                                        ?convertBuffer@RtApi@@IAEXPAD0AAUConvertInfo@1@@Z530x604cd0
                                                        ?error@MidiApi@@QAEXW4Type@RtMidiError@@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z540x6101d0
                                                        ?error@RtApi@@IAE?AW4RtAudioErrorType@@W42@@Z550x6069e0
                                                        ?formatBytes@RtApi@@IAEIK@Z560x606ac0
                                                        ?getApiDisplayName@RtAudio@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4Api@1@@Z570x606b30
                                                        ?getApiDisplayName@RtMidi@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4Api@1@@Z580x6102f0
                                                        ?getApiName@RtAudio@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4Api@1@@Z590x606bc0
                                                        ?getApiName@RtMidi@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4Api@1@@Z600x610380
                                                        ?getCompiledApi@RtAudio@@SAXAAV?$vector@W4Api@RtAudio@@V?$allocator@W4Api@RtAudio@@@std@@@std@@@Z610x606c30
                                                        ?getCompiledApi@RtMidi@@SAXAAV?$vector@W4Api@RtMidi@@V?$allocator@W4Api@RtMidi@@@std@@@std@@@Z620x6103f0
                                                        ?getCompiledApiByDisplayName@RtAudio@@SA?AW4Api@1@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z630x606cb0
                                                        ?getCompiledApiByName@RtAudio@@SA?AW4Api@1@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z640x606d10
                                                        ?getCompiledApiByName@RtMidi@@SA?AW4Api@1@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z650x610470
                                                        ?getCurrentApi@RtAudio@@QAE?AW4Api@1@XZ660x606d80
                                                        ?getCurrentApi@RtMidiIn@@QAE?AW4Api@RtMidi@@XZ670x610530
                                                        ?getCurrentApi@RtMidiOut@@QAE?AW4Api@RtMidi@@XZ680x610530
                                                        ?getDefaultInputDevice@RtApi@@UAEIXZ690x606d90
                                                        ?getDefaultInputDevice@RtAudio@@QAEIXZ700x6071c0
                                                        ?getDefaultOutputDevice@RtApi@@UAEIXZ710x6071d0
                                                        ?getDefaultOutputDevice@RtAudio@@QAEIXZ720x452450
                                                        ?getDeviceCount@RtApi@@QAEIXZ730x607600
                                                        ?getDeviceCount@RtAudio@@QAEIXZ740x452440
                                                        ?getDeviceIds@RtApi@@QAE?AV?$vector@IV?$allocator@I@std@@@std@@XZ750x607630
                                                        ?getDeviceIds@RtAudio@@QAE?AV?$vector@IV?$allocator@I@std@@@std@@XZ760x607730
                                                        ?getDeviceInfo@RtApi@@QAE?AUDeviceInfo@RtAudio@@I@Z770x607750
                                                        ?getDeviceInfo@RtAudio@@QAE?AUDeviceInfo@1@I@Z780x6078b0
                                                        ?getDeviceNames@RtApi@@QAE?AV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@XZ790x6078d0
                                                        ?getDeviceNames@RtAudio@@QAE?AV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@XZ800x6079d0
                                                        ?getErrorText@RtApi@@QBE?BV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ810x6079f0
                                                        ?getErrorText@RtAudio@@QAE?BV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ820x607a10
                                                        ?getMessage@MidiInApi@@QAENPAV?$vector@EV?$allocator@E@std@@@std@@@Z830x610540
                                                        ?getMessage@RtMidiError@@UBEABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ840x6105f0
                                                        ?getMessage@RtMidiIn@@QAENPAV?$vector@EV?$allocator@E@std@@@std@@@Z850x610600
                                                        ?getPortCount@RtMidiIn@@UAEIXZ860x4524d0
                                                        ?getPortCount@RtMidiOut@@UAEIXZ870x4524d0
                                                        ?getPortName@RtMidiIn@@UAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@I@Z880x610c10
                                                        ?getPortName@RtMidiOut@@UAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@I@Z890x610c10
                                                        ?getStreamLatency@RtApi@@QAEJXZ900x607a30
                                                        ?getStreamLatency@RtAudio@@QAEJXZ910x607a60
                                                        ?getStreamSampleRate@RtApi@@QAEIXZ920x607a90
                                                        ?getStreamSampleRate@RtAudio@@QAEIXZ930x607ab0
                                                        ?getStreamTime@RtApi@@UBENXZ940x607ad0
                                                        ?getStreamTime@RtAudio@@QAENXZ950x607ae0
                                                        ?getType@RtMidiError@@UBEABW4Type@1@XZ960x610c30
                                                        ?getVersion@RtAudio@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ970x607af0
                                                        ?getVersion@RtMidi@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ980x610c40
                                                        ?ignoreTypes@MidiInApi@@UAEX_N00@Z990x610c70
                                                        ?ignoreTypes@RtMidiIn@@QAEX_N00@Z1000x610ca0
                                                        ?isPortOpen@MidiApi@@QBE_NXZ1010x611040
                                                        ?isPortOpen@RtMidiIn@@UBE_NXZ1020x611050
                                                        ?isPortOpen@RtMidiOut@@UBE_NXZ1030x611050
                                                        ?isStreamOpen@RtApi@@QBE_NXZ1040x452430
                                                        ?isStreamOpen@RtAudio@@QBE_NXZ1050x452490
                                                        ?isStreamRunning@RtApi@@QBE_NXZ1060x607b30
                                                        ?isStreamRunning@RtAudio@@QBE_NXZ1070x607b40
                                                        ?openMidiApi@RtMidiIn@@IAEXW4Api@RtMidi@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@I@Z1080x6112f0
                                                        ?openMidiApi@RtMidiOut@@IAEXW4Api@RtMidi@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z1090x611450
                                                        ?openPort@RtMidiIn@@UAEXIABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z1100x4524a0
                                                        ?openPort@RtMidiOut@@UAEXIABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z1110x611980
                                                        ?openRtApi@RtAudio@@IAEXW4Api@1@@Z1120x607b50
                                                        ?openStream@RtApi@@QAE?AW4RtAudioErrorType@@PAUStreamParameters@RtAudio@@0KIPAIP6AHPAX2INI2@Z2PAUStreamOptions@4@@Z1130x607c40
                                                        ?openStream@RtAudio@@QAE?AW4RtAudioErrorType@@PAUStreamParameters@1@0KIPAIP6AHPAX2INI2@Z2PAUStreamOptions@1@@Z1140x607fe0
                                                        ?openVirtualPort@RtMidiIn@@UAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z1150x6119f0
                                                        ?openVirtualPort@RtMidiOut@@UAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z1160x6119f0
                                                        ?printMessage@RtMidiError@@UBEXXZ1170x611a00
                                                        ?probeDeviceOpen@RtApi@@MAE_NIW4StreamMode@1@IIIKPAIPAUStreamOptions@RtAudio@@@Z1180x608500
                                                        ?probeDevices@RtApi@@MAEXXZ1190x4510f0
                                                        ?sendMessage@RtMidiOut@@QAEXPBEI@Z1200x610ca0
                                                        ?sendMessage@RtMidiOut@@QAEXPBV?$vector@EV?$allocator@E@std@@@std@@@Z1210x611c20
                                                        ?setBufferSize@MidiInApi@@UAEXII@Z1220x611c50
                                                        ?setBufferSize@RtMidiIn@@UAEXII@Z1230x611c70
                                                        ?setCallback@MidiInApi@@QAEXP6AXNPAV?$vector@EV?$allocator@E@std@@@std@@PAX@Z1@Z1240x611c80
                                                        ?setCallback@RtMidiIn@@QAEXP6AXNPAV?$vector@EV?$allocator@E@std@@@std@@PAX@Z1@Z1250x4524c0
                                                        ?setClientName@RtMidi@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z1260x611d60
                                                        ?setConvertInfo@RtApi@@IAEXW4StreamMode@1@I@Z1270x609df0
                                                        ?setErrorCallback@MidiApi@@QAEXP6AXW4Type@RtMidiError@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PAX@Z2@Z1280x611d70
                                                        ?setErrorCallback@RtApi@@QAEXV?$function@$$A6AXW4RtAudioErrorType@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z@std@@@Z1290x60a1e0
                                                        ?setErrorCallback@RtAudio@@QAEXV?$function@$$A6AXW4RtAudioErrorType@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z@std@@@Z1300x60a250
                                                        ?setErrorCallback@RtMidiIn@@UAEXP6AXW4Type@RtMidiError@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PAX@Z2@Z1310x611d90
                                                        ?setErrorCallback@RtMidiOut@@UAEXP6AXW4Type@RtMidiError@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PAX@Z2@Z1320x611d90
                                                        ?setPortName@RtMidi@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z1330x611e10
                                                        ?setStreamTime@RtApi@@UAEXN@Z1340x60a300
                                                        ?setStreamTime@RtAudio@@QAEXN@Z1350x60a320
                                                        ?showWarnings@RtApi@@QAEX_N@Z1360x60a340
                                                        ?showWarnings@RtAudio@@QAEX_N@Z1370x60a350
                                                        ?startStream@RtAudio@@QAE?AW4RtAudioErrorType@@XZ1380x452470
                                                        ?stopStream@RtAudio@@QAE?AW4RtAudioErrorType@@XZ1390x452480
                                                        ?tickStreamTime@RtApi@@IAEXXZ1400x60a510
                                                        ?what@RtMidiError@@UBEPBDXZ1410x611f20

                                                        Possible Origin

                                                        Language of compilation systemCountry where language is spokenMap
                                                        EnglishUnited States

                                                        Network Behavior

                                                        Suricata IDS Alerts

                                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                        2024-12-11T16:19:11.189037+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.54994677.221.149.84443TCP
                                                        2024-12-11T16:19:11.258928+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.54994789.116.191.177443TCP
                                                        2024-12-11T16:19:11.307864+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.549948213.210.13.4443TCP
                                                        2024-12-11T16:19:11.374390+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.549949193.188.22.40443TCP

                                                        Network Port Distribution

                                                        TCP Packets

                                                        TimestampSource PortDest PortSource IPDest IP
                                                        Dec 11, 2024 16:18:45.526776075 CET49885443192.168.2.577.221.149.84
                                                        Dec 11, 2024 16:18:45.526829004 CET4434988577.221.149.84192.168.2.5
                                                        Dec 11, 2024 16:18:45.526931047 CET49885443192.168.2.577.221.149.84
                                                        Dec 11, 2024 16:18:45.578161955 CET49885443192.168.2.577.221.149.84
                                                        Dec 11, 2024 16:18:45.578186035 CET4434988577.221.149.84192.168.2.5
                                                        Dec 11, 2024 16:18:45.578248024 CET4434988577.221.149.84192.168.2.5
                                                        Dec 11, 2024 16:18:45.584567070 CET49887443192.168.2.589.116.191.177
                                                        Dec 11, 2024 16:18:45.584603071 CET4434988789.116.191.177192.168.2.5
                                                        Dec 11, 2024 16:18:45.584670067 CET49887443192.168.2.589.116.191.177
                                                        Dec 11, 2024 16:18:45.645380974 CET49887443192.168.2.589.116.191.177
                                                        Dec 11, 2024 16:18:45.645410061 CET4434988789.116.191.177192.168.2.5
                                                        Dec 11, 2024 16:18:45.645426989 CET49887443192.168.2.589.116.191.177
                                                        Dec 11, 2024 16:18:45.645431995 CET4434988789.116.191.177192.168.2.5
                                                        Dec 11, 2024 16:18:45.645474911 CET4434988789.116.191.177192.168.2.5
                                                        Dec 11, 2024 16:18:45.650144100 CET49888443192.168.2.5213.210.13.4
                                                        Dec 11, 2024 16:18:45.650187969 CET44349888213.210.13.4192.168.2.5
                                                        Dec 11, 2024 16:18:45.650258064 CET49888443192.168.2.5213.210.13.4
                                                        Dec 11, 2024 16:18:45.708491087 CET49888443192.168.2.5213.210.13.4
                                                        Dec 11, 2024 16:18:45.708520889 CET44349888213.210.13.4192.168.2.5
                                                        Dec 11, 2024 16:18:45.708586931 CET44349888213.210.13.4192.168.2.5
                                                        Dec 11, 2024 16:18:45.712243080 CET49889443192.168.2.5193.188.22.40
                                                        Dec 11, 2024 16:18:45.712346077 CET44349889193.188.22.40192.168.2.5
                                                        Dec 11, 2024 16:18:45.712470055 CET49889443192.168.2.5193.188.22.40
                                                        Dec 11, 2024 16:18:45.759015083 CET49889443192.168.2.5193.188.22.40
                                                        Dec 11, 2024 16:18:45.759036064 CET44349889193.188.22.40192.168.2.5
                                                        Dec 11, 2024 16:18:45.759097099 CET44349889193.188.22.40192.168.2.5
                                                        Dec 11, 2024 16:18:45.759116888 CET49889443192.168.2.5193.188.22.40
                                                        Dec 11, 2024 16:18:45.759130001 CET44349889193.188.22.40192.168.2.5
                                                        Dec 11, 2024 16:19:11.144069910 CET49946443192.168.2.577.221.149.84
                                                        Dec 11, 2024 16:19:11.144115925 CET4434994677.221.149.84192.168.2.5
                                                        Dec 11, 2024 16:19:11.144207001 CET49946443192.168.2.577.221.149.84
                                                        Dec 11, 2024 16:19:11.189037085 CET49946443192.168.2.577.221.149.84
                                                        Dec 11, 2024 16:19:11.189069033 CET4434994677.221.149.84192.168.2.5
                                                        Dec 11, 2024 16:19:11.189129114 CET49946443192.168.2.577.221.149.84
                                                        Dec 11, 2024 16:19:11.189135075 CET4434994677.221.149.84192.168.2.5
                                                        Dec 11, 2024 16:19:11.189157963 CET4434994677.221.149.84192.168.2.5
                                                        Dec 11, 2024 16:19:11.196167946 CET49947443192.168.2.589.116.191.177
                                                        Dec 11, 2024 16:19:11.196218967 CET4434994789.116.191.177192.168.2.5
                                                        Dec 11, 2024 16:19:11.196306944 CET49947443192.168.2.589.116.191.177
                                                        Dec 11, 2024 16:19:11.258928061 CET49947443192.168.2.589.116.191.177
                                                        Dec 11, 2024 16:19:11.258956909 CET4434994789.116.191.177192.168.2.5
                                                        Dec 11, 2024 16:19:11.259004116 CET4434994789.116.191.177192.168.2.5
                                                        Dec 11, 2024 16:19:11.259006023 CET49947443192.168.2.589.116.191.177
                                                        Dec 11, 2024 16:19:11.259021997 CET4434994789.116.191.177192.168.2.5
                                                        Dec 11, 2024 16:19:11.262748957 CET49948443192.168.2.5213.210.13.4
                                                        Dec 11, 2024 16:19:11.262793064 CET44349948213.210.13.4192.168.2.5
                                                        Dec 11, 2024 16:19:11.262855053 CET49948443192.168.2.5213.210.13.4
                                                        Dec 11, 2024 16:19:11.307863951 CET49948443192.168.2.5213.210.13.4
                                                        Dec 11, 2024 16:19:11.307894945 CET44349948213.210.13.4192.168.2.5
                                                        Dec 11, 2024 16:19:11.307946920 CET49948443192.168.2.5213.210.13.4
                                                        Dec 11, 2024 16:19:11.307954073 CET44349948213.210.13.4192.168.2.5
                                                        Dec 11, 2024 16:19:11.307987928 CET44349948213.210.13.4192.168.2.5
                                                        Dec 11, 2024 16:19:11.311276913 CET49949443192.168.2.5193.188.22.40
                                                        Dec 11, 2024 16:19:11.311330080 CET44349949193.188.22.40192.168.2.5
                                                        Dec 11, 2024 16:19:11.311392069 CET49949443192.168.2.5193.188.22.40
                                                        Dec 11, 2024 16:19:11.374389887 CET49949443192.168.2.5193.188.22.40
                                                        Dec 11, 2024 16:19:11.374411106 CET44349949193.188.22.40192.168.2.5
                                                        Dec 11, 2024 16:19:11.374463081 CET44349949193.188.22.40192.168.2.5
                                                        Dec 11, 2024 16:19:11.374484062 CET49949443192.168.2.5193.188.22.40
                                                        Dec 11, 2024 16:19:11.374501944 CET44349949193.188.22.40192.168.2.5
                                                        Dec 11, 2024 16:19:11.382709980 CET49950443192.168.2.577.221.149.84
                                                        Dec 11, 2024 16:19:11.382757902 CET4434995077.221.149.84192.168.2.5
                                                        Dec 11, 2024 16:19:11.382841110 CET49950443192.168.2.577.221.149.84
                                                        Dec 11, 2024 16:19:11.438754082 CET49950443192.168.2.577.221.149.84
                                                        Dec 11, 2024 16:19:11.438782930 CET4434995077.221.149.84192.168.2.5
                                                        Dec 11, 2024 16:19:11.438849926 CET4434995077.221.149.84192.168.2.5
                                                        Dec 11, 2024 16:19:11.438857079 CET49950443192.168.2.577.221.149.84
                                                        Dec 11, 2024 16:19:11.438875914 CET4434995077.221.149.84192.168.2.5
                                                        Dec 11, 2024 16:19:11.450644970 CET49951443192.168.2.589.116.191.177
                                                        Dec 11, 2024 16:19:11.450743914 CET4434995189.116.191.177192.168.2.5
                                                        Dec 11, 2024 16:19:11.450844049 CET49951443192.168.2.589.116.191.177
                                                        Dec 11, 2024 16:19:11.518671036 CET49951443192.168.2.589.116.191.177
                                                        Dec 11, 2024 16:19:11.518709898 CET4434995189.116.191.177192.168.2.5
                                                        Dec 11, 2024 16:19:11.518734932 CET49951443192.168.2.589.116.191.177
                                                        Dec 11, 2024 16:19:11.518758059 CET4434995189.116.191.177192.168.2.5
                                                        Dec 11, 2024 16:19:11.518795013 CET4434995189.116.191.177192.168.2.5
                                                        Dec 11, 2024 16:19:11.524528980 CET49952443192.168.2.5213.210.13.4
                                                        Dec 11, 2024 16:19:11.524571896 CET44349952213.210.13.4192.168.2.5
                                                        Dec 11, 2024 16:19:11.524633884 CET49952443192.168.2.5213.210.13.4
                                                        Dec 11, 2024 16:19:11.566745996 CET49952443192.168.2.5213.210.13.4
                                                        Dec 11, 2024 16:19:11.566783905 CET44349952213.210.13.4192.168.2.5
                                                        Dec 11, 2024 16:19:11.566829920 CET49952443192.168.2.5213.210.13.4
                                                        Dec 11, 2024 16:19:11.566838980 CET44349952213.210.13.4192.168.2.5
                                                        Dec 11, 2024 16:19:11.566847086 CET44349952213.210.13.4192.168.2.5
                                                        Dec 11, 2024 16:19:11.570317984 CET49954443192.168.2.5193.188.22.40
                                                        Dec 11, 2024 16:19:11.570365906 CET44349954193.188.22.40192.168.2.5
                                                        Dec 11, 2024 16:19:11.570427895 CET49954443192.168.2.5193.188.22.40
                                                        Dec 11, 2024 16:19:11.619551897 CET49954443192.168.2.5193.188.22.40
                                                        Dec 11, 2024 16:19:11.619580030 CET44349954193.188.22.40192.168.2.5
                                                        Dec 11, 2024 16:19:11.619626045 CET49954443192.168.2.5193.188.22.40
                                                        Dec 11, 2024 16:19:11.619632959 CET44349954193.188.22.40192.168.2.5
                                                        Dec 11, 2024 16:19:11.619654894 CET44349954193.188.22.40192.168.2.5
                                                        Dec 11, 2024 16:19:11.877367020 CET4995653192.168.2.58.8.8.8
                                                        Dec 11, 2024 16:19:11.997085094 CET53499568.8.8.8192.168.2.5
                                                        Dec 11, 2024 16:19:11.997236013 CET4995653192.168.2.58.8.8.8
                                                        Dec 11, 2024 16:19:14.894249916 CET53499568.8.8.8192.168.2.5
                                                        Dec 11, 2024 16:19:14.894392014 CET4995653192.168.2.58.8.8.8

                                                        Statistics

                                                        CPU Usage

                                                        Click to jump to process

                                                        Memory Usage

                                                        Click to jump to process

                                                        High Level Behavior Distribution

                                                        Click to dive into process behavior distribution

                                                        Behavior

                                                        Click to jump to process

                                                        System Behavior

                                                        General

                                                        Target ID:0
                                                        Start time:10:17:15
                                                        Start date:11/12/2024
                                                        Path:C:\Users\user\Desktop\zDcNyG6Csn.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:"C:\Users\user\Desktop\zDcNyG6Csn.exe"
                                                        Imagebase:0x730000
                                                        File size:14'840'744 bytes
                                                        MD5 hash:71305067261AD445D787BA9B8A8F5343
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:low
                                                        Has exited:true

                                                        General

                                                        Target ID:4
                                                        Start time:10:18:04
                                                        Start date:11/12/2024
                                                        Path:C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:"C:\Users\user\AppData\Local\Programs\Advanced Vynil Studio\VinylStudio.exe"
                                                        Imagebase:0x400000
                                                        File size:9'112'184 bytes
                                                        MD5 hash:73979A5C684010903C2B85D78AACADED
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:Borland Delphi
                                                        Yara matches:
                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000003.2690829104.0000000006ABC000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_DanaBot_stealer_dll, Description: Yara detected DanaBot stealer dll, Source: 00000004.00000003.2690829104.0000000006ABC000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000003.2684285072.0000000005427000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_DanaBot_stealer_dll, Description: Yara detected DanaBot stealer dll, Source: 00000004.00000003.2684285072.0000000005427000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000003.3030223169.0000000007259000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_DanaBot_stealer_dll, Description: Yara detected DanaBot stealer dll, Source: 00000004.00000003.3030223169.0000000007259000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000003.2687682405.00000000059C4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_DanaBot_stealer_dll, Description: Yara detected DanaBot stealer dll, Source: 00000004.00000003.2687682405.00000000059C4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000003.3029578609.0000000006514000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_DanaBot_stealer_dll, Description: Yara detected DanaBot stealer dll, Source: 00000004.00000003.3029578609.0000000006514000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000003.2695780673.00000000059C4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_DanaBot_stealer_dll, Description: Yara detected DanaBot stealer dll, Source: 00000004.00000003.2695780673.00000000059C4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000003.2688539770.00000000059CC000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_DanaBot_stealer_dll, Description: Yara detected DanaBot stealer dll, Source: 00000004.00000003.2688539770.00000000059CC000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000003.2694856415.0000000006511000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_DanaBot_stealer_dll, Description: Yara detected DanaBot stealer dll, Source: 00000004.00000003.2694856415.0000000006511000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000003.2689455592.00000000059C6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_DanaBot_stealer_dll, Description: Yara detected DanaBot stealer dll, Source: 00000004.00000003.2689455592.00000000059C6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000003.2690264096.0000000006517000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_DanaBot_stealer_dll, Description: Yara detected DanaBot stealer dll, Source: 00000004.00000003.2690264096.0000000006517000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000003.2698406593.0000000006510000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_DanaBot_stealer_dll, Description: Yara detected DanaBot stealer dll, Source: 00000004.00000003.2698406593.0000000006510000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000003.2702181142.00000000059C0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_DanaBot_stealer_dll, Description: Yara detected DanaBot stealer dll, Source: 00000004.00000003.2702181142.00000000059C0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000003.2683044684.0000000005F6A000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_DanaBot_stealer_dll, Description: Yara detected DanaBot stealer dll, Source: 00000004.00000003.2683044684.0000000005F6A000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000003.2682373684.00000000059C4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_DanaBot_stealer_dll, Description: Yara detected DanaBot stealer dll, Source: 00000004.00000003.2682373684.00000000059C4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000003.2691547817.00000000059C2000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_DanaBot_stealer_dll, Description: Yara detected DanaBot stealer dll, Source: 00000004.00000003.2691547817.00000000059C2000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000003.2696959590.00000000059CA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_DanaBot_stealer_dll, Description: Yara detected DanaBot stealer dll, Source: 00000004.00000003.2696959590.00000000059CA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000003.2696465564.000000000651B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_DanaBot_stealer_dll, Description: Yara detected DanaBot stealer dll, Source: 00000004.00000003.2696465564.000000000651B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                        Antivirus matches:
                                                        • Detection: 0%, ReversingLabs
                                                        Reputation:low
                                                        Has exited:false

                                                        Disassembly

                                                        Reset < >

                                                          Execution Graph

                                                          Execution Coverage:6%
                                                          Dynamic/Decrypted Code Coverage:0%
                                                          Signature Coverage:1.6%
                                                          Total number of Nodes:448
                                                          Total number of Limit Nodes:10
                                                          execution_graph 2383 937b50 2384 937b7d 2383->2384 2385 937c1a 2384->2385 2386 937bb0 ??0RtApi@@QAE CoInitialize 2384->2386 2387 937c01 CoCreateInstance 2386->2387 2388 937bfa 2386->2388 2387->2385 2388->2387 2677 93d190 2678 93d1de 2677->2678 2680 93d240 2678->2680 2681 93ec90 2678->2681 2682 93eca0 2681->2682 2684 93ecce 2681->2684 2685 93eca7 2682->2685 2686 77c130 2682->2686 2684->2680 2685->2680 2687 77c13e Concurrency::cancel_current_task 2686->2687 2688 96764b Concurrency::cancel_current_task 2 API calls 2687->2688 2689 77c14c 2688->2689 2692 96644e 2689->2692 2693 96645b ___std_exception_copy 2692->2693 2695 77c173 2692->2695 2693->2695 2696 97071e 2693->2696 2695->2685 2697 98502c ___free_lconv_mon 2 API calls 2696->2697 2698 970736 2697->2698 2698->2695 2699 93e490 2700 78fc80 2699->2700 2701 93e4d7 ??0RtMidiIn@@QAE@W4Api@RtMidi@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@I 2700->2701 2702 93e546 2701->2702 2703 93e52b 2701->2703 2703->2702 2704 93e5c7 ??0RtMidiOut@@QAE@W4Api@RtMidi@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ 2703->2704 2705 93e60f 2704->2705 2778 93d2d0 2779 93d412 2778->2779 2780 93d3c3 2778->2780 2780->2779 2782 9658cc 2780->2782 2787 9658d8 2782->2787 2783 965903 2788 96592c 2783->2788 2784 9658e8 ?probeDevices@RtApi@ 2784->2787 2787->2783 2787->2784 2789 965930 2788->2789 2790 965914 2788->2790 2791 9659c5 ?probeDevices@RtApi@ 2789->2791 2790->2779 2791->2790 2796 9379d0 ?getDeviceNames@RtApi@@QAE?AV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@ 2857 941450 2859 94147c 2857->2859 2858 9414b1 2859->2858 2860 93d500 2 API calls 2859->2860 2860->2858 2484 97071e 2485 98502c ___free_lconv_mon 2 API calls 2484->2485 2486 970736 2485->2486 2706 970e9b 2709 970ce9 2706->2709 2710 970cf5 2709->2710 2715 97dfb0 EnterCriticalSection 2710->2715 2712 970d03 2716 970d45 2712->2716 2715->2712 2719 97dff8 LeaveCriticalSection 2716->2719 2718 970d2e 2719->2718 2861 987d48 2864 987cb0 2861->2864 2865 987cc1 MultiByteToWideChar 2864->2865 2371 93d800 2372 93d87c ?getCompiledApi@RtMidi@@SAXAAV?$vector@W4Api@RtMidi@@V?$allocator@W4Api@RtMidi@@@std@@@std@@ 2371->2372 2373 93d8b5 ?openMidiApi@RtMidiIn@@IAEXW4Api@RtMidi@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@I 2372->2373 2374 93d8db 2372->2374 2373->2374 2375 93d93e ??0RtMidiError@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4Type@0@ 2374->2375 2377 93d8e1 2374->2377 2378 96764b 2375->2378 2379 967665 2378->2379 2380 967692 RaiseException 2378->2380 2381 96766a ?probeDevices@RtApi@ 2379->2381 2382 967683 2379->2382 2380->2377 2381->2382 2382->2380 2720 932e80 2721 9330d3 ?getCompiledApi@RtAudio@@SAXAAV?$vector@W4Api@RtAudio@@V?$allocator@W4Api@RtAudio@@@std@@@std@@ 2720->2721 2722 93e580 2723 78fc80 2722->2723 2724 93e5c7 ??0RtMidiOut@@QAE@W4Api@RtMidi@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ 2723->2724 2725 93e60f 2724->2725 2726 93df80 2727 93df8c 2726->2727 2731 93dfa0 2726->2731 2732 9664b1 2727->2732 2730 96644e ___std_exception_copy 2 API calls 2730->2731 2733 9664be 2732->2733 2735 93df96 2732->2735 2734 97071e ___std_exception_copy 2 API calls 2733->2734 2734->2735 2735->2730 2797 936ac0 2798 936acc 2797->2798 2800 936ad0 2797->2800 2799 936adf 2800->2799 2801 936b11 ?error@RtApi@@IAE?AW4RtAudioErrorType@@W42@ 2800->2801 2866 937c40 2867 937c75 ?clearStreamInfo@RtApi@ 2866->2867 2868 937cac ?formatBytes@RtApi@@IAEIK 2867->2868 2870 937d3e 2868->2870 2736 941c80 2737 941c8a 2736->2737 2739 941cb4 2736->2739 2740 941ca6 ?error@MidiApi@@QAEXW4Type@RtMidiError@@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ 2737->2740 2738 941ce6 2739->2738 2741 941cd8 ?error@MidiApi@@QAEXW4Type@RtMidiError@@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ 2739->2741 2829 941a00 2830 941a10 2829->2830 2833 932080 2830->2833 2832 941a2c 2835 9320c2 2833->2835 2834 932247 2834->2832 2835->2834 2836 96764b Concurrency::cancel_current_task 2 API calls 2835->2836 2837 9322c8 2836->2837 2871 940540 2872 940553 2871->2872 2873 940581 2872->2873 2874 940578 ?error@MidiApi@@QAEXW4Type@RtMidiError@@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ 2872->2874 2874->2873 2838 964d08 2841 965dd2 2838->2841 2840 964d0d 2840->2840 2842 965de8 2841->2842 2844 965df1 2842->2844 2845 965d85 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 2842->2845 2844->2840 2845->2844 2846 986b39 2848 986b4a 2846->2848 2847 986bac 2848->2847 2849 98502c ___free_lconv_mon 2 API calls 2848->2849 2849->2847 2875 970176 EnterCriticalSection 2743 9378b0 ?getDeviceInfo@RtApi@@QAE?AUDeviceInfo@RtAudio@@I 2850 933a30 DeleteCriticalSection 2851 965940 2 API calls 2850->2851 2852 933a85 2851->2852 2853 937730 ?getDeviceIds@RtApi@@QAE?AV?$vector@IV?$allocator@I@std@@@std@ 2876 93db70 2877 93db81 2876->2877 2879 93db9d 2876->2879 2878 965940 2 API calls 2877->2878 2877->2879 2878->2879 2802 9412f0 2803 941324 2802->2803 2804 941431 2803->2804 2805 941353 ??0MidiInApi@@QAE@I midiInGetNumDevs 2803->2805 2806 941396 2805->2806 2807 9413f7 InitializeCriticalSectionAndSpinCount 2806->2807 2807->2804 2808 94140a 2807->2808 2809 941426 ?error@MidiApi@@QAEXW4Type@RtMidiError@@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ 2808->2809 2809->2804 2810 9715f3 2811 971617 2810->2811 2812 9715fe GetLastError SetLastError 2810->2812 2813 9662f0 2816 96630e ___except_validate_context_record _ValidateLocalCookies __IsNonwritableInCurrentImage 2813->2816 2814 96638e _ValidateLocalCookies 2816->2814 2817 9663ef ?probeDevices@RtApi@ 2816->2817 2819 966404 2816->2819 2817->2819 2818 966417 _ValidateLocalCookies 2820 969d60 RtlUnwind 2819->2820 2821 969d75 2820->2821 2821->2818 2324 96ade4 2325 96adf0 2324->2325 2326 96adf7 GetLastError ExitThread 2325->2326 2327 96ae04 2325->2327 2338 9836c7 2327->2338 2330 96ae29 ?probeDevices@RtApi@ 2333 96ae3c 2330->2333 2346 96afc3 2333->2346 2339 96ae14 2338->2339 2340 9836d7 2338->2340 2339->2330 2342 985b90 2339->2342 2340->2339 2355 98571a 2340->2355 2343 985bac 2342->2343 2344 985bb5 ?probeDevices@RtApi@ 2343->2344 2345 96ae20 2343->2345 2344->2345 2345->2330 2359 96ae99 2346->2359 2356 985736 2355->2356 2357 98573f ?probeDevices@RtApi@ 2356->2357 2358 98574e 2356->2358 2357->2358 2358->2339 2361 96aea4 2359->2361 2360 96aee6 ExitThread 2361->2360 2362 96aebd 2361->2362 2367 985bcb 2361->2367 2364 96aed0 2362->2364 2365 96aec9 CloseHandle 2362->2365 2364->2360 2366 96aedc FreeLibraryAndExitThread 2364->2366 2365->2364 2366->2360 2368 985be4 2367->2368 2369 985bed ?probeDevices@RtApi@ 2368->2369 2370 985bf7 2368->2370 2369->2370 2370->2362 2748 93d9a0 2749 93da44 ?getCompiledApi@RtMidi@@SAXAAV?$vector@W4Api@RtMidi@@V?$allocator@W4Api@RtMidi@@@std@@@std@@ 2748->2749 2750 93d9ee 2748->2750 2751 93dae1 2749->2751 2754 93da7d 2749->2754 2750->2749 2753 93db44 ??0RtMidiError@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4Type@0@ 2751->2753 2757 93dae7 2751->2757 2752 93db0d 2755 96764b Concurrency::cancel_current_task 2 API calls 2753->2755 2754->2751 2759 93d500 midiOutGetNumDevs 2754->2759 2755->2757 2757->2752 2764 965940 2757->2764 2760 93d682 2759->2760 2762 93d57e 2759->2762 2760->2754 2761 93d679 ?error@MidiApi@@QAEXW4Type@RtMidiError@@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ 2761->2760 2762->2761 2763 93d6e6 2762->2763 2765 96594c 2764->2765 2766 965986 2765->2766 2767 965971 ?probeDevices@RtApi@ 2765->2767 2770 9659b5 2766->2770 2767->2765 2771 965997 2770->2771 2772 9659b9 2770->2772 2771->2752 2774 9659c5 2772->2774 2775 9659d1 2774->2775 2776 9659e1 ?probeDevices@RtApi@ 2775->2776 2777 965a1f 2775->2777 2776->2775 2777->2771 2854 93d720 2855 96644e ___std_exception_copy 2 API calls 2854->2855 2856 93d767 2855->2856 2880 933f60 ??0RtAudio@@QAE@W4Api@0@$$QAV?$function@$$A6AXW4RtAudioErrorType@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z@std@@ 2881 933fa5 2880->2881 2882 93dd60 2885 93dd71 2882->2885 2883 9664b1 ___std_exception_destroy 2 API calls 2884 93ddba 2883->2884 2885->2883 2886 93ddbf 2885->2886 2887 93f560 2888 93f594 2887->2888 2889 93f56b 2887->2889 2890 93f587 ?error@MidiApi@@QAEXW4Type@RtMidiError@@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ 2889->2890 2389 96a3a2 2392 96a212 2389->2392 2393 96a251 2392->2393 2394 96a23f 2392->2394 2404 96a0a3 2393->2404 2419 965c89 GetModuleHandleW 2394->2419 2398 96a28e 2403 96a2a3 2405 96a0af 2404->2405 2427 97dfb0 EnterCriticalSection 2405->2427 2407 96a0b9 2428 96a12a 2407->2428 2412 96a2a9 2473 96a2da 2412->2473 2414 96a2b3 2415 96a2c7 2414->2415 2416 96a2b7 GetCurrentProcess TerminateProcess 2414->2416 2417 96a2f3 4 API calls 2415->2417 2416->2415 2418 96a2cf ExitProcess 2417->2418 2420 965c95 2419->2420 2420->2393 2421 96a2f3 GetModuleHandleExW 2420->2421 2422 96a332 GetProcAddress 2421->2422 2423 96a353 2421->2423 2422->2423 2424 96a346 ?probeDevices@RtApi@ 2422->2424 2425 96a250 2423->2425 2426 96a359 FreeLibrary 2423->2426 2424->2423 2425->2393 2426->2425 2427->2407 2432 96a136 2428->2432 2429 96a184 2430 96a19a 2429->2430 2441 980e85 2429->2441 2431 96a1b7 2430->2431 2445 98113b 2430->2445 2435 98113b ?probeDevices@RtApi@ 2431->2435 2432->2429 2436 96a174 ?probeDevices@RtApi@ 2432->2436 2437 96a0c6 2432->2437 2435->2437 2436->2429 2438 96a0e4 2437->2438 2472 97dff8 LeaveCriticalSection 2438->2472 2440 96a0d2 2440->2398 2440->2412 2442 980e91 __EH_prolog3 2441->2442 2449 980bdd 2442->2449 2444 980eb8 2444->2430 2446 981149 2445->2446 2447 981162 2445->2447 2446->2447 2448 981150 ?probeDevices@RtApi@ 2446->2448 2447->2431 2448->2446 2450 980be9 2449->2450 2457 97dfb0 EnterCriticalSection 2450->2457 2452 980bf7 2458 980d95 2452->2458 2457->2452 2459 980db4 2458->2459 2461 980c04 2458->2461 2460 980e42 2459->2460 2459->2461 2462 980df5 ?probeDevices@RtApi@ 2459->2462 2460->2461 2467 98502c 2460->2467 2464 980c2c 2461->2464 2462->2459 2471 97dff8 LeaveCriticalSection 2464->2471 2466 980c15 2466->2444 2468 985037 RtlFreeHeap 2467->2468 2470 985059 __dosmaperr 2467->2470 2469 98504c GetLastError 2468->2469 2468->2470 2469->2470 2470->2461 2471->2466 2472->2440 2476 983701 2473->2476 2475 96a2df 2475->2414 2477 983710 2476->2477 2478 98371d 2477->2478 2480 9856da 2477->2480 2478->2475 2481 9856f6 2480->2481 2482 9856ff ?probeDevices@RtApi@ 2481->2482 2483 98570e 2481->2483 2482->2483 2483->2478 2487 96a62b GetLastError 2488 96a644 2487->2488 2491 9840cf 2488->2491 2492 9840e2 2491->2492 2494 9840e8 2491->2494 2509 9858a8 2492->2509 2503 96a65c SetLastError 2494->2503 2504 9843aa 2494->2504 2496 984112 2497 98414e 2496->2497 2498 98411a 2496->2498 2514 983cf8 2497->2514 2499 98502c ___free_lconv_mon 2 API calls 2498->2499 2499->2503 2502 98502c ___free_lconv_mon 2 API calls 2502->2503 2507 9843b7 2504->2507 2505 9843e2 RtlAllocateHeap 2506 9843f5 2505->2506 2505->2507 2506->2496 2507->2505 2507->2506 2519 980239 2507->2519 2510 9858c4 2509->2510 2511 9858cd ?probeDevices@RtApi@ 2510->2511 2512 9858df TlsGetValue 2510->2512 2513 9858da 2511->2513 2513->2494 2535 983b8c 2514->2535 2524 980265 2519->2524 2522 98024a ?probeDevices@RtApi@ 2523 980257 2522->2523 2523->2507 2525 980271 2524->2525 2530 97dfb0 EnterCriticalSection 2525->2530 2527 98027c 2531 9802b3 2527->2531 2530->2527 2534 97dff8 LeaveCriticalSection 2531->2534 2533 980244 2533->2522 2533->2523 2534->2533 2536 983b98 2535->2536 2549 97dfb0 EnterCriticalSection 2536->2549 2538 983ba2 2550 983bd2 2538->2550 2541 983c9e 2542 983caa 2541->2542 2554 97dfb0 EnterCriticalSection 2542->2554 2544 983cb4 2555 983e7f 2544->2555 2546 983ccc 2559 983cec 2546->2559 2549->2538 2553 97dff8 LeaveCriticalSection 2550->2553 2552 983bc0 2552->2541 2553->2552 2554->2544 2556 983eb5 2555->2556 2557 983e8e 2555->2557 2556->2546 2557->2556 2562 98d1c5 2557->2562 2676 97dff8 LeaveCriticalSection 2559->2676 2561 983cda 2561->2502 2563 98d245 2562->2563 2569 98d1db 2562->2569 2564 98d293 2563->2564 2566 98502c ___free_lconv_mon 2 API calls 2563->2566 2630 98d336 2564->2630 2568 98d267 2566->2568 2567 98d20e 2570 98d230 2567->2570 2578 98502c ___free_lconv_mon 2 API calls 2567->2578 2571 98502c ___free_lconv_mon 2 API calls 2568->2571 2569->2563 2569->2567 2573 98502c ___free_lconv_mon 2 API calls 2569->2573 2572 98502c ___free_lconv_mon 2 API calls 2570->2572 2574 98d27a 2571->2574 2575 98d23a 2572->2575 2577 98d203 2573->2577 2579 98502c ___free_lconv_mon 2 API calls 2574->2579 2580 98502c ___free_lconv_mon 2 API calls 2575->2580 2576 98d301 2581 98502c ___free_lconv_mon 2 API calls 2576->2581 2590 98c517 2577->2590 2583 98d225 2578->2583 2584 98d288 2579->2584 2580->2563 2585 98d307 2581->2585 2618 98c976 2583->2618 2588 98502c ___free_lconv_mon 2 API calls 2584->2588 2585->2556 2586 98d2a1 2586->2576 2589 98502c RtlFreeHeap GetLastError ___free_lconv_mon 2586->2589 2588->2564 2589->2586 2591 98c528 2590->2591 2592 98c611 2590->2592 2593 98c539 2591->2593 2594 98502c ___free_lconv_mon 2 API calls 2591->2594 2592->2567 2595 98c54b 2593->2595 2596 98502c ___free_lconv_mon 2 API calls 2593->2596 2594->2593 2597 98c55d 2595->2597 2598 98502c ___free_lconv_mon 2 API calls 2595->2598 2596->2595 2599 98c56f 2597->2599 2600 98502c ___free_lconv_mon 2 API calls 2597->2600 2598->2597 2601 98c581 2599->2601 2602 98502c ___free_lconv_mon 2 API calls 2599->2602 2600->2599 2603 98c593 2601->2603 2604 98502c ___free_lconv_mon 2 API calls 2601->2604 2602->2601 2605 98c5a5 2603->2605 2606 98502c ___free_lconv_mon 2 API calls 2603->2606 2604->2603 2607 98c5b7 2605->2607 2608 98502c ___free_lconv_mon 2 API calls 2605->2608 2606->2605 2609 98c5c9 2607->2609 2610 98502c ___free_lconv_mon 2 API calls 2607->2610 2608->2607 2611 98c5db 2609->2611 2612 98502c ___free_lconv_mon 2 API calls 2609->2612 2610->2609 2613 98c5ed 2611->2613 2614 98502c ___free_lconv_mon 2 API calls 2611->2614 2612->2611 2615 98c5ff 2613->2615 2616 98502c ___free_lconv_mon 2 API calls 2613->2616 2614->2613 2615->2592 2617 98502c ___free_lconv_mon 2 API calls 2615->2617 2616->2615 2617->2592 2619 98c983 2618->2619 2629 98c9db 2618->2629 2620 98c993 2619->2620 2621 98502c ___free_lconv_mon 2 API calls 2619->2621 2622 98c9a5 2620->2622 2624 98502c ___free_lconv_mon 2 API calls 2620->2624 2621->2620 2623 98c9b7 2622->2623 2625 98502c ___free_lconv_mon 2 API calls 2622->2625 2626 98c9c9 2623->2626 2627 98502c ___free_lconv_mon 2 API calls 2623->2627 2624->2622 2625->2623 2628 98502c ___free_lconv_mon 2 API calls 2626->2628 2626->2629 2627->2626 2628->2629 2629->2570 2631 98d343 2630->2631 2632 98d362 2630->2632 2631->2632 2636 98ce9d 2631->2636 2632->2586 2635 98502c ___free_lconv_mon 2 API calls 2635->2632 2637 98cf7b 2636->2637 2638 98ceae 2636->2638 2637->2635 2672 98cbfc 2638->2672 2641 98cbfc 2 API calls 2642 98cec1 2641->2642 2643 98cbfc 2 API calls 2642->2643 2644 98cecc 2643->2644 2645 98cbfc 2 API calls 2644->2645 2646 98ced7 2645->2646 2647 98cbfc 2 API calls 2646->2647 2648 98cee5 2647->2648 2649 98502c ___free_lconv_mon 2 API calls 2648->2649 2650 98cef0 2649->2650 2651 98502c ___free_lconv_mon 2 API calls 2650->2651 2652 98cefb 2651->2652 2653 98502c ___free_lconv_mon 2 API calls 2652->2653 2654 98cf06 2653->2654 2655 98cbfc 2 API calls 2654->2655 2656 98cf14 2655->2656 2657 98cbfc 2 API calls 2656->2657 2658 98cf22 2657->2658 2659 98cbfc 2 API calls 2658->2659 2660 98cf33 2659->2660 2661 98cbfc 2 API calls 2660->2661 2662 98cf41 2661->2662 2663 98cbfc 2 API calls 2662->2663 2664 98cf4f 2663->2664 2665 98502c ___free_lconv_mon 2 API calls 2664->2665 2666 98cf5a 2665->2666 2667 98502c ___free_lconv_mon 2 API calls 2666->2667 2668 98cf65 2667->2668 2669 98502c ___free_lconv_mon 2 API calls 2668->2669 2670 98cf70 2669->2670 2671 98502c ___free_lconv_mon 2 API calls 2670->2671 2671->2637 2673 98cc0e 2672->2673 2674 98cc1d 2673->2674 2675 98502c ___free_lconv_mon 2 API calls 2673->2675 2674->2641 2675->2673 2676->2561 2822 9723e9 2825 9723cf 2822->2825 2824 9723f7 2826 9723e2 2825->2826 2827 9723da 2825->2827 2826->2824 2828 98502c ___free_lconv_mon 2 API calls 2827->2828 2828->2826

                                                          Executed Functions

                                                          Function 00937B50 Relevance: 4.6, APIs: 3, Instructions: 67comCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 21 937b50-937b7b 22 937b83-937b8d 21->22 23 937b7d-937b7f 21->23 24 937b93-937bae call 964815 22->24 25 937c26-937c37 22->25 23->22 28 937c22 24->28 29 937bb0-937bf8 ??0RtApi@@QAE@XZ CoInitialize 24->29 32 937c24 28->32 30 937c01-937c18 CoCreateInstance 29->30 31 937bfa 29->31 30->32 33 937c1a-937c20 30->33 31->30 32->25 33->32
                                                          APIs
                                                          • ??0RtApi@@QAE@XZ.ZDCNYG6CSN ref: 00937BB2
                                                          • CoInitialize.OLE32 ref: 00937BF0
                                                          • CoCreateInstance.OLE32(00A33B00,00000000,00000017,00A33B10,000001F4,?,?,00000000), ref: 00937C10
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2641622805.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                          • Associated: 00000000.00000002.2641528730.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2641894568.0000000000999000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2641992906.0000000000A54000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642047570.0000000000A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642102484.0000000000A58000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642130583.0000000000A5C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642181865.0000000000A5E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642181865.0000000000A71000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642181865.0000000000B6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_730000_zDcNyG6Csn.jbxd
                                                          Similarity
                                                          • API ID: Api@@CreateInitializeInstance
                                                          • String ID:
                                                          • API String ID: 3787726353-0
                                                          • Opcode ID: c26a2f65b8fbbe0f06c18822daf6ab31ec047d13ca97f5754995c066d471db6b
                                                          • Instruction ID: 89e5bf61c198bc79e08222f7216cb34b4756601ac0ae443418230e0df64a07e5
                                                          • Opcode Fuzzy Hash: c26a2f65b8fbbe0f06c18822daf6ab31ec047d13ca97f5754995c066d471db6b
                                                          • Instruction Fuzzy Hash: 1521D5B1648356AFEB308F94D845BA6FBE8FB04B18F10456DE4559B380D7B56900CB90
                                                          Function 0093D800 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                          • ?getCompiledApi@RtMidi@@SAXAAV?$vector@W4Api@RtMidi@@V?$allocator@W4Api@RtMidi@@@std@@@std@@@Z.ZDCNYG6CSN(00000000,E500384D), ref: 0093D899
                                                          • ?openMidiApi@RtMidiIn@@IAEXW4Api@RtMidi@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@I@Z.ZDCNYG6CSN(?,?,?), ref: 0093D8C0
                                                          Strings
                                                          • RtMidiIn: no compiled API support found ... critical error!!, xrefs: 0093D931
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2641622805.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                          • Associated: 00000000.00000002.2641528730.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2641894568.0000000000999000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2641992906.0000000000A54000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642047570.0000000000A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642102484.0000000000A58000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642130583.0000000000A5C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642181865.0000000000A5E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642181865.0000000000A71000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642181865.0000000000B6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_730000_zDcNyG6Csn.jbxd
                                                          Similarity
                                                          • API ID: Api@$Midi@@$MidiV?$allocator@$?get?openCompiledD@2@@std@@D@std@@In@@Midi@@@std@@@std@@@U?$char_traits@V?$basic_string@V?$vector@
                                                          • String ID: RtMidiIn: no compiled API support found ... critical error!!
                                                          • API String ID: 2804072031-2150595675
                                                          • Opcode ID: f9c83713efbb6def3a9745646c1f5251d0421a87b4bbe614c095632e1b1fbd5d
                                                          • Instruction ID: f7423c85fca20f31dcefc6e6ea31e0b9b3bb8be43f7643028f81542788fdb868
                                                          • Opcode Fuzzy Hash: f9c83713efbb6def3a9745646c1f5251d0421a87b4bbe614c095632e1b1fbd5d
                                                          • Instruction Fuzzy Hash: 544192B1A012499BDB00DFA8DD95B9EFBB8FF44314F148229F815EB391D775A904CB90
                                                          Function 0096ADE4 Relevance: 4.5, APIs: 3, Instructions: 38threadCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                          • GetLastError.KERNEL32(00A4ECB0,0000000C), ref: 0096ADF7
                                                          • ExitThread.KERNEL32 ref: 0096ADFE
                                                          • ?probeDevices@RtApi@@MAEXXZ.ZDCNYG6CSN(00000000,00A4ECB0,0000000C), ref: 0096AE34
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2641622805.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                          • Associated: 00000000.00000002.2641528730.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2641894568.0000000000999000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2641992906.0000000000A54000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642047570.0000000000A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642102484.0000000000A58000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642130583.0000000000A5C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642181865.0000000000A5E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642181865.0000000000A71000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642181865.0000000000B6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_730000_zDcNyG6Csn.jbxd
                                                          Similarity
                                                          • API ID: ?probeApi@@Devices@ErrorExitLastThread
                                                          • String ID:
                                                          • API String ID: 1459671897-0
                                                          • Opcode ID: 31ad41feac676ea6f931bfefc7182f80a4d0547f6fd0a7676f2c1c909622639a
                                                          • Instruction ID: bb72c3b35b8faf4663117ba89759d0895be350a76b47e91711694ccccc7393bf
                                                          • Opcode Fuzzy Hash: 31ad41feac676ea6f931bfefc7182f80a4d0547f6fd0a7676f2c1c909622639a
                                                          • Instruction Fuzzy Hash: 8DF0CD70900605AFDB01BFB4C80AB6E7B74FF84710F20454AF402AB3A2DB765902DFA2
                                                          Function 0096A2A9 Relevance: 4.5, APIs: 3, Instructions: 15COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                          • GetCurrentProcess.KERNEL32(00000000,?,0096A2A3,00000000,00984EC7,?,00000000,E500384D,00984EC7,00000000), ref: 0096A2BA
                                                          • TerminateProcess.KERNEL32(00000000,?,0096A2A3,00000000,00984EC7,?,00000000,E500384D,00984EC7,00000000), ref: 0096A2C1
                                                          • ExitProcess.KERNEL32 ref: 0096A2D3
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2641622805.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                          • Associated: 00000000.00000002.2641528730.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2641894568.0000000000999000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2641992906.0000000000A54000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642047570.0000000000A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642102484.0000000000A58000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642130583.0000000000A5C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642181865.0000000000A5E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642181865.0000000000A71000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642181865.0000000000B6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_730000_zDcNyG6Csn.jbxd
                                                          Similarity
                                                          • API ID: Process$CurrentExitTerminate
                                                          • String ID:
                                                          • API String ID: 1703294689-0
                                                          • Opcode ID: ed667d28d6f6ba4ebd4a5aa5ff2a2b0a43ea05c6acf052a0331afd6d152b2033
                                                          • Instruction ID: 61ad24a9f3993528273366408b8e2f10362d6169e63232bad70aa06844345878
                                                          • Opcode Fuzzy Hash: ed667d28d6f6ba4ebd4a5aa5ff2a2b0a43ea05c6acf052a0331afd6d152b2033
                                                          • Instruction Fuzzy Hash: F4D09E31458109BBDF113F6DDC1D9D93F29FF85351B004056F92955031CF36A991EE81
                                                          Function 0098502C Relevance: 3.0, APIs: 2, Instructions: 22memoryCOMMONLIBRARYCODE
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 59 98502c-985035 60 985064-985065 59->60 61 985037-98504a RtlFreeHeap 59->61 61->60 62 98504c-985063 GetLastError call 97188f call 97192c 61->62 62->60
                                                          APIs
                                                          • RtlFreeHeap.NTDLL(00000000,00000000,?,00970736,?,?,?,0096649E,00000000,?,00000000,?,?,0077C173,?,?), ref: 00985042
                                                          • GetLastError.KERNEL32(00000000,?,00970736,?,?,?,0096649E,00000000,?,00000000,?,?,0077C173,?,?), ref: 0098504D
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2641622805.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                          • Associated: 00000000.00000002.2641528730.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2641894568.0000000000999000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2641992906.0000000000A54000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642047570.0000000000A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642102484.0000000000A58000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642130583.0000000000A5C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642181865.0000000000A5E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642181865.0000000000A71000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642181865.0000000000B6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_730000_zDcNyG6Csn.jbxd
                                                          Similarity
                                                          • API ID: ErrorFreeHeapLast
                                                          • String ID:
                                                          • API String ID: 485612231-0
                                                          • Opcode ID: d7b02c3e752981ebfc7f8586dbfc218ac47b48c9f1a0009b819b856733e30ef6
                                                          • Instruction ID: 5f5e98001249646c0551d958e9b23e15c0326bd201318ee11b9d2249c689609d
                                                          • Opcode Fuzzy Hash: d7b02c3e752981ebfc7f8586dbfc218ac47b48c9f1a0009b819b856733e30ef6
                                                          • Instruction Fuzzy Hash: DDE08C36114704ABCB213FA8BC0DB993A98AB40356F158025F60C8A160CB308841C7D4
                                                          Function 009843AA Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 67 9843aa-9843b5 68 9843c3-9843c9 67->68 69 9843b7-9843c1 67->69 71 9843cb-9843cc 68->71 72 9843e2-9843f3 RtlAllocateHeap 68->72 69->68 70 9843f7-984402 call 97192c 69->70 77 984404-984406 70->77 71->72 73 9843ce-9843d5 call 9828bb 72->73 74 9843f5 72->74 73->70 80 9843d7-9843e0 call 980239 73->80 74->77 80->70 80->72
                                                          APIs
                                                          • RtlAllocateHeap.NTDLL(00000008,00000000,00000000,?,00984112,00000001,00000364,00000007,000000FF,00000000,00000000,?,0096A65C,0000000C,?), ref: 009843EB
                                                            • Part of subcall function 00980239: ?probeDevices@RtApi@@MAEXXZ.ZDCNYG6CSN(00000000,00000000,?,009843DD,00000000,?,00984112,00000001,00000364,00000007,000000FF,00000000,00000000,?,0096A65C,0000000C), ref: 0098024F
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2641622805.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                          • Associated: 00000000.00000002.2641528730.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2641894568.0000000000999000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2641992906.0000000000A54000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642047570.0000000000A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642102484.0000000000A58000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642130583.0000000000A5C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642181865.0000000000A5E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642181865.0000000000A71000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642181865.0000000000B6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_730000_zDcNyG6Csn.jbxd
                                                          Similarity
                                                          • API ID: ?probeAllocateApi@@Devices@Heap
                                                          • String ID:
                                                          • API String ID: 1060677245-0
                                                          • Opcode ID: 765999ac178c44c9359201111be7e4f883d633253cc9bddc801eef9e8d965ef1
                                                          • Instruction ID: b715a480902cb0fc895d8dab145210de55dbcb93825abf34ed8c6b369d9ba2c9
                                                          • Opcode Fuzzy Hash: 765999ac178c44c9359201111be7e4f883d633253cc9bddc801eef9e8d965ef1
                                                          • Instruction Fuzzy Hash: ECF0E2322456276BDB217B66AD09F6A374CEF81770B258127FC08EB3A0CB34D80187E1
                                                          Function 0098113B Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 83 98113b-981147 84 981149 83->84 85 981163-981165 83->85 86 98114a-98114e 84->86 87 98115a-981160 86->87 88 981150-981152 ?probeDevices@RtApi@@MAEXXZ 86->88 87->86 89 981162 87->89 88->87 89->85
                                                          APIs
                                                          • ?probeDevices@RtApi@@MAEXXZ.ZDCNYG6CSN(?,00000000,?,0096A1C8,009994E8,009994EC,00A4EBB0,00000014,0096A0C6,00A4EBD0,00000008,0096A288,00984EC7,?,00000000,E500384D), ref: 00981152
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2641622805.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                          • Associated: 00000000.00000002.2641528730.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2641894568.0000000000999000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2641992906.0000000000A54000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642047570.0000000000A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642102484.0000000000A58000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642130583.0000000000A5C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642181865.0000000000A5E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642181865.0000000000A71000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642181865.0000000000B6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_730000_zDcNyG6Csn.jbxd
                                                          Similarity
                                                          • API ID: ?probeApi@@Devices@
                                                          • String ID:
                                                          • API String ID: 2273127486-0
                                                          • Opcode ID: d2042480effc149310648e0f01c04377ebc94aac7c68c16e9109373d7c91619a
                                                          • Instruction ID: 3da0e6d36402bd654a365f7fe5856aae08037480158a54c0eb8b2d7a7826820d
                                                          • Opcode Fuzzy Hash: d2042480effc149310648e0f01c04377ebc94aac7c68c16e9109373d7c91619a
                                                          • Instruction Fuzzy Hash: 63D0EC33514028678B217B0DE8444AEB76EAEC173171A4026ED6D673108B31BD428790

                                                          Non-executed Functions

                                                          Function 00937AF0 Relevance: 1.3, Strings: 1, Instructions: 15COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2641622805.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                          • Associated: 00000000.00000002.2641528730.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2641894568.0000000000999000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2641992906.0000000000A54000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642047570.0000000000A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642102484.0000000000A58000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642130583.0000000000A5C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642181865.0000000000A5E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642181865.0000000000A71000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642181865.0000000000B6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_730000_zDcNyG6Csn.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 6.0.1
                                                          • API String ID: 0-3592195760
                                                          • Opcode ID: 1f2ccd6372090e8dce22328b9558f7081fb232b7fa71dc87d237cb43b0c8f4da
                                                          • Instruction ID: eb2cbeec30998d392dea075b9ecb13c3b70bdc0f9ceaf9dd3e18f7dc4e15ce56
                                                          • Opcode Fuzzy Hash: 1f2ccd6372090e8dce22328b9558f7081fb232b7fa71dc87d237cb43b0c8f4da
                                                          • Instruction Fuzzy Hash: BBE092B14193818FD309CF24E958B12BFE0ABA6304F1686C9E4854F3A2C7B5D684CBA1
                                                          Function 009662F0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 120COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 118 9662f0-966341 call 992a2e call 9662b0 call 969bfc 125 966343-966355 118->125 126 96639d-9663a0 118->126 128 9663c0-9663c9 125->128 129 966357-96636e 125->129 127 9663a2-9663af call 969d80 126->127 126->128 133 9663b4-9663bd call 9662b0 127->133 131 966384 129->131 132 966370-96637e call 969d20 129->132 135 966387-96638c 131->135 140 966394-96639b 132->140 141 966380 132->141 133->128 135->129 138 96638e-966390 135->138 138->128 142 966392 138->142 140->133 143 966382 141->143 144 9663ca-9663d3 141->144 142->133 143->135 145 9663d5-9663dc 144->145 146 96640d-96641d call 969d60 144->146 145->146 148 9663de-9663ed call 992750 145->148 151 966431-96644d call 9662b0 call 969d40 146->151 152 96641f-96642e call 969d80 146->152 156 9663ef-966407 ?probeDevices@RtApi@@MAEXXZ 148->156 157 96640a 148->157 152->151 156->157 157->146
                                                          APIs
                                                          • _ValidateLocalCookies.LIBCMT ref: 00966327
                                                          • ___except_validate_context_record.LIBVCRUNTIME ref: 0096632F
                                                          • _ValidateLocalCookies.LIBCMT ref: 009663B8
                                                          • __IsNonwritableInCurrentImage.LIBCMT ref: 009663E3
                                                          • ?probeDevices@RtApi@@MAEXXZ.ZDCNYG6CSN(?,00000001), ref: 009663FC
                                                          • _ValidateLocalCookies.LIBCMT ref: 00966438
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2641622805.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                          • Associated: 00000000.00000002.2641528730.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2641894568.0000000000999000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2641992906.0000000000A54000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642047570.0000000000A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642102484.0000000000A58000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642130583.0000000000A5C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642181865.0000000000A5E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642181865.0000000000A71000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642181865.0000000000B6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_730000_zDcNyG6Csn.jbxd
                                                          Similarity
                                                          • API ID: CookiesLocalValidate$?probeApi@@CurrentDevices@ImageNonwritable___except_validate_context_record
                                                          • String ID: csm
                                                          • API String ID: 127984418-1018135373
                                                          • Opcode ID: 6b217b6bff40e3574c80cd94ea30900486dcec15bd1a1d2fbacfd0ddc92ce3dd
                                                          • Instruction ID: b21311778af8e3c19d18ea59120e7546063f2a148f5bb610e55e8bf3f9f49104
                                                          • Opcode Fuzzy Hash: 6b217b6bff40e3574c80cd94ea30900486dcec15bd1a1d2fbacfd0ddc92ce3dd
                                                          • Instruction Fuzzy Hash: 7041A434A00218ABCF10DF68C895EAEBBB9FF85314F148155F914AB3A2D731E906CBD1
                                                          Function 0096A2F3 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 42libraryloaderCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 163 96a2f3-96a330 GetModuleHandleExW 164 96a332-96a344 GetProcAddress 163->164 165 96a353-96a357 163->165 164->165 166 96a346-96a34b ?probeDevices@RtApi@@MAEXXZ 164->166 167 96a362-96a36f 165->167 168 96a359-96a35c FreeLibrary 165->168 166->165 168->167
                                                          APIs
                                                          • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,E500384D,00000000,?,00000000,009948B0,000000FF,?,0096A2CF,00000000,?,0096A2A3,00000000), ref: 0096A328
                                                          • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0096A33A
                                                          • ?probeDevices@RtApi@@MAEXXZ.ZDCNYG6CSN(00000000,?,00000000,009948B0,000000FF,?,0096A2CF,00000000,?,0096A2A3,00000000), ref: 0096A34B
                                                          • FreeLibrary.KERNEL32(00000000,?,00000000,009948B0,000000FF,?,0096A2CF,00000000,?,0096A2A3,00000000), ref: 0096A35C
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2641622805.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                          • Associated: 00000000.00000002.2641528730.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2641894568.0000000000999000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2641992906.0000000000A54000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642047570.0000000000A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642102484.0000000000A58000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642130583.0000000000A5C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642181865.0000000000A5E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642181865.0000000000A71000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642181865.0000000000B6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_730000_zDcNyG6Csn.jbxd
                                                          Similarity
                                                          • API ID: ?probeAddressApi@@Devices@FreeHandleLibraryModuleProc
                                                          • String ID: CorExitProcess$mscoree.dll
                                                          • API String ID: 735263877-1276376045
                                                          • Opcode ID: c5e92f19d91b108ba10b438cdc745bcda59d70f58ff93e4d72eecc186d53de07
                                                          • Instruction ID: b66fcd9ba2844dbe8373d93d128c2b66ead91cb57f20acfc166dd6f271983071
                                                          • Opcode Fuzzy Hash: c5e92f19d91b108ba10b438cdc745bcda59d70f58ff93e4d72eecc186d53de07
                                                          • Instruction Fuzzy Hash: 46016731914615BFDB128B58DD05FBEBBBCFB04B15F04452AF821B2290DB749900DA90
                                                          Function 009412F0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                          • ??0MidiInApi@@QAE@I@Z.ZDCNYG6CSN(?), ref: 00941358
                                                          • midiInGetNumDevs.WINMM ref: 00941367
                                                          Strings
                                                          • MidiInWinMM::initialize: InitializeCriticalSectionAndSpinCount failed., xrefs: 0094140F
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2641622805.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                          • Associated: 00000000.00000002.2641528730.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2641894568.0000000000999000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2641992906.0000000000A54000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642047570.0000000000A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642102484.0000000000A58000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642130583.0000000000A5C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642181865.0000000000A5E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642181865.0000000000A71000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642181865.0000000000B6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_730000_zDcNyG6Csn.jbxd
                                                          Similarity
                                                          • API ID: Api@@DevsMidimidi
                                                          • String ID: MidiInWinMM::initialize: InitializeCriticalSectionAndSpinCount failed.
                                                          • API String ID: 885672619-2598791086
                                                          • Opcode ID: cb5929f9316fffae55224dce1c768224e5df0ae7dc90fdfffd453de6fa02c2fa
                                                          • Instruction ID: ea5d33cd76fc40324ebe23388cca01eff5ba8e0cfd66b79df875f4482e99ab84
                                                          • Opcode Fuzzy Hash: cb5929f9316fffae55224dce1c768224e5df0ae7dc90fdfffd453de6fa02c2fa
                                                          • Instruction Fuzzy Hash: C721F4B1B00745EBDB10DF68D942BAEBBE8FF94740F00806AE8159B281EB75D900CB51
                                                          Function 0093D9A0 Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 326COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ?getCompiledApi@RtMidi@@SAXAAV?$vector@W4Api@RtMidi@@V?$allocator@W4Api@RtMidi@@@std@@@std@@@Z.ZDCNYG6CSN(00000000,E500384D), ref: 0093DA61
                                                          Strings
                                                          • RtMidiOut: no compiled support for specified API argument!, xrefs: 0093DA2C
                                                          • RtMidiOut: no compiled API support found ... critical error!!, xrefs: 0093DB37
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2641622805.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                          • Associated: 00000000.00000002.2641528730.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2641894568.0000000000999000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2641992906.0000000000A54000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642047570.0000000000A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642102484.0000000000A58000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642130583.0000000000A5C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642181865.0000000000A5E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642181865.0000000000A71000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642181865.0000000000B6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_730000_zDcNyG6Csn.jbxd
                                                          Similarity
                                                          • API ID: Api@$Midi@@$?getCompiledMidi@@@std@@@std@@@V?$allocator@V?$vector@
                                                          • String ID: RtMidiOut: no compiled support for specified API argument!$RtMidiOut: no compiled API support found ... critical error!!
                                                          • API String ID: 358961274-3477592839
                                                          • Opcode ID: 710a1f909438f3783bbace274d7d6a1cb96f19c2a84971aef34019564dfc2acb
                                                          • Instruction ID: 0903acc67864db6fe585413fe231a92ea1664519d9a571638d428693ab6729d0
                                                          • Opcode Fuzzy Hash: 710a1f909438f3783bbace274d7d6a1cb96f19c2a84971aef34019564dfc2acb
                                                          • Instruction Fuzzy Hash: 6DA1FF716016059FDB24DFA8E959BAEBBE8FF45310F10852DE456DBB80D7B4A900CF90
                                                          Function 0093E490 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 179COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ??0RtMidiIn@@QAE@W4Api@RtMidi@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@I@Z.ZDCNYG6CSN(00000000,?,00000064), ref: 0093E51E
                                                          • ??0RtMidiOut@@QAE@W4Api@RtMidi@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z.ZDCNYG6CSN(00000000,00000000,00000000), ref: 0093E602
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2641622805.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                          • Associated: 00000000.00000002.2641528730.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2641894568.0000000000999000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2641992906.0000000000A54000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642047570.0000000000A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642102484.0000000000A58000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642130583.0000000000A5C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642181865.0000000000A5E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642181865.0000000000A71000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642181865.0000000000B6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_730000_zDcNyG6Csn.jbxd
                                                          Similarity
                                                          • API ID: Api@D@std@@MidiMidi@@U?$char_traits@V?$allocator@V?$basic_string@$D@2@@std@@D@2@@std@@@In@@Out@@
                                                          • String ID: ent$ient
                                                          • API String ID: 1415402396-645317203
                                                          • Opcode ID: 6730973a39faf88a2ec2172b783167b45b0d5a8ab4dc1e9152fbafd8695b4c8d
                                                          • Instruction ID: 2c48378922d06a736786f977069a8b99d21786f5721d595160b145249d27cd35
                                                          • Opcode Fuzzy Hash: 6730973a39faf88a2ec2172b783167b45b0d5a8ab4dc1e9152fbafd8695b4c8d
                                                          • Instruction Fuzzy Hash: C251D771D042499FDB05DF68D845BEEFBF8EF89314F14822AF415A7241E77066848B94
                                                          Function 00941C80 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 45COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ?error@MidiApi@@QAEXW4Type@RtMidiError@@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z.ZDCNYG6CSN(00000000,?), ref: 00941CAA
                                                          • ?error@MidiApi@@QAEXW4Type@RtMidiError@@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z.ZDCNYG6CSN(00000000,?), ref: 00941CDC
                                                          Strings
                                                          • RtMidiIn::setCallback: callback function value is invalid!, xrefs: 00941CC1
                                                          • MidiInApi::setCallback: a callback function is already set!, xrefs: 00941C8F
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2641622805.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                          • Associated: 00000000.00000002.2641528730.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2641894568.0000000000999000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2641992906.0000000000A54000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642047570.0000000000A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642102484.0000000000A58000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642130583.0000000000A5C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642181865.0000000000A5E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642181865.0000000000A71000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642181865.0000000000B6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_730000_zDcNyG6Csn.jbxd
                                                          Similarity
                                                          • API ID: Midi$?error@Api@@D@2@@std@@@D@std@@Error@@Type@U?$char_traits@V?$allocator@V?$basic_string@
                                                          • String ID: MidiInApi::setCallback: a callback function is already set!$RtMidiIn::setCallback: callback function value is invalid!
                                                          • API String ID: 1612408173-2957954321
                                                          • Opcode ID: 0c4326d6c31758494e22696a07103e3c657e55334e95807f3a1395f83836b84d
                                                          • Instruction ID: 358a34da98b45f39e3eca19f6b24a20fb5c92e3929c02141ecccf3fa854cde20
                                                          • Opcode Fuzzy Hash: 0c4326d6c31758494e22696a07103e3c657e55334e95807f3a1395f83836b84d
                                                          • Instruction Fuzzy Hash: 72F04432308A103BC609B73CA802F9EBB447FD2710F000409F6406B2C1CB66A856C7E6
                                                          Function 0093D500 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 145COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • midiOutGetNumDevs.WINMM(E500384D,00000000,?,000000FF,?,0093DAC1), ref: 0093D570
                                                          • ?error@MidiApi@@QAEXW4Type@RtMidiError@@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z.ZDCNYG6CSN(00000000,?,?,?,?,?,?,?,?,000000FF,?,0093DAC1), ref: 0093D67D
                                                          Strings
                                                          • MidiOutWinMM::initialize: no MIDI output devices currently available., xrefs: 0093D58D
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2641622805.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                          • Associated: 00000000.00000002.2641528730.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2641894568.0000000000999000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2641992906.0000000000A54000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642047570.0000000000A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642102484.0000000000A58000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642130583.0000000000A5C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642181865.0000000000A5E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642181865.0000000000A71000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642181865.0000000000B6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_730000_zDcNyG6Csn.jbxd
                                                          Similarity
                                                          • API ID: Midi$?error@Api@@D@2@@std@@@D@std@@DevsError@@Type@U?$char_traits@V?$allocator@V?$basic_string@midi
                                                          • String ID: MidiOutWinMM::initialize: no MIDI output devices currently available.
                                                          • API String ID: 3046432823-3291951039
                                                          • Opcode ID: a920b289fcb11090754580a402634522edadcd25820c6f88fb179252e3206e9f
                                                          • Instruction ID: 8cbe3c08892956cff21ab91d8fe342063327398ce5ee111cdc625ced99cfd280
                                                          • Opcode Fuzzy Hash: a920b289fcb11090754580a402634522edadcd25820c6f88fb179252e3206e9f
                                                          • Instruction Fuzzy Hash: 8451E1B0D04B428FD704CF68D81576ABBF4FF89308F10865DE4199B792EBB5A680CB90
                                                          Function 00937C40 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 52COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ?clearStreamInfo@RtApi@@IAEXXZ.ZDCNYG6CSN ref: 00937C76
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2641622805.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                          • Associated: 00000000.00000002.2641528730.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2641894568.0000000000999000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2641992906.0000000000A54000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642047570.0000000000A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642102484.0000000000A58000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642130583.0000000000A5C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642181865.0000000000A5E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642181865.0000000000A71000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2642181865.0000000000B6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_730000_zDcNyG6Csn.jbxd
                                                          Similarity
                                                          • API ID: ?clearApi@@Info@Stream
                                                          • String ID: yxxx
                                                          • API String ID: 871611400-3567846162
                                                          • Opcode ID: da621de1b40f16757191cd07841cb31b747cef01efbb9f1ab3006d5dd46a97b7
                                                          • Instruction ID: 61fa447efa8e1a567efd7b154da3724b500aea50b21bf18a8e320491cc1d2c15
                                                          • Opcode Fuzzy Hash: da621de1b40f16757191cd07841cb31b747cef01efbb9f1ab3006d5dd46a97b7
                                                          • Instruction Fuzzy Hash: A8113DB520C7459BC234DEA5D540B6BF6E8AF94700F44491DF99A67341EB70ED00CF91