Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
5.msi

Overview

General Information

Sample name:5.msi
Analysis ID:1577044
MD5:5ca4f16765f03c281a0a98f99668f283
SHA1:08d34be9b942a09439c95ed9a2e033d613014345
SHA256:d641e6ccee2b1d1431b15d760fff343c4729dcf445f8701a5e2453d36149e719
Infos:

Detection

DanaBot, Nitol
Score:88
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Detected unpacking (creates a PE file in dynamic memory)
Malicious sample detected (through community Yara rule)
Yara detected DanaBot stealer dll
Yara detected Nitol
AI detected suspicious sample
May use the Tor software to hide its network traffic
PE file has a writeable .text section
Tries to detect virtualization through RDTSC time measurements
Checks for available system drives (often done to infect USB drives)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates files inside the system directory
Deletes files inside the Windows folder
Detected TCP or UDP traffic on non-standard ports
Detected non-DNS traffic on DNS port
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found decision node followed by non-executed suspicious APIs
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Installs a raw input device (often for capturing keystrokes)
Launches processes in debugging mode, may be used to hinder debugging
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries information about the installed CPU (vendor, model number etc)
Queries the installation date of Windows
Queries the product ID of Windows
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • msiexec.exe (PID: 5876 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\5.msi" MD5: E5DA170027542E25EDE42FC54C929077)
  • msiexec.exe (PID: 5580 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • CPPlayer.exe (PID: 1476 cmdline: "C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exe" MD5: B39FB3CF854F8628C2F38298E0965687)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
DanaBotProofpoints describes DanaBot as the latest example of malware focused on persistence and stealing useful information that can later be monetized rather than demanding an immediate ransom from victims. The social engineering in the low-volume DanaBot campaigns we have observed so far has been well-crafted, again pointing to a renewed focus on quality over quantity in email-based threats. DanaBots modular nature enables it to download additional components, increasing the flexibility and robust stealing and remote monitoring capabilities of this banker.
  • SCULLY SPIDER
https://malpedia.caad.fkie.fraunhofer.de/details/win.danabot
NameDescriptionAttributionBlogpost URLsLink
NitolNo Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.nitol

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000003.00000000.2211867648.0000000000401000.00000020.00000001.01000000.00000003.sdmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
      00000003.00000003.2297260812.0000000008EFD000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        00000003.00000003.2297260812.0000000008EFD000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_DanaBot_stealer_dllYara detected DanaBot stealer dllJoe Security
          00000003.00000002.3370928782.000000000A530000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            00000003.00000002.3370928782.000000000A530000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_DanaBot_stealer_dllYara detected DanaBot stealer dllJoe Security
              Click to see the 9 entries

              Unpacked PEs

              SourceRuleDescriptionAuthorStrings
              3.2.CPPlayer.exe.b070000.6.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                3.2.CPPlayer.exe.b070000.6.unpackJoeSecurity_DanaBot_stealer_dllYara detected DanaBot stealer dllJoe Security
                  3.2.CPPlayer.exe.b070000.6.unpackINDICATOR_SUSPICIOUS_GENInfoStealerDetects executables containing common artifcats observed in infostealersditekSHen
                  • 0x32cf02:$f1: FileZilla\recentservers.xml
                  • 0x32cebe:$f2: FileZilla\sitemanager.xml
                  • 0x35859c:$b1: Chrome\User Data\
                  • 0x35f014:$b1: Chrome\User Data\
                  • 0x35fb30:$b1: Chrome\User Data\
                  • 0x33f68c:$b2: Mozilla\Firefox\Profiles
                  • 0x3534d4:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2
                  • 0x37e384:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2
                  • 0x351ebe:$b4: Opera Software\Opera Stable\Login Data
                  • 0x35866c:$b5: YandexBrowser\User Data\
                  • 0x37100e:$s5: account.cfn
                  • 0x35139c:$s6: wand.dat
                  • 0x350e50:$a1: username_value
                  • 0x357410:$a1: username_value
                  • 0x3576e0:$a1: username_value
                  • 0x359b94:$a1: username_value
                  • 0x350e7c:$a2: password_value
                  • 0x357468:$a2: password_value
                  • 0x357738:$a2: password_value
                  • 0x359bec:$a2: password_value
                  • 0x35ac90:$a3: encryptedUsername

                  Sigma Signatures

                  No Sigma rule has matched

                  Suricata Signatures

                  No Suricata rule has matched

                  Joe Sandbox Signatures

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Yara detected DanaBot stealer dll
                  Source: Yara matchFile source: 3.2.CPPlayer.exe.b070000.6.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000003.00000003.2297260812.0000000008EFD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000003.00000002.3370928782.000000000A530000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000003.00000003.2286381991.0000000008967000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000003.00000002.3379869403.000000000B089000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000003.00000003.2272903621.0000000008EFC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: CPPlayer.exe PID: 1476, type: MEMORYSTR
                  AI detected suspicious sample
                  Source: Submited SampleIntegrated Neural Analysis Model: Matched 98.9% probability
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_069923DD ?GetEncryptionID@ID3_Frame@@QBEEXZ,3_2_069923DD
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_06991E24 ?SetEncryptionID@ID3_Frame@@QAE_NE@Z,ID3Field_GetUNICODE,??0ExitTrigger@io@dami@@QAE@AAVID3_Reader@@I@Z,3_2_06991E24
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_069A1B90 ?GetID@ID3_Frame@@QBE?AW4ID3_FrameID@@XZ,?CreateIterator@ID3_Frame@@QBEPAVConstIterator@1@XZ,?GetEncryptionID@ID3_Frame@@QBEEXZ,?GetGroupingID@ID3_Frame@@QBEEXZ,?GetCompression@ID3_Frame@@QBE_NXZ,?GetSpec@ID3_Frame@@QBE?AW4ID3_V2Spec@@XZ,3_2_069A1B90
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_0B53EADC CryptAcquireContextA,CryptCreateHash,CryptHashData,CryptDeriveKey,CryptDecrypt,CryptAcquireContextA,CryptImportKey,CryptCreateHash,CryptHashData,CryptVerifySignatureW,CryptDecrypt,CryptDestroyHash,CryptReleaseContext,CryptDestroyKey,CryptDestroyHash,CryptReleaseContext,3_2_0B53EADC
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_0B53F2D0 CryptAcquireContextA,CryptImportKey,CryptAcquireContextA,CryptGenKey,CryptExportKey,CryptExportKey,CryptEncrypt,CryptEncrypt,CryptEncrypt,CryptEncrypt,CryptDestroyKey,CryptReleaseContext,CryptDestroyKey,CryptReleaseContext,3_2_0B53F2D0
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_0B540028 CryptAcquireContextA,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,3_2_0B540028
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_0B53E728 CryptAcquireContextA,CryptCreateHash,CryptHashData,CryptDeriveKey,CryptEncrypt,CryptEncrypt,CryptAcquireContextA,CryptCreateHash,CryptHashData,CryptImportKey,CryptSignHashA,CryptSignHashA,CryptDestroyKey,CryptDestroyHash,CryptReleaseContext,CryptDestroyKey,CryptDestroyHash,CryptReleaseContext,3_2_0B53E728
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_0B53E5F0 CryptAcquireContextA,CryptGenKey,CryptExportKey,CryptExportKey,CryptExportKey,CryptExportKey,CryptDestroyKey,CryptReleaseContext,3_2_0B53E5F0
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_0B53EA5B CryptDestroyHash,3_2_0B53EA5B
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_0B53EA79 CryptReleaseContext,3_2_0B53EA79
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_0B53EA19 CryptReleaseContext,3_2_0B53EA19
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_0B53EA3D CryptDestroyKey,3_2_0B53EA3D
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_0B540951 CryptReleaseContext,3_2_0B540951
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_0B540933 CryptDestroyHash,3_2_0B540933
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_0B53E9DD CryptDestroyKey,3_2_0B53E9DD
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_0B53E9FB CryptDestroyHash,3_2_0B53E9FB
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_0B53FFF0 CryptCreateHash,CryptHashData,CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,3_2_0B53FFF0
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_0B53EE4D CryptDestroyKey,3_2_0B53EE4D
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_0B53EE6B CryptDestroyHash,3_2_0B53EE6B
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_0B53EE0F CryptDestroyKey,3_2_0B53EE0F
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_0B53EE2D CryptReleaseContext,3_2_0B53EE2D
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_0B53EEEC CryptAcquireContextA,CryptImportKey,CryptAcquireContextA,CryptDecrypt,CryptImportKey,CryptDecrypt,CryptDestroyKey,CryptReleaseContext,3_2_0B53EEEC
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_0B53EE89 CryptReleaseContext,3_2_0B53EE89

                  Compliance

                  barindex
                  Detected unpacking (creates a PE file in dynamic memory)
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeUnpacked PE file: 3.2.CPPlayer.exe.7420000.5.unpack
                  Source: Binary string: d:\GS-WORK\MultiMediaKernel2.3\OUTPUT\SharpWnd.pdb, source: CPPlayer.exe, 00000003.00000002.3405865938.0000000068E1D000.00000002.00000001.01000000.00000015.sdmp
                  Source: Binary string: D:\GS-WORK\Privacy Tools\Copy Protect\output\release\CPKernel.pdb source: CPPlayer.exe, 00000003.00000002.3392005395.0000000010148000.00000002.00000001.01000000.00000004.sdmp
                  Source: Binary string: d:\GS-WORK\MultiMediaKernel2.3\OUTPUT\SharpWnd.pdb source: CPPlayer.exe, 00000003.00000002.3405865938.0000000068E1D000.00000002.00000001.01000000.00000015.sdmp
                  Source: Binary string: D:\xia\Work\Image\GImageView\Win32\Release\GImageView.pdb source: CPPlayer.exe, 00000003.00000002.3491290780.000000006B213000.00000002.00000001.01000000.0000000B.sdmp
                  Source: C:\Windows\System32\msiexec.exeFile opened: z:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: x:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: v:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: t:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: r:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: p:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: n:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: l:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: j:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: h:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: f:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: b:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: y:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: w:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: u:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: s:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: q:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: o:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: m:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: k:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: i:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: g:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: e:Jump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeFile opened: c:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: a:Jump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_0B09368C FindFirstFileW,GetLastError,3_2_0B09368C
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeFile opened: C:\Users\userJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeFile opened: C:\Users\user\AppDataJump to behavior
                  Source: global trafficTCP traffic: 192.168.2.5:49707 -> 128.138.140.44:37
                  Source: global trafficTCP traffic: 192.168.2.5:49866 -> 8.8.8.8:53
                  Source: Joe Sandbox ViewIP Address: 128.138.140.44 128.138.140.44
                  Source: unknownTCP traffic detected without corresponding DNS query: 128.138.140.44
                  Source: unknownTCP traffic detected without corresponding DNS query: 128.138.140.44
                  Source: unknownTCP traffic detected without corresponding DNS query: 128.138.140.44
                  Source: unknownTCP traffic detected without corresponding DNS query: 128.138.140.44
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.227.178.53
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.227.178.53
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.227.178.53
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.227.178.53
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.174.135.68
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.174.135.68
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.174.135.68
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.174.135.68
                  Source: unknownTCP traffic detected without corresponding DNS query: 148.251.107.246
                  Source: unknownTCP traffic detected without corresponding DNS query: 148.251.107.246
                  Source: unknownTCP traffic detected without corresponding DNS query: 148.251.107.246
                  Source: unknownTCP traffic detected without corresponding DNS query: 148.251.107.246
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.81.114.227
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.81.114.227
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.81.114.227
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.81.114.227
                  Source: CPPlayer.exe, 00000003.00000002.3370928782.000000000A530000.00000040.00001000.00020000.00000000.sdmp, CPPlayer.exe, 00000003.00000003.2272903621.0000000008EFC000.00000004.00000020.00020000.00000000.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmp, CPPlayer.exe, 00000003.00000002.3477153739.000000006AD64000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000003.2286381991.0000000008967000.00000004.00000020.00020000.00000000.sdmp, CPPlayer.exe, 00000003.00000003.2297260812.0000000008EFD000.00000004.00000020.00020000.00000000.sdmp, CPPlayer.exe, 00000003.00000002.3379869403.000000000B089000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: http://.css
                  Source: CPPlayer.exe, CPPlayer.exe, 00000003.00000002.3370928782.000000000A530000.00000040.00001000.00020000.00000000.sdmp, CPPlayer.exe, 00000003.00000003.2272903621.0000000008EFC000.00000004.00000020.00020000.00000000.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmp, CPPlayer.exe, 00000003.00000002.3477153739.000000006AD64000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000003.2286381991.0000000008967000.00000004.00000020.00020000.00000000.sdmp, CPPlayer.exe, 00000003.00000003.2297260812.0000000008EFD000.00000004.00000020.00020000.00000000.sdmp, CPPlayer.exe, 00000003.00000002.3379869403.000000000B089000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: http://.jpg
                  Source: CPPlayer.exe, CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://alice.loria.fr/software/geogram/doc/html/index.html
                  Source: CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://arxiv.org/abs/1707.01337
                  Source: CPPlayer.exe, 00000003.00000000.2212391159.0000000001140000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://crl.globalsign.com/ca/gstsacasha384g4.crl0
                  Source: CPPlayer.exe, 00000003.00000000.2212391159.0000000001140000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0V
                  Source: CPPlayer.exe, 00000003.00000000.2212391159.0000000001140000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://crl.globalsign.com/gsgccr45codesignca2020.crl0
                  Source: CPPlayer.exe, 00000003.00000000.2212391159.0000000001140000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
                  Source: CPPlayer.exe, 00000003.00000000.2212391159.0000000001140000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://crl.globalsign.com/root-r6.crl0G
                  Source: CPPlayer.exe, 00000003.00000000.2212391159.0000000001140000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://crl.globalsign.com/root.crl0G
                  Source: CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://dblp.org
                  Source: CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://dblp.uni-trier.de
                  Source: CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://dblp.uni-trier.de/rec/bib/conf/compgeom/Shewchuk96
                  Source: CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://dblp.uni-trier.de/rec/bib/conf/gmp/YanWLL10
                  Source: CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://dblp.uni-trier.de/rec/bib/conf/imr/LevyB12
                  Source: CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://dblp.uni-trier.de/rec/bib/conf/imr/NivoliersYL11
                  Source: CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://dblp.uni-trier.de/rec/bib/conf/imr/Si06
                  Source: CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://dblp.uni-trier.de/rec/bib/conf/isvc/ToledoLP07
                  Source: CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://dblp.uni-trier.de/rec/bib/conf/smi/Levy06
                  Source: CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://dblp.uni-trier.de/rec/bib/conf/wacg/Shewchuk96
                  Source: CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://dblp.uni-trier.de/rec/bib/journals/cad/Levy16
                  Source: CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://dblp.uni-trier.de/rec/bib/journals/cad/YanWLL13
                  Source: CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://dblp.uni-trier.de/rec/bib/journals/cgf/LuLW12
                  Source: CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://dblp.uni-trier.de/rec/bib/journals/cgf/MullenTAD08
                  Source: CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://dblp.uni-trier.de/rec/bib/journals/cgf/ValletL08
                  Source: CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://dblp.uni-trier.de/rec/bib/journals/cgf/YanLLSW09
                  Source: CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://dblp.uni-trier.de/rec/bib/journals/cj/Bowyer81
                  Source: CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://dblp.uni-trier.de/rec/bib/journals/comgeo/BoissonnatDPTY02
                  Source: CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://dblp.uni-trier.de/rec/bib/journals/comgeo/FunkeMN05
                  Source: CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://dblp.uni-trier.de/rec/bib/journals/ewc/NivoliersYL14
                  Source: CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://dblp.uni-trier.de/rec/bib/journals/ijfcs/DevillersPT02
                  Source: CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://dblp.uni-trier.de/rec/bib/journals/paapp/BuatoisCL09
                  Source: CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://dblp.uni-trier.de/rec/bib/journals/tog/EdelsbrunnerM90
                  Source: CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://dblp.uni-trier.de/rec/bib/journals/tog/KazhdanH13
                  Source: CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://dblp.uni-trier.de/rec/bib/journals/tog/LevyL10
                  Source: CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://dblp.uni-trier.de/rec/bib/journals/tog/LevyPRM02
                  Source: CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://dblp.uni-trier.de/rec/bib/journals/tog/LiuWLSYLY09
                  Source: CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://dblp.uni-trier.de/rec/bib/journals/tog/LuftCD06
                  Source: CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://dblp.uni-trier.de/rec/bib/journals/tog/RayLLSA06
                  Source: CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://dblp.uni-trier.de/rec/bib/journals/tog/RaySL16
                  Source: CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://dblp.uni-trier.de/rec/bib/journals/tog/RayVAL09
                  Source: CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://dblp.uni-trier.de/rec/bib/journals/tog/RayVLL08
                  Source: CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://dblp.uni-trier.de/rec/bib/journals/tog/ShefferLMB05
                  Source: CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://dblp.uni-trier.de/rec/bib/journals/tog/SokolovRUL16
                  Source: CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://dblp.uni-trier.de/rec/bib/journals/toms/Si15
                  Source: CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://dblp2.uni-trier.de/rec/bib/conf/compgeom/AmentaCR03
                  Source: CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://dl.acm.org/citation.cfm?id=2982408
                  Source: CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://doc.cgal.org/latest/Spatial_sorting/index.html
                  Source: CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://doi.acm.org/10.1145/1061347.1061354
                  Source: CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://doi.acm.org/10.1145/1141911.1142016
                  Source: CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://doi.acm.org/10.1145/1183287.1183297
                  Source: CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://doi.acm.org/10.1145/1356682.1356683
                  Source: CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://doi.acm.org/10.1145/142675.142747
                  Source: CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://doi.acm.org/10.1145/1559755.1559758
                  Source: CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://doi.acm.org/10.1145/1640443.1640444
                  Source: CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://doi.acm.org/10.1145/1833351.1778856
                  Source: CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://doi.acm.org/10.1145/237218.237337
                  Source: CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://doi.acm.org/10.1145/2487228.2487237
                  Source: CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://doi.acm.org/10.1145/2629697
                  Source: CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://doi.acm.org/10.1145/2930662
                  Source: CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://doi.acm.org/10.1145/566654.566590
                  Source: CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://doi.acm.org/10.1145/77635.77639
                  Source: CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://doi.acm.org/10.1145/777792.777824
                  Source: CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://dx.doi.org/10.1007/978-3-540-34958-7_29
                  Source: CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://dx.doi.org/10.1007/978-3-540-76858-6_58
                  Source: CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://dx.doi.org/10.1007/978-3-642-13411-1_18
                  Source: CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://dx.doi.org/10.1007/978-3-642-24734-7_33
                  Source: CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://dx.doi.org/10.1007/978-3-642-33573-0_21
                  Source: CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://dx.doi.org/10.1007/BFb0014497
                  Source: CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://dx.doi.org/10.1007/s00366-012-0291-9
                  Source: CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://dx.doi.org/10.1016/0010-4485(78)90110-0
                  Source: CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://dx.doi.org/10.1016/S0925-7721(01)00054-2
                  Source: CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://dx.doi.org/10.1016/j.cad.2011.09.004
                  Source: CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://dx.doi.org/10.1016/j.cad.2015.10.004
                  Source: CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://dx.doi.org/10.1016/j.comgeo.2004.12.007
                  Source: CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://dx.doi.org/10.1080/17445760802337010
                  Source: CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://dx.doi.org/10.1093/comjnl/24.2.162
                  Source: CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://dx.doi.org/10.1109/SMI.2006.21
                  Source: CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://dx.doi.org/10.1111/j.1467-8659.2008.01122.x
                  Source: CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://dx.doi.org/10.1111/j.1467-8659.2008.01289.x
                  Source: CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://dx.doi.org/10.1111/j.1467-8659.2009.01521.x
                  Source: CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://dx.doi.org/10.1111/j.1467-8659.2011.02032.x
                  Source: CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://dx.doi.org/10.1111/j.1467-8659.2012.03058.x
                  Source: CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://dx.doi.org/10.1137/S0036144599352836
                  Source: CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://dx.doi.org/10.1142/S0129054102001047
                  Source: CPPlayer.exe, CPPlayer.exe, 00000003.00000002.3370928782.000000000A530000.00000040.00001000.00020000.00000000.sdmp, CPPlayer.exe, 00000003.00000003.2272903621.0000000008EFC000.00000004.00000020.00020000.00000000.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmp, CPPlayer.exe, 00000003.00000002.3477153739.000000006AD64000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000003.2286381991.0000000008967000.00000004.00000020.00020000.00000000.sdmp, CPPlayer.exe, 00000003.00000003.2297260812.0000000008EFD000.00000004.00000020.00020000.00000000.sdmp, CPPlayer.exe, 00000003.00000002.3379869403.000000000B089000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: http://html4/loose.dtd
                  Source: CPPlayer.exe, 00000003.00000000.2212391159.0000000001140000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://ocsp.globalsign.com/ca/gstsacasha384g40C
                  Source: CPPlayer.exe, 00000003.00000000.2212391159.0000000001140000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
                  Source: CPPlayer.exe, 00000003.00000000.2212391159.0000000001140000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://ocsp.globalsign.com/gsgccr45codesignca20200V
                  Source: CPPlayer.exe, 00000003.00000000.2212391159.0000000001140000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://ocsp.globalsign.com/rootr103
                  Source: CPPlayer.exe, 00000003.00000000.2212391159.0000000001140000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://ocsp.globalsign.com/rootr30;
                  Source: CPPlayer.exe, 00000003.00000000.2212391159.0000000001140000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://ocsp2.globalsign.com/rootr306
                  Source: CPPlayer.exe, 00000003.00000000.2212391159.0000000001140000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://ocsp2.globalsign.com/rootr606
                  Source: CPPlayer.exe, 00000003.00000002.3477153739.000000006AC8D000.00000002.00000001.01000000.0000000E.sdmpString found in binary or memory: http://relaxng.org/ns/structure/1.0
                  Source: CPPlayer.exe, 00000003.00000000.2212391159.0000000001140000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
                  Source: CPPlayer.exe, 00000003.00000000.2212391159.0000000001140000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45codesignca2020.crt0=
                  Source: CPPlayer.exe, 00000003.00000000.2212391159.0000000001140000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/gstsacasha384g4.crt0
                  Source: CPPlayer.exe, 00000003.00000000.2212391159.0000000001140000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/root-r3.crt06
                  Source: CPPlayer.exe, 00000003.00000002.3361556198.0000000006DB9000.00000002.00000001.01000000.0000000F.sdmpString found in binary or memory: http://sources.redhat.com/pthreads-win32/b%
                  Source: CPPlayer.exe, 00000003.00000002.3396149722.000000006248D000.00000008.00000001.01000000.0000000C.sdmpString found in binary or memory: http://sources.redhat.com/pthreads-win32/d&
                  Source: CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://w3.impa.br/~diego/software/rply/
                  Source: CPPlayer.exe, 00000003.00000000.2212391159.0000000001140000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.GiliSoft.com/
                  Source: CPPlayer.exe, 00000003.00000000.2211867648.0000000000401000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.GiliSoft.com/openU
                  Source: CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmpString found in binary or memory: http://www.aiim.org/pdfa/ns/id/
                  Source: CPPlayer.exe, 00000003.00000000.2212391159.0000000001140000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.gilisoft.com/cart-video-drm-protection.html
                  Source: CPPlayer.exe, 00000003.00000000.2212391159.0000000001140000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.gilisoft.com/video-drm-protection-guide.htm
                  Source: CPPlayer.exe, 00000003.00000000.2212391159.0000000001140000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.gilisoft.com/video-drm-protection.htm
                  Source: CPPlayer.exe, 00000003.00000000.2212391159.0000000001140000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.gilisoft.com/webtools/any-video-encryptor/gs_anyvideoencryptor_update.html
                  Source: CPPlayer.exe, 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpString found in binary or memory: http://www.id3lib.org/
                  Source: CPPlayer.exe, 00000003.00000002.3353931103.00000000033B7000.00000004.00001000.00020000.00000000.sdmp, CPPlayer.exe, 00000003.00000000.2211867648.000000000071A000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.indyproject.org/
                  Source: CPPlayer.exe, 00000003.00000003.2948135052.000000007EB20000.00000004.00001000.00020000.00000000.sdmp, CPPlayer.exe, 00000003.00000002.3542697057.000000006E66F000.00000040.00001000.00020000.00000000.sdmp, CPPlayer.exe, 00000003.00000003.2945769001.000000007EB44000.00000004.00001000.00020000.00000000.sdmp, CPPlayer.exe, 00000003.00000002.3396224761.0000000063469000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.openssl.org/V
                  Source: CPPlayer.exe, 00000003.00000002.3396224761.0000000063281000.00000040.00001000.00020000.00000000.sdmp, CPPlayer.exe, 00000003.00000003.2943095308.000000007ECF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.openssl.org/support/faq.html
                  Source: CPPlayer.exe, 00000003.00000002.3396224761.0000000063281000.00000040.00001000.00020000.00000000.sdmp, CPPlayer.exe, 00000003.00000003.2943095308.000000007ECF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.openssl.org/support/faq.htmlRAND
                  Source: CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://www.sciencedirect.com/science/article/pii/0010448578901100
                  Source: CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: https://dblp.org
                  Source: CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: https://dblp.org/rec/bib/journals/corr/MerigotMT17
                  Source: CPPlayer.exe, 00000003.00000000.2211867648.0000000000401000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: https://download.gilisoft.com/gs/ai-toolkit.exe
                  Source: CPPlayer.exe, 00000003.00000000.2211867648.0000000000401000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: https://download.gilisoft.com/gs/video-converter-discovery-edition.exe
                  Source: CPPlayer.exe, 00000003.00000000.2211867648.0000000000401000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: https://gilisoft.xyz/api2022/copyprotect/drmfingerprint/
                  Source: CPPlayer.exe, 00000003.00000000.2211867648.0000000000401000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: https://gilisoft.xyz/api2022/copyprotect/drmfingerprint/U
                  Source: CPPlayer.exe, 00000003.00000000.2211867648.0000000000401000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: https://gilisoft.xyz/api2022/copyprotect/gcpfingerprint/
                  Source: CPPlayer.exe, 00000003.00000000.2211867648.0000000000401000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: https://gilisoft.xyz/api2022/copyprotect/gcpfingerprint/U
                  Source: CPPlayer.exe, 00000003.00000000.2211867648.0000000000401000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: https://gilisoft.xyz/api2022/copyprotect/gcpinvalidsn/gcpinvalidsn.json
                  Source: CPPlayer.exe, 00000003.00000000.2211867648.0000000000401000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: https://gilisoft.xyz/api2022/copyprotect/uploadren.php?file_fingerprint=%s
                  Source: CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: https://github.com/BrunoLevy/geogram
                  Source: CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: https://github.com/BrunoLevy/geogram/blob/main/LICENSE
                  Source: CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: https://github.com/LoicMarechal/libMeshb
                  Source: CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: https://github.com/ocornut/imgui
                  Source: CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: https://github.com/pngwriter/pngwriter
                  Source: CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmpString found in binary or memory: https://github.com/podofo/podofo
                  Source: CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmpString found in binary or memory: https://github.com/podofo/podofoProducerCreatorKeywordsSubject
                  Source: CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: https://hal.inria.fr/inria-00344297
                  Source: CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: https://hal.inria.fr/inria-00344297/file/FPG_RNC8.pdf
                  Source: CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: https://sourceforge.net/u/hlbfgs/
                  Source: CPPlayer.exe, 00000003.00000000.2211867648.0000000000401000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.download.gilisoft.com/gs/copy-protect.exe
                  Source: CPPlayer.exe, 00000003.00000000.2211867648.0000000000401000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.download.gilisoft.com/gs/dvd-ripper.exe
                  Source: CPPlayer.exe, 00000003.00000000.2211867648.0000000000401000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.download.gilisoft.com/gs/free-video-drm-protection.exe
                  Source: CPPlayer.exe, 00000003.00000000.2211867648.0000000000401000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.download.gilisoft.com/gs/movie-dvd-creator.exe
                  Source: CPPlayer.exe, 00000003.00000000.2211867648.0000000000401000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.download.gilisoft.com/gs/screen-recorder-pro.exe
                  Source: CPPlayer.exe, 00000003.00000000.2211867648.0000000000401000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.download.gilisoft.com/gs/video-editor-pro.exe
                  Source: CPPlayer.exe, 00000003.00000000.2211867648.0000000000401000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.download.gilisoft.com/gs/video-editor.exe
                  Source: CPPlayer.exe, CPPlayer.exe, 00000003.00000002.3392005395.0000000010135000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.gilisoft.com/webtools/drm/srprocname.htm
                  Source: CPPlayer.exe, 00000003.00000002.3392005395.0000000010135000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.gilisoft.com/webtools/drm/srprocname.htmCPKernel.dllCurlNet.dllCURL_InitCURL_FreeCURL_Ge
                  Source: CPPlayer.exe, 00000003.00000000.2212391159.0000000001140000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.globalsign.com/repository/0
                  Source: CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: https://www.lua.org/
                  Source: CPPlayer.exe, 00000003.00000000.2211867648.0000000000401000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.thundershare.net/upload/drmpblack/drmfingerprint/
                  Source: CPPlayer.exe, 00000003.00000000.2211867648.0000000000401000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.thundershare.net/upload/drmpblack/uploadren.php?file_fingerprint=%s
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49876
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49886
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49883
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49878 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49876 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49883 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49886 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49878
                  Source: CPPlayer.exe, 00000003.00000002.3409128876.0000000068FA6000.00000002.00000001.01000000.00000013.sdmpBinary or memory string: GetRawInputDatamemstr_6b6ac6cb-6

                  E-Banking Fraud

                  barindex
                  Yara detected DanaBot stealer dll
                  Source: Yara matchFile source: 3.2.CPPlayer.exe.b070000.6.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000003.00000003.2297260812.0000000008EFD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000003.00000002.3370928782.000000000A530000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000003.00000003.2286381991.0000000008967000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000003.00000002.3379869403.000000000B089000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000003.00000003.2272903621.0000000008EFC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: CPPlayer.exe PID: 1476, type: MEMORYSTR
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_0B53EADC CryptAcquireContextA,CryptCreateHash,CryptHashData,CryptDeriveKey,CryptDecrypt,CryptAcquireContextA,CryptImportKey,CryptCreateHash,CryptHashData,CryptVerifySignatureW,CryptDecrypt,CryptDestroyHash,CryptReleaseContext,CryptDestroyKey,CryptDestroyHash,CryptReleaseContext,3_2_0B53EADC
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_0B53F2D0 CryptAcquireContextA,CryptImportKey,CryptAcquireContextA,CryptGenKey,CryptExportKey,CryptExportKey,CryptEncrypt,CryptEncrypt,CryptEncrypt,CryptEncrypt,CryptDestroyKey,CryptReleaseContext,CryptDestroyKey,CryptReleaseContext,3_2_0B53F2D0
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_0B53E728 CryptAcquireContextA,CryptCreateHash,CryptHashData,CryptDeriveKey,CryptEncrypt,CryptEncrypt,CryptAcquireContextA,CryptCreateHash,CryptHashData,CryptImportKey,CryptSignHashA,CryptSignHashA,CryptDestroyKey,CryptDestroyHash,CryptReleaseContext,CryptDestroyKey,CryptDestroyHash,CryptReleaseContext,3_2_0B53E728
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_0B53EEEC CryptAcquireContextA,CryptImportKey,CryptAcquireContextA,CryptDecrypt,CryptImportKey,CryptDecrypt,CryptDestroyKey,CryptReleaseContext,3_2_0B53EEEC

                  System Summary

                  barindex
                  Malicious sample detected (through community Yara rule)
                  Source: 3.2.CPPlayer.exe.b070000.6.unpack, type: UNPACKEDPEMatched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
                  PE file has a writeable .text section
                  Source: id3lib.dll.2.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\55060d.msiJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{E53ED465-6E91-4142-800E-A06FE3C79FE1}Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIC95.tmpJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\55060f.msiJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\55060f.msiJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\55060f.msiJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_069CC60E3_2_069CC60E
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_069D654A3_2_069D654A
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_069D657D3_2_069D657D
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_069E435C3_2_069E435C
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_069E80DA3_2_069E80DA
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_069E617A3_2_069E617A
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_069D6E263_2_069D6E26
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_069E4DCB3_2_069E4DCB
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_069D6A523_2_069D6A52
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_069E48873_2_069E4887
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_069E56B13_2_069E56B1
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_069D76523_2_069D7652
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_069E54363_2_069E5436
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_069DF5283_2_069DF528
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_069D72323_2_069D7232
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_069DB3773_2_069DB377
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_069D3C353_2_069D3C35
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_069E59B63_2_069E59B6
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_069BF9C83_2_069BF9C8
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_069BF9C63_2_069BF9C6
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_069AB95D3_2_069AB95D
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_069AB9533_2_069AB953
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_069AB9493_2_069AB949
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_069BF9403_2_069BF940
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_06DC16E03_2_06DC16E0
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_06DC15203_2_06DC1520
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_06DC1EB03_2_06DC1EB0
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_06DC19403_2_06DC1940
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_06DD9E503_2_06DD9E50
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_06DD80E03_2_06DD80E0
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_06DD65E03_2_06DD65E0
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_0731CB483_2_0731CB48
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_07314ED63_2_07314ED6
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_0731F53F3_2_0731F53F
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_0731D5D03_2_0731D5D0
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_0731D08C3_2_0731D08C
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_0731DCC83_2_0731DCC8
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_0B4F98043_2_0B4F9804
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_0B3F88BC3_2_0B3F88BC
                  Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exe FA203E315D9CF5190DA708DEA03FF34C1DF172C992DF671AA3DB2F5513A70D76
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: String function: 069CBEF0 appears 46 times
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: String function: 069CA744 appears 89 times
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: String function: 0B07A2F8 appears 238 times
                  Source: CPPlayer.exe.2.drStatic PE information: Resource name: FILE type: 7-zip archive data, version 0.3
                  Source: CPPlayer.exe.2.drStatic PE information: Resource name: FILE type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Source: CPPlayer.exe.2.drStatic PE information: Resource name: RT_STRING type: DOS executable (COM, 0x8C-variant)
                  Source: SDL2.dll.2.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
                  Source: avformat-55.dll.2.drStatic PE information: Number of sections : 11 > 10
                  Source: swscale-2.dll.2.drStatic PE information: Number of sections : 12 > 10
                  Source: pthreadGC2.dll.2.drStatic PE information: Number of sections : 16 > 10
                  Source: avutil-52.dll.2.drStatic PE information: Number of sections : 11 > 10
                  Source: swresample-0.dll.2.drStatic PE information: Number of sections : 12 > 10
                  Source: CPPlayer.exe.2.drStatic PE information: Number of sections : 11 > 10
                  Source: avcodec-55.dll.2.drStatic PE information: Number of sections : 12 > 10
                  Source: postproc-52.dll.2.drStatic PE information: Number of sections : 11 > 10
                  Source: avfilter-4.dll.2.drStatic PE information: Number of sections : 12 > 10
                  Source: CPKernel.dll.2.drStatic PE information: Number of sections : 14 > 10
                  Source: 3.2.CPPlayer.exe.b070000.6.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
                  Source: classification engineClassification label: mal88.troj.evad.winMSI@4/55@0/6
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_0B2DCE20 CoCreateInstance,3_2_0B2DCE20
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\CMLD12.tmpJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeMutant created: \Sessions\1\BaseNamedObjects\62914593
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\TEMP\~DF2639B1C9BE0EBAE1.TMPJump to behavior
                  Source: Yara matchFile source: 00000003.00000000.2211867648.0000000000401000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
                  Source: Yara matchFile source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exe, type: DROPPED
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeFile read: C:\Users\desktop.iniJump to behavior
                  Source: C:\Windows\System32\msiexec.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
                  Source: CPPlayer.exe, CPPlayer.exe, 00000003.00000002.3370928782.000000000A530000.00000040.00001000.00020000.00000000.sdmp, CPPlayer.exe, 00000003.00000003.2272903621.0000000008EFC000.00000004.00000020.00020000.00000000.sdmp, CPPlayer.exe, 00000003.00000003.2286381991.0000000008967000.00000004.00000020.00020000.00000000.sdmp, CPPlayer.exe, 00000003.00000003.2297260812.0000000008EFD000.00000004.00000020.00020000.00000000.sdmp, CPPlayer.exe, 00000003.00000002.3379869403.000000000B089000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
                  Source: CPPlayer.exe, CPPlayer.exe, 00000003.00000002.3370928782.000000000A530000.00000040.00001000.00020000.00000000.sdmp, CPPlayer.exe, 00000003.00000003.2272903621.0000000008EFC000.00000004.00000020.00020000.00000000.sdmp, CPPlayer.exe, 00000003.00000003.2286381991.0000000008967000.00000004.00000020.00020000.00000000.sdmp, CPPlayer.exe, 00000003.00000003.2297260812.0000000008EFD000.00000004.00000020.00020000.00000000.sdmp, CPPlayer.exe, 00000003.00000002.3379869403.000000000B089000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
                  Source: CPPlayer.exe, CPPlayer.exe, 00000003.00000002.3370928782.000000000A530000.00000040.00001000.00020000.00000000.sdmp, CPPlayer.exe, 00000003.00000003.2272903621.0000000008EFC000.00000004.00000020.00020000.00000000.sdmp, CPPlayer.exe, 00000003.00000003.2286381991.0000000008967000.00000004.00000020.00020000.00000000.sdmp, CPPlayer.exe, 00000003.00000003.2297260812.0000000008EFD000.00000004.00000020.00020000.00000000.sdmp, CPPlayer.exe, 00000003.00000002.3379869403.000000000B089000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
                  Source: CPPlayer.exe, 00000003.00000002.3370928782.000000000A530000.00000040.00001000.00020000.00000000.sdmp, CPPlayer.exe, 00000003.00000003.2272903621.0000000008EFC000.00000004.00000020.00020000.00000000.sdmp, CPPlayer.exe, 00000003.00000003.2286381991.0000000008967000.00000004.00000020.00020000.00000000.sdmp, CPPlayer.exe, 00000003.00000003.2297260812.0000000008EFD000.00000004.00000020.00020000.00000000.sdmp, CPPlayer.exe, 00000003.00000002.3379869403.000000000B089000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
                  Source: 5.msiStatic file information: TRID: Microsoft Windows Installer (60509/1) 88.31%
                  Source: CPPlayer.exeString found in binary or memory: t xml:space=.gif" border="0"</body> </html> overflow:hidden;img src="http://addEventListenerresponsible for s.js"></script> /favicon.ico" />operating system" style="width:1target="_blank">State Universitytext-align:left; document.write(, including the around t
                  Source: unknownProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\5.msi"
                  Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
                  Source: C:\Windows\System32\msiexec.exeProcess created: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exe "C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exe"
                  Source: C:\Windows\System32\msiexec.exeProcess created: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exe "C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exe"Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: srpapi.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: textinputframework.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: coremessaging.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: textshaping.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: msisip.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: cryptnet.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: webio.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: msihnd.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: srclient.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: spp.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: powrprof.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: vssapi.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: vsstrace.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: umpdc.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: msisip.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: rstrtmgr.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeSection loaded: winmm.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeSection loaded: netapi32.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeSection loaded: wsock32.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeSection loaded: wtsapi32.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeSection loaded: winsta.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeSection loaded: olepro32.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeSection loaded: security.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeSection loaded: textshaping.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeSection loaded: dwmapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeSection loaded: idndl.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeSection loaded: avformat-55.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeSection loaded: avcodec-55.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeSection loaded: avutil-52.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeSection loaded: avfilter-4.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeSection loaded: swscale-2.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeSection loaded: swresample-0.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeSection loaded: pthreadvc2.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeSection loaded: corem.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeSection loaded: corez.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeSection loaded: gimageview.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeSection loaded: pthreadgc2.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeSection loaded: avcodec-55.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeSection loaded: avutil-52.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeSection loaded: pthreadgc2.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeSection loaded: plan35.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeSection loaded: avutil-52.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeSection loaded: swresample-0.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeSection loaded: pthreadgc2.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeSection loaded: pthreadgc2.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeSection loaded: postproc-52.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeSection loaded: swresample-0.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeSection loaded: swscale-2.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeSection loaded: quserex.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeSection loaded: quserex.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeSection loaded: sdl2.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeSection loaded: textinputframework.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeSection loaded: coreuicomponents.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeSection loaded: coremessaging.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeSection loaded: coremessaging.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeSection loaded: abbugreporter.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeSection loaded: id3lib.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeSection loaded: oleacc.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeSection loaded: mpr.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeSection loaded: rasapi32.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeSection loaded: rasman.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeSection loaded: samcli.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeSection loaded: avifil32.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeSection loaded: msvfw32.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeSection loaded: msacm32.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeSection loaded: winmmbase.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeSection loaded: winmmbase.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeSection loaded: cryptui.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeSection loaded: pstorec.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwnerJump to behavior
                  Source: Window RecorderWindow detected: More than 3 window changes detected
                  Source: 5.msiStatic file information: File size 42938368 > 1048576
                  Source: Binary string: d:\GS-WORK\MultiMediaKernel2.3\OUTPUT\SharpWnd.pdb, source: CPPlayer.exe, 00000003.00000002.3405865938.0000000068E1D000.00000002.00000001.01000000.00000015.sdmp
                  Source: Binary string: D:\GS-WORK\Privacy Tools\Copy Protect\output\release\CPKernel.pdb source: CPPlayer.exe, 00000003.00000002.3392005395.0000000010148000.00000002.00000001.01000000.00000004.sdmp
                  Source: Binary string: d:\GS-WORK\MultiMediaKernel2.3\OUTPUT\SharpWnd.pdb source: CPPlayer.exe, 00000003.00000002.3405865938.0000000068E1D000.00000002.00000001.01000000.00000015.sdmp
                  Source: Binary string: D:\xia\Work\Image\GImageView\Win32\Release\GImageView.pdb source: CPPlayer.exe, 00000003.00000002.3491290780.000000006B213000.00000002.00000001.01000000.0000000B.sdmp

                  Data Obfuscation

                  barindex
                  Detected unpacking (creates a PE file in dynamic memory)
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeUnpacked PE file: 3.2.CPPlayer.exe.7420000.5.unpack
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_069DEEC4 __decode_pointer,LoadLibraryA,GetProcAddress,GetLastError,GetLastError,GetLastError,__encode_pointer,InterlockedExchange,FreeLibrary,3_2_069DEEC4
                  Source: corez.dll.2.drStatic PE information: real checksum: 0x0 should be: 0x1e301
                  Source: pthreadVC2.dll.2.drStatic PE information: real checksum: 0x0 should be: 0x141a8
                  Source: avcodec-55.dll.2.drStatic PE information: real checksum: 0x94b7f5 should be: 0x9507ec
                  Source: corem.dll.2.drStatic PE information: real checksum: 0x0 should be: 0x1a4b4
                  Source: id3lib.dll.2.drStatic PE information: real checksum: 0xa1727 should be: 0x99728
                  Source: AbBugReporter.dll.2.drStatic PE information: real checksum: 0x0 should be: 0x284f61
                  Source: CPKernel.dll.2.drStatic PE information: real checksum: 0x0 should be: 0x33a16c
                  Source: avfilter-4.dll.2.drStatic PE information: section name: .rodata
                  Source: avfilter-4.dll.2.drStatic PE information: section name: /4
                  Source: postproc-52.dll.2.drStatic PE information: section name: /4
                  Source: avformat-55.dll.2.drStatic PE information: section name: /4
                  Source: CPPlayer.exe.2.drStatic PE information: section name: .didata
                  Source: swscale-2.dll.2.drStatic PE information: section name: .rodata
                  Source: swscale-2.dll.2.drStatic PE information: section name: /4
                  Source: avutil-52.dll.2.drStatic PE information: section name: /4
                  Source: CPKernel.dll.2.drStatic PE information: section name: .text.un
                  Source: CPKernel.dll.2.drStatic PE information: section name: .eh_fram
                  Source: CPKernel.dll.2.drStatic PE information: section name: .debug_i
                  Source: CPKernel.dll.2.drStatic PE information: section name: .debug_a
                  Source: CPKernel.dll.2.drStatic PE information: section name: .debug_l
                  Source: CPKernel.dll.2.drStatic PE information: section name: .debug_a
                  Source: CPKernel.dll.2.drStatic PE information: section name: .debug_r
                  Source: CPKernel.dll.2.drStatic PE information: section name: .debug_l
                  Source: CPKernel.dll.2.drStatic PE information: section name: .debug_s
                  Source: swresample-0.dll.2.drStatic PE information: section name: .rodata
                  Source: swresample-0.dll.2.drStatic PE information: section name: /4
                  Source: pthreadGC2.dll.2.drStatic PE information: section name: /4
                  Source: pthreadGC2.dll.2.drStatic PE information: section name: /19
                  Source: pthreadGC2.dll.2.drStatic PE information: section name: /35
                  Source: pthreadGC2.dll.2.drStatic PE information: section name: /47
                  Source: pthreadGC2.dll.2.drStatic PE information: section name: /61
                  Source: pthreadGC2.dll.2.drStatic PE information: section name: /73
                  Source: pthreadGC2.dll.2.drStatic PE information: section name: /86
                  Source: pthreadGC2.dll.2.drStatic PE information: section name: /97
                  Source: avcodec-55.dll.2.drStatic PE information: section name: .rodata
                  Source: avcodec-55.dll.2.drStatic PE information: section name: /4
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_069AC671 push es; ret 3_2_069AC676
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_069CA789 push ecx; ret 3_2_069CA79C
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_069AC762 push es; ret 3_2_069AC766
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_069AC571 push es; ret 3_2_069AC576
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_069A2223 push es; ret 3_2_069A2226
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_069A2331 push es; ret 3_2_069A2336
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_069A20B1 push es; ret 3_2_069A20B6
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_069C6F8B push ecx; ret 3_2_069C6F9E
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_069AC862 push es; ret 3_2_069AC866
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_069AC9B1 push es; ret 3_2_069AC9B6
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_069A1F42 push es; ret 3_2_069A1F46
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_0699FC12 push es; ret 3_2_0699FC16
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_06DC59E0 push eax; ret 3_2_06DC5A0E
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_06DDF6E0 push eax; ret 3_2_06DDF70E
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_073154E1 push ecx; ret 3_2_073154F4
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_0B0928A4 push ecx; mov dword ptr [esp], ecx3_2_0B0928A8
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_0B43DFEC push 0B43E076h; ret 3_2_0B43E06E
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_0B229FD8 push ecx; mov dword ptr [esp], eax3_2_0B229FD9
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_0B093E6C push ecx; mov dword ptr [esp], ecx3_2_0B093E6F
                  Source: msvcr90.dll.2.drStatic PE information: section name: .text entropy: 6.92063892456726
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\swresample-0.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\avutil-52.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\corem.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\Microsoft.VC90.CRT\msvcm90.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\SharpWnd.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\Microsoft.VC90.MFC\mfc90u.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\swscale-2.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\pthreadGC2.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\Microsoft.VC90.MFC\mfcm90.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\GImageView.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\Microsoft.VC90.CRT\msvcr90.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\Microsoft.Windows.Common-Controls\comctl32.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\avformat-55.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\corez.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\avcodec-55.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\Player.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\Plan35.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\id3lib.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\Microsoft.VC90.CRT\msvcp90.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\ImageZoom.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\Microsoft.VC90.MFC\mfc90.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\Microsoft.VC90.MFC\mfcm90u.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\avfilter-4.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\SDL2.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\postproc-52.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\pthreadVC2.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\AbBugReporter.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPKernel.dllJump to dropped file

                  Hooking and other Techniques for Hiding and Protection

                  barindex
                  May use the Tor software to hide its network traffic
                  Source: CPPlayer.exe, 00000003.00000002.3370928782.000000000A530000.00000040.00001000.00020000.00000000.sdmp, CPPlayer.exe, 00000003.00000003.2272903621.0000000008EFC000.00000004.00000020.00020000.00000000.sdmp, CPPlayer.exe, 00000003.00000003.2286381991.0000000008967000.00000004.00000020.00020000.00000000.sdmp, CPPlayer.exe, 00000003.00000003.2297260812.0000000008EFD000.00000004.00000020.00020000.00000000.sdmp, CPPlayer.exe, 00000003.00000002.3379869403.000000000B089000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: torConnect
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior

                  Malware Analysis System Evasion

                  barindex
                  Tries to detect virtualization through RDTSC time measurements
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeRDTSC instruction interceptor: First address: 6A8524B1 second address: 6A8524E4 instructions: 0x00000000 rdtsc 0x00000002 mov edi, eax 0x00000004 mov esi, edx 0x00000006 mov ebx, edi 0x00000008 mov ebp, esi 0x0000000a add ebx, 000003E8h 0x00000010 mov ecx, 00000001h 0x00000015 adc ebp, 00000000h 0x00000018 nop dword ptr [eax+00000000h] 0x0000001f mov eax, ecx 0x00000021 test ecx, ecx 0x00000023 jle 00007F589CFCEB59h 0x00000025 dec eax 0x00000026 pause 0x00000028 test eax, eax 0x0000002a jnle 00007F589CFCEB4Bh 0x0000002c cmp ecx, 10h 0x0000002f jnl 00007F589CFCEB54h 0x00000031 add ecx, ecx 0x00000033 rdtsc
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeRDTSC instruction interceptor: First address: 6A8524E4 second address: 6A8524E4 instructions: 0x00000000 rdtsc 0x00000002 cmp edx, esi 0x00000004 jc 00007F589C525646h 0x00000006 jnbe 00007F589C525636h 0x00000008 cmp eax, edi 0x0000000a jbe 00007F589C525640h 0x0000000c mov edi, eax 0x0000000e mov esi, edx 0x00000010 cmp edx, ebp 0x00000012 jc 00007F589C52560Ah 0x00000014 jnbe 00007F589C525636h 0x00000016 cmp eax, ebx 0x00000018 jc 00007F589C525604h 0x0000001a mov eax, ecx 0x0000001c test ecx, ecx 0x0000001e jle 00007F589C525639h 0x00000020 dec eax 0x00000021 pause 0x00000023 test eax, eax 0x00000025 jnle 00007F589C52562Bh 0x00000027 dec eax 0x00000028 pause 0x0000002a test eax, eax 0x0000002c jnle 00007F589C52562Bh 0x0000002e cmp ecx, 10h 0x00000031 jnl 00007F589C525634h 0x00000033 add ecx, ecx 0x00000035 rdtsc
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeWindow / User API: threadDelayed 739Jump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeWindow / User API: threadDelayed 1185Jump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeDecision node followed by non-executed suspicious API: DecisionNode, Non Executed (send or recv or WinExec)graph_3-71006
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\Microsoft.VC90.CRT\msvcm90.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\SharpWnd.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\Microsoft.VC90.MFC\mfc90u.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\Player.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\Microsoft.VC90.CRT\msvcp90.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\Microsoft.VC90.MFC\mfcm90.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\ImageZoom.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\Microsoft.VC90.MFC\mfcm90u.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\Microsoft.VC90.MFC\mfc90.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\Microsoft.VC90.CRT\msvcr90.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\Microsoft.Windows.Common-Controls\comctl32.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPKernel.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeAPI coverage: 4.1 %
                  Source: C:\Windows\System32\msiexec.exe TID: 4832Thread sleep time: -30000s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exe TID: 5880Thread sleep time: -59250s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exe TID: 3160Thread sleep time: -922337203685477s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exe TID: 612Thread sleep time: -922337203685477s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeLast function: Thread delayed
                  Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_0B09368C FindFirstFileW,GetLastError,3_2_0B09368C
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_0B404934 GetSystemInfo,3_2_0B404934
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeFile opened: C:\Users\userJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeFile opened: C:\Users\user\AppDataJump to behavior
                  Source: CPPlayer.exe, 00000003.00000002.3392005395.0000000010135000.00000002.00000001.01000000.00000004.sdmpBinary or memory string: VMware
                  Source: CPPlayer.exe, 00000003.00000002.3362141111.000000000703A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                  Source: CPPlayer.exe, 00000003.00000002.3392005395.0000000010135000.00000002.00000001.01000000.00000004.sdmpBinary or memory string: {%08X-%04X-%04x-%02X%02X-%02X%02X%02X%02X%02X%02X}szFile:%s dwCPFileType:%d szFileID:%sCP_TYPE_USB_COPYdwDeviceType:%d\\.\%C:%04X%04XszFileID:GetUSBDiskSerialNum szFileIdCheck:GetUSBDiskSerialNumALL szFileIdCheck:nMinSize:%dERROR_FILE_CPRndfpasswordchecker-%s%s.g%.2d%s%s.g%d\public\*.*\vipvip\*.*\*.*--redirectstart----redirectend----updatekanfileurlstart----updatekanfileurlend----treeupdatedatestart----treeupdatedateend----treefreerowstart----treefreerowend----treeviprowstart----treeviprowend----urlopen:--@@@--url:text:defaultieend--start--.jpg.jpeg\public\\vipvip\randomkey_nouseSYSTEM\CurrentControlSet\Services\Disk\Enum\0wmic BaseBoard get SerialNumberSerialNumberGetBaseBoardByCmd CreatePipe FailedGetBaseBoardByCmd CreateProcess FailedGetBaseBoardByCmd ReadFileFailedGetBaseBoardByCmd szBuffer 1GetBaseBoardByCmd szBuffer 2GetBaseBoardByCmd strstr Failed%.4X-harddisk\DrmVideoPlayer.cfgMainBoradMainMainBorad GetConfig Failed! Need to CreateMainborad| CP_SN_KEYCP_SN_IV%02x8.8.8.8VirtualVMware\\?\%c:https://www.gilisoft.com/webtools/drm/srprocname.htmCPKernel.dllCurlNet.dllCURL_InitCURL_FreeCURL_GetWebContentCURL_FreeBufferIsRunVideoRecorder pfnCURL_GetWebContent called sucIsRunVideoRecorder pfnCURL_GetWebContent called failedIsRunVideoRecorder pfnCURL_Init called failedIsRunVideoRecorder pfnCURL_Init load failedIsRunVideoRecorder LoadLibraryW CurlNet failedProcNameIsRunVideoRecorder appending:^p
                  Source: CPPlayer.exe, 00000003.00000002.3499434292.000000006B48D000.00000002.00000001.01000000.00000007.sdmpBinary or memory string: xvmcidct
                  Source: CPPlayer.exe, 00000003.00000002.3520174720.000000006BAED000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: kvmncVMware Screen Codec / VMware VideoDuplicate value found in floor 1 X coordinates
                  Source: CPPlayer.exe, 00000003.00000002.3499434292.000000006B48D000.00000002.00000001.01000000.00000007.sdmpBinary or memory string: d->log2_chroma_h <= 3d->nb_components <= 4d->name && d->name[0](d->nb_components==4 || d->nb_components==2) == !!(d->flags & (1 << 7))!c->plane && !c->step_minus1 && !c->offset_plus1 && !c->shift && !c->depth_minus1c->step_minus1 >= c->depth_minus18*(c->step_minus1+1) >= c->depth_minus1+1bayer_tmp[0] == 0 && tmp[1] == 0beyuv420pyuyv422rgb24bgr24yuv422pyuv444pyuv410pyuv411pgraymonowmonobpal8yuvj420pyuvj422pyuvj444pxvmcmcxvmcidctuyvy422uyyvyy411bgr8bgr4bgr4_bytergb8rgb4rgb4_bytenv12nv21argbabgrgray16begray16leyuv440pyuvj440pyuva420pvdpau_h264vdpau_mpeg1vdpau_mpeg2vdpau_wmv3vdpau_vc1rgb48bergb48lergb565bergb565lergb555bergb555lebgr565bebgr565lebgr555bebgr555levaapi_mocovaapi_idctvaapi_vldyuv420p16leyuv420p16beyuv422p16leyuv422p16beyuv444p16leyuv444p16bevdpau_mpeg4dxva2_vldrgb444lergb444bebgr444lebgr444begray8abgr48bebgr48leyuv420p9beyuv420p9leyuv420p10beyuv420p10leyuv422p10beyuv422p10leyuv444p9beyuv444p9leyuv444p10beyuv444p10leyuv422p9beyuv422p9levda_vldgbrpgbrp9begbrp9legbrp10begbrp10legbrp16begbrp16leyuva420p9beyuva420p9leyuva422p9beyuva422p9leyuva444p9beyuva444p9leyuva420p10beyuva420p10leyuva422p10beyuva422p10leyuva444p10beyuva444p10leyuva420p16beyuva420p16leyuva422p16beyuva422p16leyuva444p16beyuva444p16levdpauxyz12lexyz12benv16nv20lenv20beyvyu422vdargba64bergba64lebgra64bebgra64le0rgbrgb00bgrbgr0yuva444pyuva422pyuv420p12beyuv420p12leyuv420p14beyuv420p14leyuv422p12beyuv422p12leyuv422p14beyuv422p14leyuv444p12beyuv444p12leyuv444p14beyuv444p14legbrp12begbrp12legbrp14begbrp14legbrapgbrap16begbrap16leyuvj411pbayer_bggr8bayer_rggb8bayer_gbrg8bayer_grbg8bayer_bggr16lebayer_bggr16bebayer_rggb16lebayer_rggb16bebayer_gbrg16lebayer_gbrg16bebayer_grbg16lebayer_grbg16be',Ik
                  Source: CPPlayer.exe, 00000003.00000002.3520174720.000000006BAED000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: VMware Screen Codec / VMware Video
                  Source: CPPlayer.exe, 00000003.00000002.3352488675.0000000001893000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeAPI call chain: ExitProcess graph end nodegraph_3-70969
                  Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_069C2B05 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_069C2B05
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_069DEEC4 __decode_pointer,LoadLibraryA,GetProcAddress,GetLastError,GetLastError,GetLastError,__encode_pointer,InterlockedExchange,FreeLibrary,3_2_069DEEC4
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_069E39A7 CreateFileW,__lseeki64_nolock,__lseeki64_nolock,GetProcessHeap,HeapAlloc,__setmode_nolock,__write_nolock,__setmode_nolock,GetProcessHeap,HeapFree,__lseeki64_nolock,SetEndOfFile,GetLastError,__lseeki64_nolock,3_2_069E39A7
                  Source: C:\Windows\System32\msiexec.exeProcess created: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exe "C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exe"Jump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_069C6D7B __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_069C6D7B
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_069C2B05 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_069C2B05
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_069C3C8B _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_069C3C8B
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_0731BFE6 __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_0731BFE6
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_07313E6A IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_07313E6A
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_07317AC4 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_07317AC4
                  Source: CPPlayer.exeBinary or memory string: Shell_TrayWnd
                  Source: CPPlayer.exe, 00000003.00000002.3370928782.000000000A530000.00000040.00001000.00020000.00000000.sdmp, CPPlayer.exe, 00000003.00000003.2272903621.0000000008EFC000.00000004.00000020.00020000.00000000.sdmp, CPPlayer.exe, 00000003.00000003.2286381991.0000000008967000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Shell_TrayWndTrayNotifyWndSysPagerToolbarWindow32U
                  Source: CPPlayer.exe, 00000003.00000002.3370928782.000000000A530000.00000040.00001000.00020000.00000000.sdmp, CPPlayer.exe, 00000003.00000003.2272903621.0000000008EFC000.00000004.00000020.00020000.00000000.sdmp, CPPlayer.exe, 00000003.00000003.2286381991.0000000008967000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: explorer.exeShell_TrayWnd
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_06DC2420 cpuid 3_2_06DC2420
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,InterlockedDecrement,InterlockedDecrement,3_2_069C65E1
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,__invoke_watson,___crtGetLocaleInfoW,3_2_069CA520
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,_ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoA,_strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itoa_s,3_2_069D4E16
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,3_2_069D4C86
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,3_2_069D4DDA
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: EnumSystemLocalesA,3_2_069D4D49
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,3_2_069D4D73
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage,3_2_069D4AB4
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: GetLocaleInfoA,3_2_069E2AC8
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: GetLocaleInfoA,_LcidFromHexString,_GetPrimaryLen,_strlen,3_2_069D4A40
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: GetLocaleInfoA,GetLocaleInfoA,GetACP,3_2_069D4891
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,3_2_069D49A8
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,3_2_069D29FD
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLastError,GetLocaleInfoW,_malloc,GetLocaleInfoW,WideCharToMultiByte,__freea,GetLocaleInfoA,3_2_069DD79D
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: GetLocaleInfoW,3_2_069DD750
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: _LocaleUpdate::_LocaleUpdate,GetLocaleInfoW,3_2_069DD769
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: __calloc_crt,__malloc_crt,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,InterlockedDecrement,InterlockedDecrement,3_2_069D3329
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: __calloc_crt,__malloc_crt,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,InterlockedDecrement,InterlockedDecrement,InterlockedDecrement,3_2_069D309E
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: GetLocaleInfoA,3_2_069D1D96
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,3_2_069DD8DC
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: GetLocaleInfoA,3_2_0731F32C
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,3_2_0B07D878
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1Jump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1Jump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1Jump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion InstallDateJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion ProductIdJump to behavior
                  Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_069D1D00 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,3_2_069D1D00
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_0B545BF8 GetTimeZoneInformation,3_2_0B545BF8
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_069AEDB0 GetVersion,CreateFileW,CreateFileA,SetFilePointer,SetEndOfFile,CloseHandle,3_2_069AEDB0
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                  Stealing of Sensitive Information

                  barindex
                  Yara detected DanaBot stealer dll
                  Source: Yara matchFile source: 3.2.CPPlayer.exe.b070000.6.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000003.00000003.2297260812.0000000008EFD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000003.00000002.3370928782.000000000A530000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000003.00000003.2286381991.0000000008967000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000003.00000002.3379869403.000000000B089000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000003.00000003.2272903621.0000000008EFC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: CPPlayer.exe PID: 1476, type: MEMORYSTR
                  Yara detected Nitol
                  Source: Yara matchFile source: Process Memory Space: CPPlayer.exe PID: 1476, type: MEMORYSTR
                  Source: Yara matchFile source: 3.2.CPPlayer.exe.b070000.6.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000003.00000003.2297260812.0000000008EFD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000003.00000002.3370928782.000000000A530000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000003.00000003.2286381991.0000000008967000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000003.00000002.3379869403.000000000B089000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000003.00000003.2272903621.0000000008EFC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: CPPlayer.exe PID: 1476, type: MEMORYSTR

                  Remote Access Functionality

                  barindex
                  Yara detected DanaBot stealer dll
                  Source: Yara matchFile source: 3.2.CPPlayer.exe.b070000.6.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000003.00000003.2297260812.0000000008EFD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000003.00000002.3370928782.000000000A530000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000003.00000003.2286381991.0000000008967000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000003.00000002.3379869403.000000000B089000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000003.00000003.2272903621.0000000008EFC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: CPPlayer.exe PID: 1476, type: MEMORYSTR
                  Yara detected Nitol
                  Source: Yara matchFile source: Process Memory Space: CPPlayer.exe PID: 1476, type: MEMORYSTR
                  Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeCode function: 3_2_0B46A720 socket,htons,inet_addr,bind,listen,closesocket,3_2_0B46A720

                  Mitre Att&ck Matrix

                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity InformationAcquire Infrastructure1
                  Replication Through Removable Media                  		1
                  Native API                  		1
                  DLL Side-Loading                  		1
                  DLL Side-Loading                  		1
                  Disable or Modify Tools                  		11
                  Input Capture                  		2
                  System Time Discovery                  		Remote Services11
                  Archive Collected Data                  		22
                  Encrypted Channel                  		Exfiltration Over Other Network Medium1
                  Data Encrypted for Impact
                  CredentialsDomainsDefault Accounts2
                  Command and Scripting Interpreter                  		Boot or Logon Initialization Scripts2
                  Process Injection                  		1
                  Deobfuscate/Decode Files or Information                  		LSASS Memory11
                  Peripheral Device Discovery                  		Remote Desktop Protocol11
                  Input Capture                  		1
                  Non-Standard Port                  		Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)3
                  Obfuscated Files or Information                  		Security Account Manager3
                  File and Directory Discovery                  		SMB/Windows Admin SharesData from Network Shared Drive1
                  Multi-hop Proxy                  		Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
                  Software Packing                  		NTDS166
                  System Information Discovery                  		Distributed Component Object ModelInput Capture1
                  Application Layer Protocol                  		Traffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                  DLL Side-Loading                  		LSA Secrets121
                  Security Software Discovery                  		SSHKeylogging1
                  Proxy                  		Scheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                  File Deletion                  		Cached Domain Credentials2
                  Process Discovery                  		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                  DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items11
                  Masquerading                  		DCSync21
                  Virtualization/Sandbox Evasion                  		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                  Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job21
                  Virtualization/Sandbox Evasion                  		Proc Filesystem1
                  Application Window Discovery                  		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                  Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt2
                  Process Injection                  		/etc/passwd and /etc/shadow1
                  System Owner/User Discovery                  		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  No Antivirus matches

                  Dropped Files

                  SourceDetectionScannerLabelLink
                  C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPKernel.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exe4%ReversingLabs
                  C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\GImageView.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\ImageZoom.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\Microsoft.VC90.CRT\msvcm90.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\Microsoft.VC90.CRT\msvcp90.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\Microsoft.VC90.CRT\msvcr90.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\Microsoft.VC90.MFC\mfc90.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\Microsoft.VC90.MFC\mfc90u.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\Microsoft.VC90.MFC\mfcm90.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\Microsoft.VC90.MFC\mfcm90u.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\Microsoft.Windows.Common-Controls\comctl32.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\Player.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\SDL2.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\SharpWnd.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\avfilter-4.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\avformat-55.dll3%ReversingLabs
                  C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\avutil-52.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\corem.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\corez.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\id3lib.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\postproc-52.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\pthreadGC2.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\pthreadVC2.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\swresample-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\swscale-2.dll0%ReversingLabs

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  No Antivirus matches

                  URLs

                  SourceDetectionScannerLabelLink
                  http://doi.acm.org/10.1145/77635.776390%Avira URL Cloudsafe
                  https://download.gilisoft.com/gs/ai-toolkit.exe0%Avira URL Cloudsafe
                  http://dblp.uni-trier.de/rec/bib/journals/ewc/NivoliersYL140%Avira URL Cloudsafe
                  http://dblp.uni-trier.de/rec/bib/journals/tog/LevyPRM020%Avira URL Cloudsafe
                  http://dblp.uni-trier.de/rec/bib/journals/cgf/ValletL080%Avira URL Cloudsafe
                  http://dblp.uni-trier.de/rec/bib/journals/paapp/BuatoisCL090%Avira URL Cloudsafe
                  http://www.id3lib.org/0%Avira URL Cloudsafe
                  http://www.GiliSoft.com/0%Avira URL Cloudsafe
                  http://sources.redhat.com/pthreads-win32/b%0%Avira URL Cloudsafe
                  https://www.download.gilisoft.com/gs/video-editor.exe0%Avira URL Cloudsafe
                  https://www.gilisoft.com/webtools/drm/srprocname.htm0%Avira URL Cloudsafe
                  http://dblp.uni-trier.de0%Avira URL Cloudsafe
                  http://doi.acm.org/10.1145/26296970%Avira URL Cloudsafe
                  https://www.download.gilisoft.com/gs/copy-protect.exe0%Avira URL Cloudsafe
                  https://gilisoft.xyz/api2022/copyprotect/drmfingerprint/U0%Avira URL Cloudsafe
                  http://dblp.uni-trier.de/rec/bib/journals/tog/EdelsbrunnerM900%Avira URL Cloudsafe
                  http://www.gilisoft.com/cart-video-drm-protection.html0%Avira URL Cloudsafe
                  http://dblp.uni-trier.de/rec/bib/journals/cgf/MullenTAD080%Avira URL Cloudsafe
                  https://www.download.gilisoft.com/gs/video-editor-pro.exe0%Avira URL Cloudsafe
                  https://www.download.gilisoft.com/gs/movie-dvd-creator.exe0%Avira URL Cloudsafe
                  https://gilisoft.xyz/api2022/copyprotect/gcpinvalidsn/gcpinvalidsn.json0%Avira URL Cloudsafe
                  http://dblp.uni-trier.de/rec/bib/journals/tog/SokolovRUL160%Avira URL Cloudsafe
                  https://gilisoft.xyz/api2022/copyprotect/gcpfingerprint/U0%Avira URL Cloudsafe
                  http://dblp.uni-trier.de/rec/bib/conf/imr/LevyB120%Avira URL Cloudsafe
                  http://doi.acm.org/10.1145/1640443.16404440%Avira URL Cloudsafe
                  http://dblp.uni-trier.de/rec/bib/conf/imr/Si060%Avira URL Cloudsafe
                  http://doi.acm.org/10.1145/1141911.11420160%Avira URL Cloudsafe
                  http://doi.acm.org/10.1145/1559755.15597580%Avira URL Cloudsafe
                  http://dblp.uni-trier.de/rec/bib/conf/imr/NivoliersYL110%Avira URL Cloudsafe
                  http://dblp.uni-trier.de/rec/bib/journals/comgeo/BoissonnatDPTY020%Avira URL Cloudsafe
                  http://dblp.uni-trier.de/rec/bib/journals/tog/KazhdanH130%Avira URL Cloudsafe
                  http://dblp.uni-trier.de/rec/bib/journals/cgf/LuLW120%Avira URL Cloudsafe
                  https://hal.inria.fr/inria-003442970%Avira URL Cloudsafe
                  https://www.thundershare.net/upload/drmpblack/drmfingerprint/0%Avira URL Cloudsafe
                  http://dblp.uni-trier.de/rec/bib/conf/compgeom/Shewchuk960%Avira URL Cloudsafe
                  https://www.gilisoft.com/webtools/drm/srprocname.htmCPKernel.dllCurlNet.dllCURL_InitCURL_FreeCURL_Ge0%Avira URL Cloudsafe
                  http://doi.acm.org/10.1145/142675.1427470%Avira URL Cloudsafe
                  http://dblp.uni-trier.de/rec/bib/journals/toms/Si150%Avira URL Cloudsafe
                  http://doi.acm.org/10.1145/29306620%Avira URL Cloudsafe
                  http://dblp.uni-trier.de/rec/bib/journals/tog/RaySL160%Avira URL Cloudsafe
                  https://hal.inria.fr/inria-00344297/file/FPG_RNC8.pdf0%Avira URL Cloudsafe
                  http://dblp.uni-trier.de/rec/bib/journals/ijfcs/DevillersPT020%Avira URL Cloudsafe
                  http://dblp.uni-trier.de/rec/bib/conf/gmp/YanWLL100%Avira URL Cloudsafe
                  http://dblp.uni-trier.de/rec/bib/conf/isvc/ToledoLP070%Avira URL Cloudsafe
                  http://doi.acm.org/10.1145/777792.7778240%Avira URL Cloudsafe
                  https://www.download.gilisoft.com/gs/dvd-ripper.exe0%Avira URL Cloudsafe
                  https://gilisoft.xyz/api2022/copyprotect/drmfingerprint/0%Avira URL Cloudsafe
                  http://doi.acm.org/10.1145/1183287.11832970%Avira URL Cloudsafe
                  http://dblp.uni-trier.de/rec/bib/journals/comgeo/FunkeMN050%Avira URL Cloudsafe
                  http://dblp.uni-trier.de/rec/bib/journals/tog/LevyL100%Avira URL Cloudsafe
                  http://dblp.uni-trier.de/rec/bib/journals/tog/RayVAL090%Avira URL Cloudsafe
                  https://gilisoft.xyz/api2022/copyprotect/gcpfingerprint/0%Avira URL Cloudsafe
                  http://dblp.uni-trier.de/rec/bib/journals/tog/LiuWLSYLY090%Avira URL Cloudsafe
                  http://dblp2.uni-trier.de/rec/bib/conf/compgeom/AmentaCR030%Avira URL Cloudsafe
                  https://gilisoft.xyz/api2022/copyprotect/uploadren.php?file_fingerprint=%s0%Avira URL Cloudsafe
                  http://doi.acm.org/10.1145/2487228.24872370%Avira URL Cloudsafe
                  http://dblp.uni-trier.de/rec/bib/journals/tog/RayVLL080%Avira URL Cloudsafe
                  https://www.download.gilisoft.com/gs/free-video-drm-protection.exe0%Avira URL Cloudsafe
                  http://dblp.uni-trier.de/rec/bib/conf/wacg/Shewchuk960%Avira URL Cloudsafe
                  http://www.GiliSoft.com/openU0%Avira URL Cloudsafe
                  http://dblp.uni-trier.de/rec/bib/journals/cgf/YanLLSW090%Avira URL Cloudsafe
                  https://download.gilisoft.com/gs/video-converter-discovery-edition.exe0%Avira URL Cloudsafe
                  http://doi.acm.org/10.1145/237218.2373370%Avira URL Cloudsafe
                  http://w3.impa.br/~diego/software/rply/0%Avira URL Cloudsafe
                  https://www.thundershare.net/upload/drmpblack/uploadren.php?file_fingerprint=%s0%Avira URL Cloudsafe
                  http://dblp.uni-trier.de/rec/bib/journals/cj/Bowyer810%Avira URL Cloudsafe

                  Domains and IPs

                  Contacted Domains

                  NameIPActiveMaliciousAntivirus DetectionReputation
                  bg.microsoft.map.fastly.net
                  		199.232.214.172
                  		truefalse
                    		high

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    http://dblp.uni-trier.de/rec/bib/journals/paapp/BuatoisCL09CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://dl.acm.org/citation.cfm?id=2982408CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpfalse
                      		high
                      https://download.gilisoft.com/gs/ai-toolkit.exeCPPlayer.exe, 00000003.00000000.2211867648.0000000000401000.00000020.00000001.01000000.00000003.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://github.com/BrunoLevy/geogramCPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpfalse
                        		high
                        http://arxiv.org/abs/1707.01337CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpfalse
                          		high
                          http://dblp.uni-trier.de/rec/bib/journals/cgf/ValletL08CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://dblp.uni-trier.de/rec/bib/journals/ewc/NivoliersYL14CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://sources.redhat.com/pthreads-win32/b%CPPlayer.exe, 00000003.00000002.3361556198.0000000006DB9000.00000002.00000001.01000000.0000000F.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://doi.acm.org/10.1145/77635.77639CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://dx.doi.org/10.1007/978-3-642-13411-1_18CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpfalse
                            		high
                            https://www.download.gilisoft.com/gs/video-editor.exeCPPlayer.exe, 00000003.00000000.2211867648.0000000000401000.00000020.00000001.01000000.00000003.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://dblp.uni-trier.de/rec/bib/journals/tog/LevyPRM02CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.id3lib.org/CPPlayer.exe, 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.GiliSoft.com/CPPlayer.exe, 00000003.00000000.2212391159.0000000001140000.00000002.00000001.01000000.00000003.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.indyproject.org/CPPlayer.exe, 00000003.00000002.3353931103.00000000033B7000.00000004.00001000.00020000.00000000.sdmp, CPPlayer.exe, 00000003.00000000.2211867648.000000000071A000.00000020.00000001.01000000.00000003.sdmpfalse
                              		high
                              http://dx.doi.org/10.1016/j.comgeo.2004.12.007CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpfalse
                                		high
                                http://dx.doi.org/10.1109/SMI.2006.21CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpfalse
                                  		high
                                  https://www.download.gilisoft.com/gs/copy-protect.exeCPPlayer.exe, 00000003.00000000.2211867648.0000000000401000.00000020.00000001.01000000.00000003.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://www.gilisoft.com/webtools/drm/srprocname.htmCPPlayer.exe, CPPlayer.exe, 00000003.00000002.3392005395.0000000010135000.00000002.00000001.01000000.00000004.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://dblp.uni-trier.de/rec/bib/journals/tog/EdelsbrunnerM90CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://dblp.uni-trier.deCPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://gilisoft.xyz/api2022/copyprotect/drmfingerprint/UCPPlayer.exe, 00000003.00000000.2211867648.0000000000401000.00000020.00000001.01000000.00000003.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://doi.acm.org/10.1145/2629697CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://www.download.gilisoft.com/gs/movie-dvd-creator.exeCPPlayer.exe, 00000003.00000000.2211867648.0000000000401000.00000020.00000001.01000000.00000003.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://sourceforge.net/u/hlbfgs/CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpfalse
                                    		high
                                    https://www.download.gilisoft.com/gs/video-editor-pro.exeCPPlayer.exe, 00000003.00000000.2211867648.0000000000401000.00000020.00000001.01000000.00000003.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.gilisoft.com/cart-video-drm-protection.htmlCPPlayer.exe, 00000003.00000000.2212391159.0000000001140000.00000002.00000001.01000000.00000003.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://dx.doi.org/10.1111/j.1467-8659.2012.03058.xCPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpfalse
                                      		high
                                      http://dblp.uni-trier.de/rec/bib/journals/cgf/MullenTAD08CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://github.com/LoicMarechal/libMeshbCPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpfalse
                                        		high
                                        https://gilisoft.xyz/api2022/copyprotect/gcpinvalidsn/gcpinvalidsn.jsonCPPlayer.exe, 00000003.00000000.2211867648.0000000000401000.00000020.00000001.01000000.00000003.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://dblp.uni-trier.de/rec/bib/conf/imr/LevyB12CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://gilisoft.xyz/api2022/copyprotect/gcpfingerprint/UCPPlayer.exe, 00000003.00000000.2211867648.0000000000401000.00000020.00000001.01000000.00000003.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://dblp.uni-trier.de/rec/bib/journals/tog/SokolovRUL16CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://dblp.uni-trier.de/rec/bib/conf/imr/Si06CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://dx.doi.org/10.1007/BFb0014497CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpfalse
                                          		high
                                          http://doi.acm.org/10.1145/1640443.1640444CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://doi.acm.org/10.1145/1141911.1142016CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://dblp.uni-trier.de/rec/bib/conf/imr/NivoliersYL11CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://doi.acm.org/10.1145/1559755.1559758CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://dblp.uni-trier.de/rec/bib/journals/comgeo/BoissonnatDPTY02CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://dblp.uni-trier.de/rec/bib/journals/tog/KazhdanH13CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://dx.doi.org/10.1016/S0925-7721(01)00054-2CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpfalse
                                            		high
                                            http://dblp.uni-trier.de/rec/bib/journals/cgf/LuLW12CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://dx.doi.org/10.1007/978-3-642-33573-0_21CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpfalse
                                              		high
                                              http://dblp.uni-trier.de/rec/bib/conf/compgeom/Shewchuk96CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://www.gilisoft.com/webtools/drm/srprocname.htmCPKernel.dllCurlNet.dllCURL_InitCURL_FreeCURL_GeCPPlayer.exe, 00000003.00000002.3392005395.0000000010135000.00000002.00000001.01000000.00000004.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://dx.doi.org/10.1137/S0036144599352836CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpfalse
                                                		high
                                                https://hal.inria.fr/inria-00344297CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://dx.doi.org/10.1007/978-3-540-76858-6_58CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpfalse
                                                  		high
                                                  https://www.thundershare.net/upload/drmpblack/drmfingerprint/CPPlayer.exe, 00000003.00000000.2211867648.0000000000401000.00000020.00000001.01000000.00000003.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://doi.acm.org/10.1145/142675.142747CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://doi.acm.org/10.1145/2930662CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://dblp.uni-trier.de/rec/bib/journals/tog/RaySL16CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://dx.doi.org/10.1007/s00366-012-0291-9CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpfalse
                                                    		high
                                                    http://dx.doi.org/10.1016/j.cad.2011.09.004CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpfalse
                                                      		high
                                                      http://dx.doi.org/10.1142/S0129054102001047CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpfalse
                                                        		high
                                                        https://hal.inria.fr/inria-00344297/file/FPG_RNC8.pdfCPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://dblp.uni-trier.de/rec/bib/journals/toms/Si15CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://dblp.uni-trier.de/rec/bib/journals/ijfcs/DevillersPT02CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://dblp.uni-trier.de/rec/bib/conf/gmp/YanWLL10CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://html4/loose.dtdCPPlayer.exe, CPPlayer.exe, 00000003.00000002.3370928782.000000000A530000.00000040.00001000.00020000.00000000.sdmp, CPPlayer.exe, 00000003.00000003.2272903621.0000000008EFC000.00000004.00000020.00020000.00000000.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmp, CPPlayer.exe, 00000003.00000002.3477153739.000000006AD64000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000003.2286381991.0000000008967000.00000004.00000020.00020000.00000000.sdmp, CPPlayer.exe, 00000003.00000003.2297260812.0000000008EFD000.00000004.00000020.00020000.00000000.sdmp, CPPlayer.exe, 00000003.00000002.3379869403.000000000B089000.00000040.00001000.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://doi.acm.org/10.1145/777792.777824CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://github.com/ocornut/imguiCPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpfalse
                                                            		high
                                                            http://dblp.uni-trier.de/rec/bib/conf/isvc/ToledoLP07CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.openssl.org/VCPPlayer.exe, 00000003.00000003.2948135052.000000007EB20000.00000004.00001000.00020000.00000000.sdmp, CPPlayer.exe, 00000003.00000002.3542697057.000000006E66F000.00000040.00001000.00020000.00000000.sdmp, CPPlayer.exe, 00000003.00000003.2945769001.000000007EB44000.00000004.00001000.00020000.00000000.sdmp, CPPlayer.exe, 00000003.00000002.3396224761.0000000063469000.00000040.00001000.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://dblp.orgCPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpfalse
                                                                		high
                                                                https://dblp.org/rec/bib/journals/corr/MerigotMT17CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpfalse
                                                                  		high
                                                                  https://www.download.gilisoft.com/gs/dvd-ripper.exeCPPlayer.exe, 00000003.00000000.2211867648.0000000000401000.00000020.00000001.01000000.00000003.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://github.com/BrunoLevy/geogram/blob/main/LICENSECPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpfalse
                                                                    		high
                                                                    https://gilisoft.xyz/api2022/copyprotect/drmfingerprint/CPPlayer.exe, 00000003.00000000.2211867648.0000000000401000.00000020.00000001.01000000.00000003.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://.cssCPPlayer.exe, 00000003.00000002.3370928782.000000000A530000.00000040.00001000.00020000.00000000.sdmp, CPPlayer.exe, 00000003.00000003.2272903621.0000000008EFC000.00000004.00000020.00020000.00000000.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmp, CPPlayer.exe, 00000003.00000002.3477153739.000000006AD64000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000003.2286381991.0000000008967000.00000004.00000020.00020000.00000000.sdmp, CPPlayer.exe, 00000003.00000003.2297260812.0000000008EFD000.00000004.00000020.00020000.00000000.sdmp, CPPlayer.exe, 00000003.00000002.3379869403.000000000B089000.00000040.00001000.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://doi.acm.org/10.1145/1183287.1183297CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      http://dblp.uni-trier.de/rec/bib/journals/comgeo/FunkeMN05CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://gilisoft.xyz/api2022/copyprotect/gcpfingerprint/CPPlayer.exe, 00000003.00000000.2211867648.0000000000401000.00000020.00000001.01000000.00000003.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      http://dx.doi.org/10.1016/0010-4485(78)90110-0CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpfalse
                                                                        		high
                                                                        http://dx.doi.org/10.1007/978-3-642-24734-7_33CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpfalse
                                                                          		high
                                                                          http://www.openssl.org/support/faq.htmlCPPlayer.exe, 00000003.00000002.3396224761.0000000063281000.00000040.00001000.00020000.00000000.sdmp, CPPlayer.exe, 00000003.00000003.2943095308.000000007ECF0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://github.com/podofo/podofoCPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmpfalse
                                                                              		high
                                                                              http://dblp.uni-trier.de/rec/bib/journals/tog/RayVAL09CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              https://github.com/podofo/podofoProducerCreatorKeywordsSubjectCPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmpfalse
                                                                                		high
                                                                                http://dblp.uni-trier.de/rec/bib/journals/tog/LevyL10CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                http://dblp2.uni-trier.de/rec/bib/conf/compgeom/AmentaCR03CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                https://gilisoft.xyz/api2022/copyprotect/uploadren.php?file_fingerprint=%sCPPlayer.exe, 00000003.00000000.2211867648.0000000000401000.00000020.00000001.01000000.00000003.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                http://doi.acm.org/10.1145/2487228.2487237CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                http://dblp.uni-trier.de/rec/bib/journals/tog/LiuWLSYLY09CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                http://dx.doi.org/10.1007/978-3-540-34958-7_29CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpfalse
                                                                                  		high
                                                                                  http://dblp.orgCPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpfalse
                                                                                    		high
                                                                                    https://www.download.gilisoft.com/gs/free-video-drm-protection.exeCPPlayer.exe, 00000003.00000000.2211867648.0000000000401000.00000020.00000001.01000000.00000003.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    http://dblp.uni-trier.de/rec/bib/journals/tog/RayVLL08CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    http://www.GiliSoft.com/openUCPPlayer.exe, 00000003.00000000.2211867648.0000000000401000.00000020.00000001.01000000.00000003.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    http://dblp.uni-trier.de/rec/bib/conf/wacg/Shewchuk96CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    http://doi.acm.org/10.1145/237218.237337CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    http://w3.impa.br/~diego/software/rply/CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    http://dx.doi.org/10.1111/j.1467-8659.2008.01289.xCPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpfalse
                                                                                      		high
                                                                                      https://download.gilisoft.com/gs/video-converter-discovery-edition.exeCPPlayer.exe, 00000003.00000000.2211867648.0000000000401000.00000020.00000001.01000000.00000003.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      http://.jpgCPPlayer.exe, CPPlayer.exe, 00000003.00000002.3370928782.000000000A530000.00000040.00001000.00020000.00000000.sdmp, CPPlayer.exe, 00000003.00000003.2272903621.0000000008EFC000.00000004.00000020.00020000.00000000.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmp, CPPlayer.exe, 00000003.00000002.3477153739.000000006AD64000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000003.2286381991.0000000008967000.00000004.00000020.00020000.00000000.sdmp, CPPlayer.exe, 00000003.00000003.2297260812.0000000008EFD000.00000004.00000020.00020000.00000000.sdmp, CPPlayer.exe, 00000003.00000002.3379869403.000000000B089000.00000040.00001000.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://www.thundershare.net/upload/drmpblack/uploadren.php?file_fingerprint=%sCPPlayer.exe, 00000003.00000000.2211867648.0000000000401000.00000020.00000001.01000000.00000003.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        http://dblp.uni-trier.de/rec/bib/journals/cgf/YanLLSW09CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        http://dblp.uni-trier.de/rec/bib/journals/cj/Bowyer81CPPlayer.exe, 00000003.00000002.3477153739.000000006ABAD000.00000002.00000001.01000000.0000000E.sdmp, CPPlayer.exe, 00000003.00000002.3403830935.0000000068C27000.00000002.00000001.01000000.00000016.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown

                                                                                        World Map of Contacted IPs

                                                                                        • No. of IPs < 25%
                                                                                        • 25% < No. of IPs < 50%
                                                                                        • 50% < No. of IPs < 75%
                                                                                        • 75% < No. of IPs

                                                                                        Public IPs

                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                        8.8.8.8
                                                                                        		unknownUnited States
                                                                                        		15169GOOGLEUSfalse
                                                                                        128.138.140.44
                                                                                        		unknownUnited States
                                                                                        		104COLORADO-ASUSfalse
                                                                                        185.174.135.68
                                                                                        		unknownIran (ISLAMIC Republic Of)
                                                                                        		24768ALMOUROLTECPTfalse
                                                                                        148.251.107.246
                                                                                        		unknownGermany
                                                                                        		24940HETZNER-ASDEfalse
                                                                                        185.81.114.227
                                                                                        		unknownUnited Kingdom
                                                                                        		59711HZ-NL-ASGBfalse
                                                                                        23.227.178.53
                                                                                        		unknownUnited States
                                                                                        		29802HVC-ASUSfalse

                                                                                        General Information

                                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                                        Analysis ID:1577044
                                                                                        Start date and time:2024-12-17 22:13:13 +01:00
                                                                                        Joe Sandbox product:CloudBasic
                                                                                        Overall analysis duration:0h 9m 52s
                                                                                        Hypervisor based Inspection enabled:false
                                                                                        Report type:full
                                                                                        Cookbook file name:default.jbs
                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                        Number of analysed new started processes analysed:6
                                                                                        Number of new started drivers analysed:0
                                                                                        Number of existing processes analysed:0
                                                                                        Number of existing drivers analysed:0
                                                                                        Number of injected processes analysed:0
                                                                                        Technologies:
                                                                                        • HCA enabled
                                                                                        • EGA enabled
                                                                                        • AMSI enabled
                                                                                        Analysis Mode:default
                                                                                        Analysis stop reason:Timeout
                                                                                        Sample name:5.msi
                                                                                        Detection:MAL
                                                                                        Classification:mal88.troj.evad.winMSI@4/55@0/6
                                                                                        EGA Information:
                                                                                        • Successful, ratio: 100%
                                                                                        HCA Information:Failed
                                                                                        Cookbook Comments:
                                                                                        • Found application associated with file extension: .msi

                                                                                        Warnings

                                                                                        • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                                                        • Excluded IPs from analysis (whitelisted): 199.232.214.172, 13.107.246.63, 172.202.163.200
                                                                                        • Excluded domains from analysis (whitelisted): ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, wu-b-net.trafficmanager.net, fe3cr.delivery.mp.microsoft.com
                                                                                        • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                        • VT rate limit hit for: 5.msi

                                                                                        Simulations

                                                                                        Behavior and APIs

                                                                                        TimeTypeDescription
                                                                                        16:14:12API Interceptor1x Sleep call for process: msiexec.exe modified
                                                                                        16:15:02API Interceptor850x Sleep call for process: CPPlayer.exe modified
                                                                                        22:16:38AutostartRun: HKLM\Software\Microsoft\Windows\CurrentVersion\Run Advanced UModel Server C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exe

                                                                                        Joe Sandbox View / Context

                                                                                        IPs

                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                        128.138.140.44T8TY28UxiT.dllGet hashmaliciousUnknownBrowse
                                                                                          T8TY28UxiT.dllGet hashmaliciousUnknownBrowse
                                                                                            ExeFile (354).exeGet hashmaliciousUnknownBrowse
                                                                                              ExeFile (355).exeGet hashmaliciousUnknownBrowse
                                                                                                ExeFile (354).exeGet hashmaliciousUnknownBrowse
                                                                                                  ExeFile (355).exeGet hashmaliciousUnknownBrowse
                                                                                                    SecuriteInfo.com.Win32.TrojanX-gen.30886.16837.exeGet hashmaliciousUnknownBrowse
                                                                                                      SecuriteInfo.com.Win32.TrojanX-gen.30886.16837.exeGet hashmaliciousUnknownBrowse
                                                                                                        SecuriteInfo.com.Win32.TrojanX-gen.22797.26187.exeGet hashmaliciousUnknownBrowse
                                                                                                          SecuriteInfo.com.Win32.TrojanX-gen.22797.26187.exeGet hashmaliciousUnknownBrowse
                                                                                                            185.174.135.681.eGet hashmaliciousDanaBotBrowse
                                                                                                              1.e.msiGet hashmaliciousDanaBotBrowse
                                                                                                                1.e.msiGet hashmaliciousDanaBotBrowse
                                                                                                                  148.251.107.2461.eGet hashmaliciousDanaBotBrowse
                                                                                                                    1.e.msiGet hashmaliciousDanaBotBrowse
                                                                                                                      1.e.msiGet hashmaliciousDanaBotBrowse
                                                                                                                        185.81.114.2271.eGet hashmaliciousDanaBotBrowse
                                                                                                                          1.e.msiGet hashmaliciousDanaBotBrowse
                                                                                                                            1.e.msiGet hashmaliciousDanaBotBrowse
                                                                                                                              23.227.178.531.eGet hashmaliciousDanaBotBrowse
                                                                                                                                1.e.msiGet hashmaliciousDanaBotBrowse
                                                                                                                                  1.e.msiGet hashmaliciousDanaBotBrowse

                                                                                                                                    Domains

                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                    bg.microsoft.map.fastly.netfile.exeGet hashmaliciousRemcosBrowse
                                                                                                                                    • 199.232.214.172
                                                                                                                                    https://garfieldthecat.tech/Receipt.htmlGet hashmaliciousWinSearchAbuseBrowse
                                                                                                                                    • 199.232.210.172
                                                                                                                                    lavita.msiGet hashmaliciousBruteRatel, LatrodectusBrowse
                                                                                                                                    • 199.232.210.172
                                                                                                                                    mjjt5kTb4o.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                    • 199.232.214.172
                                                                                                                                    uEhN67huiV.dllGet hashmaliciousUnknownBrowse
                                                                                                                                    • 199.232.210.172
                                                                                                                                    Clienter.dll.dllGet hashmaliciousUnknownBrowse
                                                                                                                                    • 199.232.210.172
                                                                                                                                    Clienter.dll.dllGet hashmaliciousUnknownBrowse
                                                                                                                                    • 199.232.210.172
                                                                                                                                    Shipping Bill No6239999Dt09122024.PDF.jarGet hashmaliciousCaesium Obfuscator, STRRATBrowse
                                                                                                                                    • 199.232.214.172
                                                                                                                                    BwQ1ZjHbt3.batGet hashmaliciousUnknownBrowse
                                                                                                                                    • 199.232.214.172
                                                                                                                                    sEOELQpFOB.lnkGet hashmaliciousRedLineBrowse
                                                                                                                                    • 199.232.210.172

                                                                                                                                    ASNs

                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                    ALMOUROLTECPT1.eGet hashmaliciousDanaBotBrowse
                                                                                                                                    • 185.174.135.68
                                                                                                                                    sh4.elfGet hashmaliciousUnknownBrowse
                                                                                                                                    • 94.46.130.237
                                                                                                                                    xd.mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                                                    • 94.46.181.107
                                                                                                                                    https://adrianocarreira.com/team/index.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                    • 94.46.167.218
                                                                                                                                    https://mail.sapo.pt@www.bing.com/ck/a?!&&p=35b6df18bbec504aJmltdHM9MTcyNzIyMjQwMCZpZ3VpZD0yMDU5MDFlMi05N2Q5LTZjNjItMjIzNS0xNGU3OTY0MzZkZGMmaW5zaWQ9NTI5MQ&ptn=3&ver=2&hsh=3&fclid=205901e2-97d9-6c62-2235-14e796436ddc&u=a1aHR0cHM6Ly9ienNzLnB0L3dwLWNvbnRlbnQvcGx1Z2lucy9ibS1wYWdlYnVpbGRlci9pbmNfcGhwL3V4LXBiLXRoZW1lLWFqYXgucGhwIzp-OnRleHQ9Ynpzcy5wdA&ntb=1Get hashmaliciousUnknownBrowse
                                                                                                                                    • 94.46.183.96
                                                                                                                                    http://schneider.com.staffrecords-2024xsowi-dxeobyoji.aluminiosbarros.pt/Get hashmaliciousUnknownBrowse
                                                                                                                                    • 94.46.180.190
                                                                                                                                    http://nakheel.com.staffrecords-2024auaqc-iqodlfdhb.copypremium.com/?staffrecords/2024/=c2FiaWthLmFiaWRAbmFraGVlbC5jb20=Get hashmaliciousUnknownBrowse
                                                                                                                                    • 94.46.180.190
                                                                                                                                    1.e.msiGet hashmaliciousDanaBotBrowse
                                                                                                                                    • 185.174.135.68
                                                                                                                                    1.e.msiGet hashmaliciousDanaBotBrowse
                                                                                                                                    • 185.174.135.68
                                                                                                                                    Pedido de Cota#U00e7#U00e3o-241107.bat.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                    • 94.46.181.151
                                                                                                                                    HETZNER-ASDESetup.msiGet hashmaliciousVidarBrowse
                                                                                                                                    • 116.203.12.114
                                                                                                                                    https://6movies.stream/series/cobra-kai-80711/6-4/Get hashmaliciousUnknownBrowse
                                                                                                                                    • 136.243.81.150
                                                                                                                                    uEhN67huiV.dllGet hashmaliciousUnknownBrowse
                                                                                                                                    • 116.202.150.27
                                                                                                                                    JkICQ13OOY.dllGet hashmaliciousUnknownBrowse
                                                                                                                                    • 5.9.121.207
                                                                                                                                    JkICQ13OOY.dllGet hashmaliciousUnknownBrowse
                                                                                                                                    • 136.243.3.194
                                                                                                                                    https://alluc.co/watch-movies/passengers.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                    • 136.243.70.253
                                                                                                                                    https://aweitapp.com/zeng/advance/authGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                    • 144.76.181.177
                                                                                                                                    69633f.msiGet hashmaliciousVidarBrowse
                                                                                                                                    • 116.203.12.114
                                                                                                                                    236236236.elfGet hashmaliciousUnknownBrowse
                                                                                                                                    • 176.9.89.11
                                                                                                                                    dZKPE9gotO.exeGet hashmaliciousVidarBrowse
                                                                                                                                    • 116.203.12.114
                                                                                                                                    COLORADO-ASUShax.ppc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                    • 128.138.178.201
                                                                                                                                    T8TY28UxiT.dllGet hashmaliciousUnknownBrowse
                                                                                                                                    • 128.138.140.44
                                                                                                                                    T8TY28UxiT.dllGet hashmaliciousUnknownBrowse
                                                                                                                                    • 128.138.140.44
                                                                                                                                    ExeFile (354).exeGet hashmaliciousUnknownBrowse
                                                                                                                                    • 128.138.140.44
                                                                                                                                    ExeFile (355).exeGet hashmaliciousUnknownBrowse
                                                                                                                                    • 128.138.140.44
                                                                                                                                    ExeFile (354).exeGet hashmaliciousUnknownBrowse
                                                                                                                                    • 128.138.141.172
                                                                                                                                    ExeFile (355).exeGet hashmaliciousUnknownBrowse
                                                                                                                                    • 128.138.140.44
                                                                                                                                    gUJak0onLk.elfGet hashmaliciousUnknownBrowse
                                                                                                                                    • 128.138.132.102
                                                                                                                                    SecuriteInfo.com.Win32.TrojanX-gen.30886.16837.exeGet hashmaliciousUnknownBrowse
                                                                                                                                    • 128.138.141.172
                                                                                                                                    SecuriteInfo.com.Win32.TrojanX-gen.30886.16837.exeGet hashmaliciousUnknownBrowse
                                                                                                                                    • 128.138.140.44
                                                                                                                                    HZ-NL-ASGB1.eGet hashmaliciousDanaBotBrowse
                                                                                                                                    • 185.81.114.227
                                                                                                                                    1.e.msiGet hashmaliciousDanaBotBrowse
                                                                                                                                    • 185.81.114.227
                                                                                                                                    1.e.msiGet hashmaliciousDanaBotBrowse
                                                                                                                                    • 185.81.114.227
                                                                                                                                    JGWfssorui.dllGet hashmaliciousDanaBotBrowse
                                                                                                                                    • 185.117.90.36
                                                                                                                                    ElTZP4yjRG.dllGet hashmaliciousDanaBotBrowse
                                                                                                                                    • 185.117.90.36
                                                                                                                                    H6PtrbXJ9Q.dllGet hashmaliciousDanaBotBrowse
                                                                                                                                    • 185.117.90.36
                                                                                                                                    JGWfssorui.dllGet hashmaliciousDanaBotBrowse
                                                                                                                                    • 185.117.90.36
                                                                                                                                    ElTZP4yjRG.dllGet hashmaliciousDanaBotBrowse
                                                                                                                                    • 185.117.90.36
                                                                                                                                    H6PtrbXJ9Q.dllGet hashmaliciousDanaBotBrowse
                                                                                                                                    • 185.117.90.36
                                                                                                                                    Mj1o4aZG6y.dllGet hashmaliciousDanaBotBrowse
                                                                                                                                    • 185.117.90.36

                                                                                                                                    JA3 Fingerprints

                                                                                                                                    No context

                                                                                                                                    Dropped Files

                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                    C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exeWinIconMakerFreeSetup.msiGet hashmaliciousNetSupport RAT, LummaC, LummaC StealerBrowse
                                                                                                                                      C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPKernel.dllWinIconMakerFreeSetup.msiGet hashmaliciousNetSupport RAT, LummaC, LummaC StealerBrowse

                                                                                                                                        Created / dropped Files

                                                                                                                                        C:\Config.Msi\55060e.rbs

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                        File Type:data
                                                                                                                                        Category:modified
                                                                                                                                        Size (bytes):15606
                                                                                                                                        Entropy (8bit):5.820363499669372
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:wg1izfpCImczelKEwXICEwXjWGqfUwptx:l1izhBmcXEw5EwPqs2
                                                                                                                                        MD5:BA3EB4D5378B237203A9CE7FE0B64944
                                                                                                                                        SHA1:1FE7613D771EC779BF8BFA72FCA22013CD2D41CC
                                                                                                                                        SHA-256:9D1B96E4D9609B57898C35ED3BD9C1612245B776396D60DDD4EEE5B9E778F0F6
                                                                                                                                        SHA-512:BCC28497C31C49879A33905EC141B6C232818C142F18774A91A79B0CB55F3E251833413EDD01DD8362CECD4FC3A588E9C22570034F65A90E7C0AA9FC697CFCB2
                                                                                                                                        Malicious:false
                                                                                                                                        Reputation:low
                                                                                                                                        Preview:...@IXOS.@.....@..Y.@.....@.....@.....@.....@.....@......&.{E53ED465-6E91-4142-800E-A06FE3C79FE1}..Network RPM Ultimate..5.msi.@.....@.....@.....@........&.{BA80CBCF-0924-4E9E-98DE-172FF4F64F2A}.....@.....@.....@.....@.......@.....@.....@.......@......Network RPM Ultimate......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{A2986E4F-F9E9-251A-3827-EDA13795E988}&.{E53ED465-6E91-4142-800E-A06FE3C79FE1}.@......&.{032788E3-36A3-34D4-554A-C815C01DB495}&.{E53ED465-6E91-4142-800E-A06FE3C79FE1}.@......&.{6EE06EC0-601C-988C-0525-4CC5A3689EAC}&.{E53ED465-6E91-4142-800E-A06FE3C79FE1}.@......&.{308E3780-4F72-918E-E9C2-C63B6D9AB0E3}&.{E53ED465-6E91-4142-800E-A06FE3C79FE1}.@......&.{9E7BB73E-3236-31C3-41E2-769661A25AAA}&.{E53ED465-6E91-4142-800E-A06FE3C79FE1}.@......&.{9F17222B-721D-6F25-BF71-0BE010964F25}&.{E53ED465-6E91-4142-800E-A06FE3C79FE1}.@......&.{A19DE4F6-578A-7366-E88A-9681C769C15C}&.{E53ED465

                                                                                                                                        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                        File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):71954
                                                                                                                                        Entropy (8bit):7.996617769952133
                                                                                                                                        Encrypted:true
                                                                                                                                        SSDEEP:1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
                                                                                                                                        MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
                                                                                                                                        SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
                                                                                                                                        SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
                                                                                                                                        SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
                                                                                                                                        Malicious:false
                                                                                                                                        Reputation:high, very likely benign file
                                                                                                                                        Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

                                                                                                                                        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                        File Type:data
                                                                                                                                        Category:modified
                                                                                                                                        Size (bytes):328
                                                                                                                                        Entropy (8bit):3.2394988199912085
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:6:kKvdMD9UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:XjDImsLNkPlE99SNxAhUe/3
                                                                                                                                        MD5:933A511A4C7D2383A56B1A17AE9912CB
                                                                                                                                        SHA1:8F14C69AF20E051A8089D815C340990A002FBC4F
                                                                                                                                        SHA-256:2F5CEA4351B40FCC1B94D2A23F318DC0A8C34A88F9C1AB2F8EB50C8DAB70181F
                                                                                                                                        SHA-512:E0FA9835910FB27F7B9560B72F7F58437190699428C0D58FBD19ED754176630223C8A8BE5A9248162C309F5016565907B9277A7A5678FC3014D9F37BAEE8B3E1
                                                                                                                                        Malicious:false
                                                                                                                                        Reputation:low
                                                                                                                                        Preview:p...... ..........i..P..(....................................................... ........G..@.......&......X........h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

                                                                                                                                        C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\AbBugReporter.dll

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):2588160
                                                                                                                                        Entropy (8bit):6.849864190688053
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:49152:0nlyP3OS3ZbP4iaYRTqxVuVx1paVU/4hhmP9ZhToNWJC:l3OS3+iaYRTNx4Q4h
                                                                                                                                        MD5:FA8E032C59ABAB6B4EEA2102EC8EC9C7
                                                                                                                                        SHA1:B33F3975B7432707CFB0029D3215BB1DB71BC7BD
                                                                                                                                        SHA-256:DA8B9F561020F36729342796BA4CE4925510AB012CE81568E8E911F15B10E2D6
                                                                                                                                        SHA-512:C6B948EB7A35B6D303ACEB456CDCF0D66E90075AF27578BCCA247AAF8060DB346BEE783656FDBADCAB182C22429539E90C87F5E6032E386A1FC2AFC156C8BBF8
                                                                                                                                        Malicious:false
                                                                                                                                        Reputation:low
                                                                                                                                        Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$..............................q..........@.....@.....@.....@..?...5@.....5@.....7@......7@...............m...5@.....5@.....5@.....5@.....Rich............PE..L...'Z[g...........!...*.\...........,.......p...............................0,...........@.........................ph%.T....h%......0+......................@+..............................z$......y$.@............p...............................text....[.......\.................. ..`.rdata.......p.......`..............@..@.data.........%......l%.............@....rsrc........0+.......&.............@..@.reloc.......@+.......&.............@..B................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPKernel.dll

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):3371008
                                                                                                                                        Entropy (8bit):6.600784041027242
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:49152:Wazpv88SP1oMK4Tce0/4j97vcT7prFOVhNHS2r:vV81oMKh/CRUTdBA
                                                                                                                                        MD5:00098438AB2CC364CE45D98902FB2B2A
                                                                                                                                        SHA1:2A88A24A659F9A7962A4B6602B96D12249D2C790
                                                                                                                                        SHA-256:BFFEA8BDB7811B3D52473C07EF2C539DCAC00DF6BCE60C7CAFEBF8C7BEEFA52B
                                                                                                                                        SHA-512:CA430AD171F53BBF3E7D670A9BA2961E3A0777ABB640FA64CB722A1EB434F4C86BB71E2B3F6BE9F1E3081E13A21FB38FB491A53134E9AC84F71C5FEC237ABF5B
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Joe Sandbox View:
                                                                                                                                        • Filename: WinIconMakerFreeSetup.msi, Detection: malicious, Browse
                                                                                                                                        Reputation:low
                                                                                                                                        Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$..................(.<....(.>.%..(.?....$....c.....t......>...................N......^.....................9.....9.....9.....9.2....9.....Rich...........PE..L...I.^e...........!.....*...44.....$........P................................H.....................................0.................F.......................F..E...d..T............................e..@............P..P............................text............................... ..`.text.unT$... ...&.................. ..`.rdata..>a...P...b...0..............@..@.data............$..................@....eh_fram......+.....................@..@.debug_i.3....,..4...z..............@..B.debug_a......:.......&.............@..B.debug_lg.....;......:'.............@..B.debug_aH....pC......./.............@..B.debug_rH.....C......"/.............@..B.debug_lW.....D.......0.............@..B

                                                                                                                                        C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exe

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):18116600
                                                                                                                                        Entropy (8bit):7.746030391364501
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:393216:x3KolWrVlcIVp0+UCsXHswsiakyqTtDG5:sUI/0+n83H7Q
                                                                                                                                        MD5:B39FB3CF854F8628C2F38298E0965687
                                                                                                                                        SHA1:5931C9F88231E2CBB86010224A4D8604809E7FC7
                                                                                                                                        SHA-256:FA203E315D9CF5190DA708DEA03FF34C1DF172C992DF671AA3DB2F5513A70D76
                                                                                                                                        SHA-512:133C98145E4BC2012198593BFE23C0B3B965A69E3BEC7EAB4718832DAF9013CBE96F040ACD64EA0B1D46631EF96C1F779B7F0D5B1B5CA32C14B20C5B8995C2B2
                                                                                                                                        Malicious:true
                                                                                                                                        Yara Hits:
                                                                                                                                        • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exe, Author: Joe Security
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                                        Joe Sandbox View:
                                                                                                                                        • Filename: WinIconMakerFreeSetup.msi, Detection: malicious, Browse
                                                                                                                                        Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...ZS.e..................1..B........2.......2...@..........................@......;d...........@....................3.......3..5....8..............>...1....4.T.............................4.....................\.3.0.....3......................text.....1.......1................. ..`.itext..D'....1..(....1............. ..`.data.........2.......1.............@....bss.........2..........................idata...5....3..6....2.............@....didata.......3.......3.............@....edata........3.......3.............@..@.tls....D.....3..........................rdata..].....4.......3.............@..@.reloc..T.....4.......3.............@..B.rsrc.........8.......7.............@..@.............@.......>..............@..@................

                                                                                                                                        C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\DLCs\Flowchart.wav

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                        File Type:RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):3294764
                                                                                                                                        Entropy (8bit):7.285019256157027
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:49152:B3MSGT1qT/8PNjBb6D1msCZxaDUmW980pUEoZ/YwsjGfPfDy6ov6:WStT/8jWmZxaDUmu80SFZwwsifPe6c
                                                                                                                                        MD5:E40AF5AC09A8DE7545C08C7E0974B722
                                                                                                                                        SHA1:FB192236467752653D6F9B30299C614B6C63B6E2
                                                                                                                                        SHA-256:5631E834667779FBD7A4389D602E60EDFDDE67912056C7E0D8A28DCAF5E6A58F
                                                                                                                                        SHA-512:AE720D52367874AAB0D86601DCA479F48C210ED709EC98E4C154448E87A41585D434CC825EDE177162D31491919254425ADA77A03ED140ACB139B8AB86B9D812
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:RIFF$F2.WAVEfmt ........D...........data.F2.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\GImageView.dll

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):556544
                                                                                                                                        Entropy (8bit):6.737042147462515
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:6144:k8pne7BI8gmXqBWb21ZLK/9eJVobNfQv3vCJYmS2N1ss9+NowV21Xgv8pTBJ0AOn:Tne6800G49eEb7JYmXVzZ5pTr0R
                                                                                                                                        MD5:3E837B82501AA2F90CC774890656D02B
                                                                                                                                        SHA1:A62E967C006F6BF77FBE489B01EA30993E55FE5D
                                                                                                                                        SHA-256:C85CA44B1FF1AD0AF0CA3DAF5F2302498846F3FDC2F48C6C7262F08280C6F5FC
                                                                                                                                        SHA-512:A4A55FC0EF6AE87C5C73489993E2DC6E0E36F783DE79DD7894966DF3EBE13AE8341A5FE15DD0E26C72865B4A936247F34B08342769EDD0A94BA2B90164B0D27D
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............A...A...A.. A...A..1A...A..'AY..A.E.A...A...A.A...A...A..6A...A..5A...ARich...A................PE..L...d..W...........!.........h...............0.......................................I....@.........................@D.......<..(................................&...1...............................................0..`............................text............................... ..`.rdata.......0......................@..@.data....>...P.......,..............@....rsrc................F..............@..@.reloc..25.......6...H..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\ImageZoom.dll

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):289792
                                                                                                                                        Entropy (8bit):6.636622409397246
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:3072:QCAH/7FulSeSsCbO1nSKK6tkRe/dQ2F/gXKaghdCl51ykyRbFiUQOr3XH53C/iU:ewlXSXizRT/dV/hag7XhBJQA
                                                                                                                                        MD5:B01A100820095DC05FDAA0D1C3B5CA14
                                                                                                                                        SHA1:70AF3C7337248CD4DC8C65D5BA1D18D3FBA926B0
                                                                                                                                        SHA-256:EE7205FA96539F9D9E62F5A403A06004C6C7235B7CAEE368DCB0DB3A765C21AD
                                                                                                                                        SHA-512:883891959202294EDCEB3A6360F450182D59E097BB4B0F9FE18B5316C6591AEE04D0CD5BF01C1B23D1727B59EEEE7C148E56EEA2A7436902170993318386933A
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........U...4...4...4...4...4...L...4.."....4..`{...4...L...4...4..G4.......4...L...4...L..g4...L...4...L...4..Rich.4..........PE..L...x./e...........!.................>..............................................gn....@......................... >..f....2.......................................................................+..@............... ............................text............................... ..`.rdata..............................@..@.data....0...@.......&..............@....rsrc................<..............@..@.reloc...-...........>..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\Interview.bak

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                        File Type:data
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):5774789
                                                                                                                                        Entropy (8bit):7.999327769708052
                                                                                                                                        Encrypted:true
                                                                                                                                        SSDEEP:98304:PK6W9LYjxQ1lOB38a7APn7HG8T93gboTaEBDvKY4dDtAzSOzoa5ZJkg39Qz5TgNH:PjAOQXuun7mWlRBDP4dDw/zN5ogGze
                                                                                                                                        MD5:C8108F8BB17E1E52AAC2CB065F90C3D6
                                                                                                                                        SHA1:7D5C4E9E5ADEFB3AEF87DBD46C113E8EC1049E0B
                                                                                                                                        SHA-256:482BB90008736D173CD8E1F9ACD62FEE6FC9F14144A0312DA47E1D81D99A8A29
                                                                                                                                        SHA-512:2618A7282DFD309B68F623C7D4459581C447B8D76666BD805C8A321C5DFFE7856E0CD5B3871525F8AFA0D87DDB64647D539F6F57BB2D2044DE32406A30BCFFCA
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:..|...``.../g7.rW...................................1012546698.?=<>1! #qPTWI[\w~H_[.52PRUTVVYX._]\^VA@Cvr|.upzyNMLOOqps.ptwwqx{zKNFOUUZQ`dgfhhkj.ion.............q.......................\........................\......................./...............................................................;;;89?;<<0324476.=;:<4?>!IMV@VIGE&+*--/.Q.VRUU_VYXokiknfquLBEDFFIH.OMLNFqps........j}|..a`c.`dgaahkjQlon............i...................................................................e................U........................p.6.I.b.j.t.s.z.u._.v.f...n.....$032.276;.;:=.?N!R#M%C'T)I+G-H/OQ$S3UqW.Y-[)]3_0A%C6E.G2I)K9M'OVqpsrutw.|x{z}|.~x`cb}dgf.mkjlfon............................................'.............................................j..........................v##|!ln|}mijhmz{9yf5w...........11.254.N.Y...~^.E....B..O.....jjab`abd6.l.km..ji_@CB]DGF.MKJLnONq$? ..0 ..6;:.%5-.-'].Q.#1._X.................................................................J............

                                                                                                                                        C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):524
                                                                                                                                        Entropy (8bit):5.024125169592838
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:12:TMHdtXBFN8u3/3XO5WSN4dKF+MHlVI4gVW/wnbE0xSxHyG:2dtXD+u/eVN40+sVI4gAwngJ
                                                                                                                                        MD5:6BB5D2AAD0AE1B4A82E7DDF7CF58802A
                                                                                                                                        SHA1:70F7482F5F5C89CE09E26D745C532A9415CD5313
                                                                                                                                        SHA-256:9E0220511D4EBDB014CC17ECB8319D57E3B0FEA09681A80D8084AA8647196582
                                                                                                                                        SHA-512:3EA373DACFD3816405F6268AC05886A7DC8709752C6D955EF881B482176F0671BCDC900906FC1EBDC22E9D349F6D5A8423D19E9E7C0E6F9F16B334C68137DF2B
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>.. Copyright (c) Microsoft Corporation. All rights reserved. -->..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <noInheritable/>.. <assemblyIdentity.. type="win32".. name="Microsoft.VC90.CRT".. version="9.0.21022.8".. processorArchitecture="x86".. publicKeyToken="1fc8b3b9a1e18e3b".. />.. <file name="msvcr90.dll" /> <file name="msvcp90.dll" /> <file name="msvcm90.dll" />..</assembly>..

                                                                                                                                        C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\Microsoft.VC90.CRT\msvcm90.dll

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):224768
                                                                                                                                        Entropy (8bit):6.040336415310379
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:6144:ge7iXDX5qmzXOZc/cU4HqsKvts6tifkglMqbO0YLJbc89XTiuq5Kz3OaOyp:ge7iXVDzXOGJb5XTiuq5Kz+
                                                                                                                                        MD5:4A8BC195ABDC93F0DB5DAB7F5093C52F
                                                                                                                                        SHA1:B55A206FC91ECC3ADEDA65D286522AA69F04AC88
                                                                                                                                        SHA-256:B371AF3CE6CB5D0B411919A188D5274DF74D5EE49F6DD7B1CCB5A31466121A18
                                                                                                                                        SHA-512:197C12825EFA2747AFD10FAFE3E198C1156ED20D75BAD07984CAA83447D0C7D498EF67CEE11004232CA5D4DBBB9AE9D43BFD073002D3D0D8385476876EF48A94
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........3...`...`...`..{`...`..~`...`..}`...`.@.`...`.j.`...`...`<..`..k`...`..l`..`..z`...`..|`...`..y`...`Rich...`........PE..L....=1G...........!.....:...................P....?x.........................0.......L....@..........................1..4....%..d...............................d...P...............................P...@...............(...........p...H............text....8.......:.................. ..`.data...|....P.......>..............@....rsrc................H..............@..@.reloc...!......."...L..............@..B........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\Microsoft.VC90.CRT\msvcp90.dll

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):568832
                                                                                                                                        Entropy (8bit):6.529348877830445
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:12288:iUmYoJC//83zMHZg7/yToyvYXO84hUgiW6QR7t5C3Ooc8SHkC2eRZRzS:iUmYoO83W0y8yeO8L3Ooc8SHkC2e8
                                                                                                                                        MD5:6DE5C66E434A9C1729575763D891C6C2
                                                                                                                                        SHA1:A230E64E0A5830544A25890F70CE9C9296245945
                                                                                                                                        SHA-256:4F7ED27B532888CE72B96E52952073EAB2354160D1156924489054B7FA9B0B1A
                                                                                                                                        SHA-512:27EC83EE49B752A31A9469E17104ED039D74919A103B625A9250AC2D4D8B8601034D8B3E2FA87AADBAFBDB89B01C1152943E8F9A470293CC7D62C2EEFA389D2C
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........?..qQ.qQ.qQ..*.qQ.#..qQ.qP..qQ..>..qQ.#..qQ.#..qQ.#..qQ.#..qQ.#..qQ.#..qQ.Rich.qQ.................PE..L....=1G...........!.....$...p......B........@....Hx................................`.....@.........................@C......d8..<....p...................$......D2...................................$..@............................................text...!#.......$.................. ..`.data...h&...@.......(..............@....rsrc........p.......B..............@..@.reloc...B.......D...F..............@..B........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\Microsoft.VC90.CRT\msvcr90.dll

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):655872
                                                                                                                                        Entropy (8bit):6.890160476095281
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:12288:whr4UCeaHTA80gIZ4BgmOEGVN9vtI0E5uO9FAOu8axTFmRyyrRzS:ga2g5gmO791I0E5uO9FANpmRyyg
                                                                                                                                        MD5:E7D91D008FE76423962B91C43C88E4EB
                                                                                                                                        SHA1:29268EF0CD220AD3C5E9812BEFD3F5759B27A266
                                                                                                                                        SHA-256:ED0170D3DE86DA33E02BFA1605EEC8FF6010583481B1C530843867C1939D2185
                                                                                                                                        SHA-512:C3D5DA1631860C92DECF4393D57D8BFF0C7A80758C9B9678D291B449BE536465BDA7A4C917E77B58A82D1D7BFC1F4B3BEE9216D531086659C40C41FEBCDCAE92
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......O...a...a...a..,....a...a...a...3)..`...3?.^a...3...a...38..a...3>..a...3;..a..Rich.a..................PE..L....=1G...........!.....Z..........@-.......p....Rx.........................0............@.........................`....|......(........................$.......3......................................@............................................text....X.......Z.................. ..`.data....g...p...D...^..............@....rsrc...............................@..@.reloc...7.......8..................@..B........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\Microsoft.VC90.MFC\Microsoft.VC90.MFC.manifest

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):548
                                                                                                                                        Entropy (8bit):5.016046602668665
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:12:TMHdtXBFN8u3/3XO5WSN4dKF+nVI4gVW/wnbEJRxJ0xoxF2G:2dtXD+u/eVN40+nVI4gAwnAt
                                                                                                                                        MD5:CE3AB3BD3FF80FCE88DCB0EA3D48A0C9
                                                                                                                                        SHA1:C6BA2C252C6D102911015D0211F6CAB48095931C
                                                                                                                                        SHA-256:F7205C5C0A629D0CC60E30E288E339F08616BE67B55757D4A403A2B54E23922B
                                                                                                                                        SHA-512:211E247EA82458FD68BCC91A6731E9E3630A9D5901F4BE4AF6099AD15A90CAF2826E14846951FDD7D3B199994FD3AC97CA9E325CF0DFEB9474AEA9B0D6339DD3
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>.. Copyright (c) Microsoft Corporation. All rights reserved. -->..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <noInheritable/>.. <assemblyIdentity.. type="win32".. name="Microsoft.VC90.MFC".. version="9.0.21022.8".. processorArchitecture="x86".. publicKeyToken="1fc8b3b9a1e18e3b".. />.. <file name="mfc90.dll" /> <file name="mfc90u.dll" /> <file name="mfcm90.dll" /> <file name="mfcm90u.dll" />..</assembly>..

                                                                                                                                        C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\Microsoft.VC90.MFC\mfc90.dll

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):1156600
                                                                                                                                        Entropy (8bit):6.52546095742681
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:24576:HMh/PZa3TrShmbjRbf/zxUK4BpifCqY5TcB2sQL+XmDOl:HMh/PZa3HTjtFUKwhqY5TcyL+XmE
                                                                                                                                        MD5:462DDCC5EB88F34AED991416F8E354B2
                                                                                                                                        SHA1:6F4DBB36A8E7E594E12A2A9ED4B71AF0FAA762C1
                                                                                                                                        SHA-256:287BD98054C5D2C4126298EE50A2633EDC745BC76A1CE04E980F3ECC577CE943
                                                                                                                                        SHA-512:35D21E545CE6436F5E70851E0665193BB1C696F61161145C92025A090D09E08F28272CBF1E271FF62FF31862544025290E22B15A7ACDE1AEA655560300EFE1EC
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........C.R."..."..."......"......."......"...p^.."..\m[.."...pX.."...pN.."...pI.."......"..."...!...pG.>"...p_.."...pY.."...p\.."..Rich."..................PE..L....`1G...........!.....T...N......C+.......p....^x................................g.....@..............................f......x.......x................#.......... ..................................@...............@...........................text....R.......T.................. ..`.data....j...p...H...X..............@....rsrc...x...........................@..@.reloc...1.......2...P..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\Microsoft.VC90.MFC\mfc90u.dll

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):1162744
                                                                                                                                        Entropy (8bit):6.531289155070338
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:24576:ACmuzoNEIkc0FV/IvA+hJpHgbe18MVc/AKDbZOUWJGLaDenEKH:AC9zoNEIkbFV/IvA+hJyq1FVc/FDbZOQ
                                                                                                                                        MD5:B9030D821E099C79DE1C9125B790E2DA
                                                                                                                                        SHA1:79189E6F7887CA8F41FB17603BD9C2D46180EFCF
                                                                                                                                        SHA-256:E30AABB518361FBEAF8068FFC786845EE84ABBF1F71AE7D2733A11286531595A
                                                                                                                                        SHA-512:2E1EBCBE595C5A1FE09F5933D4BA190081EF343EA313725BB0F8FCBF98079A091AB8C0465EF437B310A1753FFC2D48D9D70EC80D773E7919A6485EF730E93EA1
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...........Y...Y...Y...~H.X......X...~H..I...G.>.[.....;.X...G.8.R...G...F...G.).P...~H.P...Y...;...G.'.....G.?.X...G.9.X...G.<.X...RichY...........................PE..L...*`1G...........!.....j...P......a@.............x.................................x....@.........................P....g......x........................#......h.......................................@...............<............................text...kh.......j.................. ..`.data....l.......J...n..............@....rsrc...............................@..@.reloc...1.......2...h..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\Microsoft.VC90.MFC\mfcm90.dll

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):59904
                                                                                                                                        Entropy (8bit):6.049630833293433
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:768:kXS5hxqhOz9XNpOb/AXVuips6Pm550971BVO5nkcwo5ArrwlyQ6mrCHrO1MquTSU:kC/IMZHO0lu+s60VwvrrDmrCrO1HuTR
                                                                                                                                        MD5:D4E7C1546CF3131B7D84B39F8DA9E321
                                                                                                                                        SHA1:6B096858723C76848B85D63B4DA334299BECED5B
                                                                                                                                        SHA-256:C4243BA85C2D130B4DEC972CD291916E973D9D60FAC5CEEA63A01837ECC481C2
                                                                                                                                        SHA-512:4383E2BC34B078819777DA73F1BD4A88B367132E653A7226ED73F43E4387ED32E8C2BCAFD8679EF5E415F0B63422DB05165A9E794F055AA8024FE3E7CABC66B9
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(<.hFo.hFo.hFo..+o.hFo..=o.hFo.:.o.hFo9'.o.hFo.:.o.hFo.:.o.hFo..=o.hFo.hGo.hFo.:.o.hFo.:.o.hFo.:.o.hFo.:.o.hFoRich.hFo................PE..L...X`1G...........!.....:..........rG.......P.....x.........................0............@.................................L................................ .......R...............................S..@............P..,............R..H............text....8.......:.................. ..`.rdata..^....P.......>..............@..@.data...............................@....rsrc...............................@..@.reloc..n.... ......................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\Microsoft.VC90.MFC\mfcm90u.dll

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):59904
                                                                                                                                        Entropy (8bit):6.048382351359956
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:768:Q2q4fSp3W9sHSIeXNKIv3dJcZqXIq9BVO5nOC6u58rrYlyQRvVFtTiO1lqNkdZ:9TqpwsH1eTJWZv6FrrsNFtmO1oNk
                                                                                                                                        MD5:371226B8346F29011137C7AA9E93F2F6
                                                                                                                                        SHA1:485DE5A0CA0564C12EACC38D1B39F5EF5670A2E2
                                                                                                                                        SHA-256:5B08FE55E4BBF2FBFD405E2477E023137CFCEB4D115650A5668269C03300A8F8
                                                                                                                                        SHA-512:119A5E16E3A3F2FF0B5ACB6B5D5777997102A3CAE00D48C0F8921DF5818F5FBDA036974E23C6F77A6B9380C6A1065372E70F8D4E665DFD37E5F90EB27DB7420C
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(<.hFo.hFo.hFo..+o.hFo..=o.hFo.:.o.hFo9'.o.hFo.:.o.hFo.:.o.hFo..=o.hFo.hGo.hFo.:.o.hFo.:.o.hFo.:.o.hFo.:.o.hFoRich.hFo................PE..L...Y`1G...........!.....:..........rG.......P.....x.........................0......Ko....@.................................|................................ .......R...............................T..@............P..,............R..H............text....8.......:.................. ..`.rdata.......P.......>..............@..@.data...P...........................@....rsrc...............................@..@.reloc..n.... ......................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\Microsoft.Windows.Common-Controls\comctl32.dll

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):1054208
                                                                                                                                        Entropy (8bit):6.044183195357732
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:12288:eQ/l0cg4oP3iFxiu7iojd3Gp6Yv4aiBjYUnApVccsafw32+pNmU8c6f8VPtXobJq:eQAl/iFiODBjYUApVQafw32+mQ6x
                                                                                                                                        MD5:2E641E9DF345D202726EB2DAF9D3F453
                                                                                                                                        SHA1:325740FE6A4F7A968F0839126ADB1706D11697F0
                                                                                                                                        SHA-256:B4C2DD5DA4BA9CC4AA79CDEF49C1C0E54E8E38C087A068970E59947269A9C070
                                                                                                                                        SHA-512:F2457243BD9D49E0C523727B6DC6DB3B1B8BF98BB866CB20C3B14207E72BEF0865D56798D06A818FB4F6BB63F884EE489354D53F01B8EB1FE62E8E30D9624DB5
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......QV'..7I..7I..7I..8...7I..8F..7I..7H..5I..8...7I..8...7I..8)..7I..8.._7I..8...7I.Rich.7I.........................PE..L...l..H...........!................VB....... .....w.........................0.......M..............................P.......h........0...........................T..................................p>..@............................................text...J........................... ..`.data...P.... ......................@....rsrc........0......................@..@.reloc..(^.......`..................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\Plan35.dll

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):33215232
                                                                                                                                        Entropy (8bit):6.66877578017908
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:196608:N70MMHGdy7csP3/ei6iRLXVbVdmRK8stiXitxV41cU5Gy4bi3o7j9Z3zBmP2k0Lk:NYMxdy7Cgl/Q1nGv/zBfkMFGx
                                                                                                                                        MD5:549D30B19C8D8EEC01A9CD763D4DF4E7
                                                                                                                                        SHA1:9F34281FDEC1DC0E921B0562FD993C41186C9352
                                                                                                                                        SHA-256:A2899A971B0D1824A4B1D613CC7887E08B42CEE79259F98458C3DCCF48A0C07F
                                                                                                                                        SHA-512:B6280D118D861BAC85E12E86C7A3F2231F660DD47EFDDF14E46EF0FE54EF44F20C1730AF56AA678816C16BC7EC8822FEB00B9528D3C5915444F1DE5FBDF3C115
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.........#..zM..zM..zM..N..zM..H.-zM..I..zM......zM...I..zM...N..zM...H.ezM..zM.zM.v.I..zM.v.H..{M.t.I..~M.t.H.EzM..L..zM..zL.{M.v.D..zM.v.M..zM.v....zM.v.O..zM.Rich.zM.........PE..L...9Z[g...........!...*......F.....K.......................................0......\.....@......................... ...,...L............................'......8.......................................@..............|............................text............................. ..`.rdata..(.0......0.................@..@.data...............................@....rsrc................:..............@..@.reloc..8...........................@..B........................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\Player.dll

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):86528
                                                                                                                                        Entropy (8bit):6.527182020988479
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:1536:19Ahrkl6eZrkmEWyUJGrHbP7ITIqVdDVpEdCPO5+L1:19Ahr7qESKAIm3cD501
                                                                                                                                        MD5:08C68E4121CEEAC71745015BF17126CC
                                                                                                                                        SHA1:103792AB800377092AABEFBF4B94D0A882AFDC3C
                                                                                                                                        SHA-256:E18254DD1E074EB57971D91AB62502611DEE96ABA1203F2B21810D8D0E761B3A
                                                                                                                                        SHA-512:D66C9DB8A876260F4B86604DD71A52B72DD91D79B7D1DA711C45577B0DDDBDA8E46802F6184C2CD63A202F58CDB04D51DA865968B7B203B8C5C2A76A8CFB5BCE
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......gy.f#..5#..5#..5.W.5"..5*`.5...5*`.57..5.q.4!..5*`.5!..5...5'..5...5$..5#..5...5*`.5Q..5*`.5"..5*`.5"..5Rich#..5................PE..L....8.e...........!.........^.......H...............................................................................4.......(.......p...............................................................#..@...............|............................text............................... ..`.rdata...5.......6..................@..@.data....-...@.......*..............@....rsrc........p.......<..............@..@.reloc...............>..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\SDL2.dll

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):1213440
                                                                                                                                        Entropy (8bit):6.47694118217518
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:24576:F696vOhH+P+yOpO4wDV6uRpjOeeIMIEqGa+dAGGQI/uGJy4d5CWVM86g0:496vOhH+P+yOpO4wDV6uRpjOeeIMIEqW
                                                                                                                                        MD5:71E603E402AFD0FDBA84A781C9934446
                                                                                                                                        SHA1:B3A529F7E470E478A77404846D17C1AD2FF017CB
                                                                                                                                        SHA-256:5FF3186465A347CE8A13991FDB659F77EE21AE5DC9813B9FB2AADAFDA8A86491
                                                                                                                                        SHA-512:45ABA98B564E4C18BC8FCCB71AD4CF1F03770A916C074C1CBF8546F1385DBA6E041C67FD870F792A5EEC233B8D19BBBE4C4D047015266AC5C060CAF037AF9C28
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~...:q.T:q.T:q.T...T9q.T...T/q.T:q.T.q.T3..T.q.T3..T;q.T$#.T;q.T3..T;q.TRich:q.T........................PE..L...= QY...........!.....L...4.......L.......`......................................$"....@......................... ...q?...........P.......................`..Tq...................................................`...............................text...pK.......L.................. ..`.rdata.......`.......P..............@..@.data........0......................@....rsrc........P......................@..@.reloc...v...`...x..................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\SharpWnd.dll

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):287744
                                                                                                                                        Entropy (8bit):6.271270315552561
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:6144:TWqIAbKFrnrlZy7y3aXkNdCLuSulFN3glY82NoSf:SvrlaXkCKSwFN3glHQ
                                                                                                                                        MD5:A555F73041756D249093A1D6A6F28448
                                                                                                                                        SHA1:BC75A0047342FB157047C19193C02A8149187656
                                                                                                                                        SHA-256:2AD9292C875CB8B71A437B0DA803D07867D2ED8DEAE4568F2BE1F623755D5B60
                                                                                                                                        SHA-512:CB2166FCF3A73E60FEF9B90102F6ABA3A913CC0E84CA0A5C4CD43C52D21AD1696040215B302D2A46D61599024679CB2477FDAFFEDCC88396AE9C7FF1C649C84D
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............s..s..s.*....s.....s.....s..r...s.....s......s......s.....s.....s.....s.....s.....s.Rich..s.................PE..L...*..[...........!.................................................................a....@......................... .......t........ ..00...................`...,...................................J..@...............H....~..@....................text............................... ..`.rdata..............................@..@.data...8`.......$..................@....rsrc...00... ...2..................@..@.reloc...x...`...z..................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\Support\Test.db

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exe
                                                                                                                                        File Type:data
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):5775011
                                                                                                                                        Entropy (8bit):7.999328066568721
                                                                                                                                        Encrypted:true
                                                                                                                                        SSDEEP:98304:mK6W9LYjxQ1lOB38a7APn7HG8T93gboTaEBDvKY4dDtAzSOzoa5ZJkg39Qz5TgNU:mjAOQXuun7mWlRBDP4dDw/zN5ogGzd
                                                                                                                                        MD5:2743147E3321961C8449C4463CE6C3B5
                                                                                                                                        SHA1:D8AC6E09D80BF4F86F5D953B5AC625B5AB8F1B20
                                                                                                                                        SHA-256:D0CC2876B0A67AA186682DA1E578C6E6468AA582885AA92B1D040406E4F3C516
                                                                                                                                        SHA-512:3104C1D8636C87FDE5CAA0A716A9DB0B3F977F40251922B7ACC9A01215275B248B1DABB6F7361011D4985023EC2260324A9FE0195D1F6EADD12D36870AF3D6DC
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:&......x...;c.r.................................1012546698.?=<>1! #qPTWI[\w~H_[.52PRUTVVYX._]\^VA@Cvr|.upzyNMLOOqps.ptwwqx{zKNFOUUZQ`dgfhhkj.ion.............q.......................\........................\......................./...............................................................;;;89?;<<0324476.=;:<4?>!IMV@VIGE&+*--/.Q.VRUU_VYXokiknfquLBEDFFIH.OMLNFqps........j}|..a`c.`dgaahkjQlon............i...................................................................e................U........................p.6.I.b.j.t.s.z.u._.v.f...n.....$032.276;.;:=.?N!R#M%C'T)I+G-H/OQ$S3UqW.Y-[)]3_0A%C6E.G2I)K9M'OVqpsrutw.|x{z}|.~x`cb}dgf.mkjlfon............................................'.............................................j..........................v##|!ln|}mijhmz{9yf5w...........11.254.N.Y...~^.E....B..O.....jjab`abd6.l.km..ji_@CB]DGF.MKJLnONq$? ..0 ..6;:.%5-.-'].Q.#1._X.................................................................J............

                                                                                                                                        C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\avcodec-55.dll

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):9717774
                                                                                                                                        Entropy (8bit):6.773312577885227
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:196608:tUC2EPKYUAH82wGvGd7o2WqM6+45Laq3YIfpGpP/bMrVdB:5nq3YIfpGp7M1
                                                                                                                                        MD5:3A39D1828226C2E5BAB3BF43BC133170
                                                                                                                                        SHA1:2BF8B48BF4B082D4E3ACC8F8AE520E3AF4EF92EE
                                                                                                                                        SHA-256:BFC082B9EE7CAECD23556ED8327841D33A13B101D91A154DFC7F1FEE17B2035C
                                                                                                                                        SHA-512:9FE767F3B1DD460EDAB013BD8F612F1672DAF9D2BC161FF43859EB11188EFD780EAE59A8D52B8AE01FA234C1ED56417388F1F3E2734D4872C4094FDE3DBB3114
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...;<#X.H.........#......a..D....U.`.........a...,l......................................@... ......................`..i$....... ......L.............................................................................. ............................text...4.a.......a.................`.``.data.........a.......a.............@.`..rdata....)...b...)...b.............@.`@.rodata.0)......*..................@.`@/4......t..........................@.0@.bss.....U...........................`..edata..i$...`...&...l..............@.0@.idata... ......."..................@.0..CRT....,...........................@.0..tls.... ...........................@.0..rsrc...L...........................@.0..reloc.............................@.0B................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\avfilter-4.dll

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):1584654
                                                                                                                                        Entropy (8bit):6.348416935689602
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:24576:uoWHEfvAxkRiBFA+/Yay3a1NDJp2Vlot6Wi7wIshL7+zSOeFZNrAsQU:X8xRBus7xYot6W+wj5izSOef
                                                                                                                                        MD5:6B007BEDABAA20FB6D445BC62F1091D3
                                                                                                                                        SHA1:D3905661051C4415AC92BD5492100A5F2DF6F659
                                                                                                                                        SHA-256:BFC20232C4ECF4AECE403D005624C82A64A2D54D5D84720341DC6D45B3522BA5
                                                                                                                                        SHA-512:7B0CB0959434437F31AB3E6DF721BE412DE003979F19A66D3855EE4C87FE8A79D5CC4B42E6CF453BE9289575854D2176D2BFFF88A9308F5AB9F0895C0A899CFA
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...7<#X...........#.........*..."..`..............j.................................g....@... ................................. +...P..l....................`...r...........................@......................l...|............................text...d...........................`.P`.data...L0.......2..................@.`..rdata..............................@.`@.rodata.............................@.`@/4......8...........................@.0@.bss.....!............................`..edata...............x..............@.0@.idata.. +.......,..................@.0..CRT....,....0......................@.0..tls.... ....@......................@.0..rsrc...l....P......................@.0..reloc...r...`...t..................@.0B................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\avformat-55.dll

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):3170318
                                                                                                                                        Entropy (8bit):6.410742258925418
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:98304:23Ic2MMwvA3DH/dMOTEOBevA/y7uvCInBIfOpZogtGN:24c2MjvkDHFMOTEOBevuy7uvCInBIG3q
                                                                                                                                        MD5:FB9763AC3B3F51551B4A77E833C395FB
                                                                                                                                        SHA1:9A3F8E9225F214B31B4E703FE428B0537A7CAC63
                                                                                                                                        SHA-256:C0FB1896EE5838E9F8BD1E4495367BAFFA0E71AA2D3785944D5B470F29AEC53A
                                                                                                                                        SHA-512:6EECDF0D290E259FCB1C8AA9DA5F3CA32F760C9039B84B11F40B63B39B1119152BDE54D2C6E1C7D0A1AF9F64C6A340501F934000A2F3E232612F525DD9B0C7FD
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....c.`0........#......!..\0.....`.........!...da..........................0......O1...@... ...................... /......@/..1..../.`...................../.............................../.....................lG/..............................text.....!.......!.................`.p`.data....t....!..v....!.............@.`..rdata.......@"......&".............@.`@/4......(....@+......"+.............@.0@.bss........../.......................`..edata....... /.....................@.0@.idata...1...@/..2..................@.0..CRT....,...../......(/.............@.0..tls.... ...../......*/.............@.0..rsrc...`...../......,/.............@.0..reloc......../..0...0/.............@.0B........................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\avutil-52.dll

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):335374
                                                                                                                                        Entropy (8bit):6.472519507095433
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:6144:VKvkCbK3qvkQRbWNZ3b5wPWBRjpmD/CiPTiD99XsxWQdPVrHB517SFYC:5CbQqMmyPb5wWptvFYC
                                                                                                                                        MD5:F832D24B70A2F4583C57A5FA9B6F0D68
                                                                                                                                        SHA1:092CE5CB6BFE6EADDE62C4CFB911EAB2474196F8
                                                                                                                                        SHA-256:67A0F7D47CEFF1407B9C4851032346A9B81A75FEE6569274F15D092610F04CDC
                                                                                                                                        SHA-512:41048C023871B485718AE219F0D79BBE01A0704F8D2107D68EAD2262E3F66737718AFBB636B02109D1A2B427AAB04DD394EF82D8014298FA3FDEE0C61BFAB185
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...D<#X...........#................`..............f......................................@... ..........................3...@.......p..H.......................x............................`......................TB...............................text...............................`.P`.data...............................@.`..rdata..P...........................@.`@/4...... s...p...t...J..............@.0@.bss....@.............................`..edata...3.......4..................@.0@.idata.......@......................@.0..CRT....,....P......................@.0..tls.... ....`......................@.0..rsrc...H....p......................@.0..reloc..x...........................@.0B........................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\corem.dll

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):53248
                                                                                                                                        Entropy (8bit):4.818742253433189
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:768:y7Utp1RlHkGRRrvT/DvV601kUBwr4uw9FBYasokoJW:ywr1RldvT/D9609BA4uwfzmoJW
                                                                                                                                        MD5:71F601F8151E34EF31307AB4E46E902D
                                                                                                                                        SHA1:1F3D312E2F4755B7F2DECCA1DEDB91BC795288EA
                                                                                                                                        SHA-256:DEAC6221D0ABE480012E836E5E9DD915828AE55401F0C46FB7CE8049C380C698
                                                                                                                                        SHA-512:377E6C9540616CAD77CF151A31F6461338910D441A12B26175D8BCC2020EBA83F621B0DF1756123B58FB4358786FCB6A3E187AF11123F100A91255218A616AA9
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......=..Jy.{.y.{.y.{.O.p.x.{...u.l.{...h.z.{.y.z.=.{.O.q.F.{.....x.{.Richy.{.........................PE..L...^..V...........!.....p...........6..................................................................................b...@...(....................................................................................................................text...:c.......p.................. ..`.rdata..r...........................@..@.data...$R.......0..................@....reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\corez.dll

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):94208
                                                                                                                                        Entropy (8bit):5.6917375635264955
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:1536:+GmWuWvx+4pDmX45es09TK02Oeq52xN9ok:7mWvtEz2xN9ok
                                                                                                                                        MD5:355F1B97CAD97743A8E70DD2803E2F9D
                                                                                                                                        SHA1:C7C12BC74483874CBDD39343D149509BE355C2D9
                                                                                                                                        SHA-256:00D4986DFFF92CFDD45576DA9100D49F374A8DBA1A476CFC8DC7CF50F5A6735F
                                                                                                                                        SHA-512:EB7F8D7B68AB01A95DE5AAD0023FC4C51C3828138610B488C92CA3AB5C320305F295467972B542C7FE436D08E21BA7926A997702E4383CE5F4CBC674F62479B7
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l............+.......................+....p-....Rich...........................PE..L......W...........!.........p......u........ .......................................................................-..N...('..(...............................X.................................................... ...............................text............................... ..`.rdata..N.... ....... ..............@..@.data....C...0...0...0..............@....reloc...............`..............@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\id3lib.dll

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):625928
                                                                                                                                        Entropy (8bit):5.943922372365406
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:12288:w4+0+cgqiMSIZutobarH4MsPVoXB6D+P1zispXAo4tU:w4KtobarYpPsBK+P1FXtwU
                                                                                                                                        MD5:7D967ABA252063B5464F82C432FE65D0
                                                                                                                                        SHA1:BDBCA54BE3155391C671C5FB57B137E3C47FA8F0
                                                                                                                                        SHA-256:A197A25A0A10DD378B0BB8632BE8ECB84438E111225E9E132E2C1D26C13F55F6
                                                                                                                                        SHA-512:FED63E1E94B241DFA1860E69D8A8DC647F1F2FD0ACD800EDC3D98788CBB40A9EA683524529C79295ECE90C4C88DB5AD5F4FE51249117E6D8FB2DD9ADB5C5766F
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........r...!...!...!..<!...!.0.!...!...!...!..*!...!..-!...!..;!...!..=!...!..>!...!..8!...!Rich...!........PE..L...U.wa...........!................Qa..............................................'..........................................(.... ...............d...)...@...^...................................#..@...........(................................text...|........................... ....rdata...w.......x..................@..@.data........@.......,..............@....idata..............................@....rsrc........ ......................@..@.reloc..ij...@...l..................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\postproc-52.dll

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):189454
                                                                                                                                        Entropy (8bit):6.28380517882515
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:3072:mxxxxRxRw6fxxxxRxRw6RIqWaa6aa66vumpaGaa6aa66v+ism5V1+lr74YkSFx5I:mxxxxRxRw6fxxxxRxRw6lWaa6aa66vuL
                                                                                                                                        MD5:F75D1B175E1687EE0A9B9E4A7ABD123B
                                                                                                                                        SHA1:026F4DB79AA8DB651964ACF17233302D1809DE1E
                                                                                                                                        SHA-256:72180A408B13B7D98C0BC2395B886A5C3AA0B2DEA39EF081E193F60EF373365F
                                                                                                                                        SHA-512:200AEC20C95B1EC2E7D1BB33ED89D846A128847B82C9D09AA2788B258967E750718414F05BDEC0CF2E4F9C7AF697404E19CACCAC354A1A62DB52E76C6A45886B
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...><#X...........#................`..............j.........................p...........@... .............................. .......P..\....................`..L............................@......................$!...............................text...............................`.P`.data...............................@.0..rdata..............................@.`@/4..................................@.0@.bss..................................`..edata..............................@.0@.idata....... ......................@.0..CRT....,....0......................@.0..tls.... ....@......................@.0..rsrc...\....P......................@.0..reloc..L....`......................@.0B........................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\pthreadGC2.dll

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):70598
                                                                                                                                        Entropy (8bit):5.27556266441527
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:1536:C+Sg9oMF5bqgRePiHyYelXevOzWAPehIt2uhZD:C49oI5bqliHyYcudAPehIt2Q5
                                                                                                                                        MD5:6F346D712C867CF942D6B599ADB61081
                                                                                                                                        SHA1:24D942DFC2D0C7256C50B80204BB30F0D98B887A
                                                                                                                                        SHA-256:72E6C8DD77FA7E10A7B05EF6C3E21D3F7E4147301B0BF6E416B2D33D4E19A9C3
                                                                                                                                        SHA-512:1F95A211D5DD3E58D4E2682F6BF2C5380B230E9907E2882097B77B99520CD2C788F43AD2ABCCE617DD8DED0043E4EF1C8B6E083C44688B23109868E6CDD2364C
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....ZWH....X......!...8.d...&......`.............Hb.........................p......H+........ .........................................d............................................................................................................text....b.......d.................. ..`.data...D............h..............@....rdata...............j..............@..@.bss....`................................edata...............l..............@..@.idata...............|..............@....rsrc...d...........................@....reloc..............................@..B/4...... .............................../19.....U.............................../35...................................../47.....!.... ........................../61..........0........................../73.....4....@........................../86..........P........................../97.....h....`..........

                                                                                                                                        C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\pthreadVC2.dll

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):45056
                                                                                                                                        Entropy (8bit):4.21823111580972
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:384:W6E5etE/YrPfUMH+R/6NNzRUOI0havjIAGRdqMKHWjFYeOphngA9iHy2J0+:WpI+/QfU3N6NNR/atUfid9iHyY0+
                                                                                                                                        MD5:54AEDDC619EED2FAEEE9533D58F778B9
                                                                                                                                        SHA1:CA9D723B87E0C688450B34F2A606C957391FBBF4
                                                                                                                                        SHA-256:EE15E6E3F82C48461EB638C1EA11019AE9E3E303E067E879115C6272139026E7
                                                                                                                                        SHA-512:7CEC39F32804109B3D502027D1EC42A594C1E4A2D93512195C60BD41AAD7E32A8B0EB21A0EE859FECB403EE939EEBC4608D9D27A4002B8C282DE32F696136506
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........2.].\.].\.].\..R._.\.].].k.\.?.O.X.\...V.X.\..Z.\.\...X.^.\.Rich].\.................PE..L...1..O...........!.....P...P.......T.......`.......................................................................e.......`..P.......p.......................l....................................................`...............................text...xE.......P.................. ..`.rdata..G....`... ...`..............@..@.data...............................@....rsrc...p...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\swresample-0.dll

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):103950
                                                                                                                                        Entropy (8bit):6.433058397429001
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:3072:qxSmku/WFRj1jqPgBUmLnMw+OC7l+NTvZ0:mSmkRFxE/Aw4Tm
                                                                                                                                        MD5:77BCEB240F65C91D26299A334A0CF8E1
                                                                                                                                        SHA1:DE9D588A25252D9660FE0247508EADFA6F8A7834
                                                                                                                                        SHA-256:D179C01C646D821CF745AE5E66FFC7ED394A61A595ECC2BCCF27DC144BA91A2C
                                                                                                                                        SHA-512:B380B592C39FD22302FC4A36AA6F773A79253230F0DD73AD129500654DBDF24C5A0B0AE3B2A4FFD762DA4F9705A0C8E48AD4372D85CDB6271C5D3F315C82A281
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@<#X...........#................`........0....|p.........................0.......m....@... .........................................h.................... ......................................................X................................text...............................`.P`.data...<....0......................@.P..rdata..(6...@...8..................@.`@.rodata..............V..............@.`@/4.......!......."...X..............@.0@.bss..................................`..edata...............z..............@.0@.idata...............~..............@.0..CRT....,...........................@.0..tls.... ...........................@.0..rsrc...h...........................@.0..reloc....... ......................@.0B................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\swscale-2.dll

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):501774
                                                                                                                                        Entropy (8bit):6.520048996955215
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:6144:gQW0ZFEpf1cIwAn2iBn5iCnFibtjFqBXkNzlfqS9BcGWxcjxQzPkoTMkcOpeGNVA:JtxqBXkNBqSAxexBGNVXw
                                                                                                                                        MD5:2985C39796FB4A5F4357A1A7A134AD45
                                                                                                                                        SHA1:305DC537A03E0137A529DC30BFD2FC6C185402A3
                                                                                                                                        SHA-256:4F17B1CEEA162390F64F54A3D13DE4BB9E553DA1E51AE7061545B7843DDAD9CA
                                                                                                                                        SHA-512:4764DBF01DEFE417D587ADBEE16901BF374E0548D4A00F4F977F058DBE00C54712FD25162E1BF1986B55521CC2F005E7ED8E78DB15E6CABFDDC6B6924EC423B8
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B<#X...........#................`..............j......................................@... ......................@.."....P..8.......X....................................................p......................LQ...............................text...............................`.P`.data...<...........................@.P..rdata...-..........................@.`@.rodata.@...........................@.P@/4......L...........................@.0@.bss..................................`..edata.."....@.......t..............@.0@.idata..8....P.......z..............@.0..CRT....,....`......................@.0..tls.... ....p......................@.0..rsrc...X...........................@.0..reloc..............................@.0B................................................................................................................................................

                                                                                                                                        C:\Windows\Installer\55060d.msi

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                        File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Network RPM Ultimate, Author: Brooks Internet Software, Inc., Keywords: Installer, Comments: This installer database contains the logic and data required to install Network RPM Ultimate., Template: Intel;1033, Revision Number: {BA80CBCF-0924-4E9E-98DE-172FF4F64F2A}, Create Time/Date: Thu Dec 12 21:50:16 2024, Last Saved Time/Date: Thu Dec 12 21:50:16 2024, Number of Pages: 200, Number of Words: 10, Name of Creating Application: Windows Installer XML Toolset (3.14.1.8722), Security: 2
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):42938368
                                                                                                                                        Entropy (8bit):7.999201867831205
                                                                                                                                        Encrypted:true
                                                                                                                                        SSDEEP:786432:dbVpTD8h5v5PPobg2I/3VC3BCHzO+7X6x+3N/ZcbtC82wbdLU:dhdD0noUZA2zQx+3Ptrsd
                                                                                                                                        MD5:5CA4F16765F03C281A0A98F99668F283
                                                                                                                                        SHA1:08D34BE9B942A09439C95ED9A2E033D613014345
                                                                                                                                        SHA-256:D641E6CCEE2B1D1431B15D760FFF343C4729DCF445F8701A5E2453D36149E719
                                                                                                                                        SHA-512:0082BD8193984D03E8DBAC2A48EE026FBD251748E3E5BF24A5D4D2EF6965175664944619F8BA7D5ADA8B6B0FD39C893B13605DF203C3D05BAD696296AD67545F
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:......................>.................................................................................... ...$...(..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Windows\Installer\55060f.msi

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                        File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Network RPM Ultimate, Author: Brooks Internet Software, Inc., Keywords: Installer, Comments: This installer database contains the logic and data required to install Network RPM Ultimate., Template: Intel;1033, Revision Number: {BA80CBCF-0924-4E9E-98DE-172FF4F64F2A}, Create Time/Date: Thu Dec 12 21:50:16 2024, Last Saved Time/Date: Thu Dec 12 21:50:16 2024, Number of Pages: 200, Number of Words: 10, Name of Creating Application: Windows Installer XML Toolset (3.14.1.8722), Security: 2
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):42938368
                                                                                                                                        Entropy (8bit):7.999201867831205
                                                                                                                                        Encrypted:true
                                                                                                                                        SSDEEP:786432:dbVpTD8h5v5PPobg2I/3VC3BCHzO+7X6x+3N/ZcbtC82wbdLU:dhdD0noUZA2zQx+3Ptrsd
                                                                                                                                        MD5:5CA4F16765F03C281A0A98F99668F283
                                                                                                                                        SHA1:08D34BE9B942A09439C95ED9A2E033D613014345
                                                                                                                                        SHA-256:D641E6CCEE2B1D1431B15D760FFF343C4729DCF445F8701A5E2453D36149E719
                                                                                                                                        SHA-512:0082BD8193984D03E8DBAC2A48EE026FBD251748E3E5BF24A5D4D2EF6965175664944619F8BA7D5ADA8B6B0FD39C893B13605DF203C3D05BAD696296AD67545F
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:......................>.................................................................................... ...$...(..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Windows\Installer\MSIC95.tmp

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                        File Type:data
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):13871
                                                                                                                                        Entropy (8bit):5.749581026429436
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:wx1Io8oZfpk4g6QPGca2PGM54xbHxe/FWGt:01IorR5g6QPBa2PG84xbHcFWGt
                                                                                                                                        MD5:2AAB64CF9A60117D2220BC21153EDD73
                                                                                                                                        SHA1:D9C2043694FE0D3F575EDFD0F26114BD04488DCC
                                                                                                                                        SHA-256:575C94243F75856E8F4CD4D87444C7FB7C42F89D2823FEA1D15AA8E14AC74BF9
                                                                                                                                        SHA-512:00185500D79F0618560F9BBEA4799A7CB5C4EF9C6BD3FB4937363C6CDC2E6E7B0D1C634E8D638CDBD13466FCC7A387673F09F6AD439073739DFC2AB8BB169EBF
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:...@IXOS.@.....@..Y.@.....@.....@.....@.....@.....@......&.{E53ED465-6E91-4142-800E-A06FE3C79FE1}..Network RPM Ultimate..5.msi.@.....@.....@.....@........&.{BA80CBCF-0924-4E9E-98DE-172FF4F64F2A}.....@.....@.....@.....@.......@.....@.....@.......@......Network RPM Ultimate......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration.....@!....@.....@.]....&.{A2986E4F-F9E9-251A-3827-EDA13795E988}M.C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\AbBugReporter.dll.@.......@.....@.....@......&.{032788E3-36A3-34D4-554A-C815C01DB495}J.C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\avcodec-55.dll.@.......@.....@.....@......&.{6EE06EC0-601C-988C-0525-4CC5A3689EAC}J.C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\avfilter-4.dll.@.......@.....@.....@......&.{308E3780-4F72-918E-E9C2-C63B6D9AB0E3}K.C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\avfo

                                                                                                                                        C:\Windows\Installer\SourceHash{E53ED465-6E91-4142-800E-A06FE3C79FE1}

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):20480
                                                                                                                                        Entropy (8bit):1.160635144276596
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:12:JSbX72FjpmSAGiLIlHVRpgh/7777777777777777777777777vDHFqD17yJpjl0G:JzmSQI5osZ7yGF
                                                                                                                                        MD5:834E7EA7B453C1D0C9EC790E6721629B
                                                                                                                                        SHA1:5DBEF7628A3AF50B6218EAF9AF8FA1E2DEAF1662
                                                                                                                                        SHA-256:8BAA98F4744DC392925D0ACDC21159BC02F43351ABA13D51B420BDACAC7283DE
                                                                                                                                        SHA-512:D4AD0E4606D0AFE67D17FBA3571352C616356D4CEC88DAC8F1FD7FA5AF26616AE763FF6B8A116A9EC770B01A151B9C4100C56378F5DD14DD7A811549342F2C37
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Windows\Installer\inprogressinstallinfo.ipi

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):20480
                                                                                                                                        Entropy (8bit):1.4959084329675236
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:48:shX8PhpuRc06WXOknT5lzgpfsGuhS5Mr1sGuhSIKFQHk:shWhp1SnTftU
                                                                                                                                        MD5:91A06847D56325AE022E4B5ACFB64F30
                                                                                                                                        SHA1:17FFBDB808083887EC0B4EB0D89804C1D9619288
                                                                                                                                        SHA-256:AB520AF6F4B7FDE76C7E2A70B386F6B0D023ECCDA7021B7180EC133348193798
                                                                                                                                        SHA-512:16E42D1818C9DD6C78B6822DD316A6EAABDCAE94BDC1372B21ED6BCDFD215575FB1D84BF100E0549D7F9BA07AFC06663FAB4C34D8E5AB309F3607E8EAB82B1EC
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):364484
                                                                                                                                        Entropy (8bit):5.365497588724413
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:1536:6qELG7gK+RaOOp3LCCpfmLgYI66xgFF9Sq8K6MAS2OMUHl6Gin327D22A26KgauJ:zTtbmkExhMJCIpEe
                                                                                                                                        MD5:C558693809B9011223CBB63592213E27
                                                                                                                                        SHA1:B65AAC498DA6D93FB3F518ED7681E623A0534E9D
                                                                                                                                        SHA-256:90BB227862D77C9683AE298E447A72A24F75A9FCD2CCAC318973DB837DE3A9D9
                                                                                                                                        SHA-512:5394BBCE808FE6F2509288ADAD3A8A74E670FE51439DE8C9D84E8B86275DB3768E8EF3A06F62D33B4B6E8A66E4063726DD0EDF95436C62F21DAD75BBECCDA9C0
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [

                                                                                                                                        C:\Windows\Temp\~DF04CB6255BB64C802.TMP

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                        File Type:data
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):512
                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:3::
                                                                                                                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Windows\Temp\~DF077D0803F0F550EB.TMP

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                        File Type:data
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):512
                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:3::
                                                                                                                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Windows\Temp\~DF11105849902CEA58.TMP

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                        File Type:data
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):32768
                                                                                                                                        Entropy (8bit):0.06736111396164404
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:6:2/9LG7iVCnLG7iVrKOzPLHKOqDck7eXCVky6lh1:2F0i8n0itFzDHFqD17sj
                                                                                                                                        MD5:2272E1C34446F1CD38AFA884002FCB59
                                                                                                                                        SHA1:408E17168DD4AD720A8CDE6F2A0D673D7CA91D4D
                                                                                                                                        SHA-256:E8B83C7AF5466439C6A03023FF08E697D5479AC820AA49E456283AFE9962BCFB
                                                                                                                                        SHA-512:6CEC976215E50C16CBA50C02A3BCA0095441907CDF8D5E970FA884329257318EE69E342D98A3225D74AC6C84099371EDC8AB25B53899B61C8774066D05FBB462
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Windows\Temp\~DF2639B1C9BE0EBAE1.TMP

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                        File Type:data
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):69632
                                                                                                                                        Entropy (8bit):0.11669261649056836
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:24:YQHkuaShkpOwVmGuShkbipV0wVmGuShkbipV7VQwGzlrkgQ2+vS:YQHklbLsGuhSLsGuhS5MrQ2gS
                                                                                                                                        MD5:9C95DB8AD2360066A7C1AF04ACF87A1A
                                                                                                                                        SHA1:37915528423DDB29D07542DF69FD6B808EEB5886
                                                                                                                                        SHA-256:E17A708CA13C454A978935BDBE4E0221FDC20BED876DAFA14A9B7DA4EBDC7AA1
                                                                                                                                        SHA-512:47F4B89A03853ECF70CA36670B61ED66EE4FFE386FF9208FC995EA7733DD088C085235C5FCC9A9D5F6DEBBE48624E2DA99987C53ABD2FFD76AF55CF5E689764A
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Windows\Temp\~DF3833315EA9F166BA.TMP

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):32768
                                                                                                                                        Entropy (8bit):1.203476795326501
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:48:ZwKRuVsrMLFXO7T5WzgpfsGuhS5Mr1sGuhSIKFQHk:ZzRu2TytU
                                                                                                                                        MD5:EE7F8016B0E9D1FBF013115F545142F7
                                                                                                                                        SHA1:942541382C8ECB7B16341B85BE27E2C915066C21
                                                                                                                                        SHA-256:0E69E0A8372B1B706249350FB2497624E58EB7B91790BD5087B13182AB7BCCE0
                                                                                                                                        SHA-512:3AB456FBB869D1A78BA3D9DDDBC1FBC192EA6F79DF96ADB1A8B096D19168B2C87F26972982EA2CCA44051849F5976E5624A036C188F4E3DF4A1087D23B0B3E5F
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Windows\Temp\~DF4BB4BD6DF5CC1319.TMP

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):20480
                                                                                                                                        Entropy (8bit):1.4959084329675236
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:48:shX8PhpuRc06WXOknT5lzgpfsGuhS5Mr1sGuhSIKFQHk:shWhp1SnTftU
                                                                                                                                        MD5:91A06847D56325AE022E4B5ACFB64F30
                                                                                                                                        SHA1:17FFBDB808083887EC0B4EB0D89804C1D9619288
                                                                                                                                        SHA-256:AB520AF6F4B7FDE76C7E2A70B386F6B0D023ECCDA7021B7180EC133348193798
                                                                                                                                        SHA-512:16E42D1818C9DD6C78B6822DD316A6EAABDCAE94BDC1372B21ED6BCDFD215575FB1D84BF100E0549D7F9BA07AFC06663FAB4C34D8E5AB309F3607E8EAB82B1EC
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Windows\Temp\~DF6285877C9CC897B0.TMP

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):32768
                                                                                                                                        Entropy (8bit):1.203476795326501
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:48:ZwKRuVsrMLFXO7T5WzgpfsGuhS5Mr1sGuhSIKFQHk:ZzRu2TytU
                                                                                                                                        MD5:EE7F8016B0E9D1FBF013115F545142F7
                                                                                                                                        SHA1:942541382C8ECB7B16341B85BE27E2C915066C21
                                                                                                                                        SHA-256:0E69E0A8372B1B706249350FB2497624E58EB7B91790BD5087B13182AB7BCCE0
                                                                                                                                        SHA-512:3AB456FBB869D1A78BA3D9DDDBC1FBC192EA6F79DF96ADB1A8B096D19168B2C87F26972982EA2CCA44051849F5976E5624A036C188F4E3DF4A1087D23B0B3E5F
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Windows\Temp\~DF7747C14A1AEBDA8B.TMP

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                        File Type:data
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):512
                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:3::
                                                                                                                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Windows\Temp\~DF8608473ABF63DF8F.TMP

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                        File Type:data
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):512
                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:3::
                                                                                                                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Windows\Temp\~DFA35D4DE6E1299543.TMP

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                        File Type:data
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):512
                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:3::
                                                                                                                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Windows\Temp\~DFC229CC544BBDBEE2.TMP

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):32768
                                                                                                                                        Entropy (8bit):1.203476795326501
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:48:ZwKRuVsrMLFXO7T5WzgpfsGuhS5Mr1sGuhSIKFQHk:ZzRu2TytU
                                                                                                                                        MD5:EE7F8016B0E9D1FBF013115F545142F7
                                                                                                                                        SHA1:942541382C8ECB7B16341B85BE27E2C915066C21
                                                                                                                                        SHA-256:0E69E0A8372B1B706249350FB2497624E58EB7B91790BD5087B13182AB7BCCE0
                                                                                                                                        SHA-512:3AB456FBB869D1A78BA3D9DDDBC1FBC192EA6F79DF96ADB1A8B096D19168B2C87F26972982EA2CCA44051849F5976E5624A036C188F4E3DF4A1087D23B0B3E5F
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Windows\Temp\~DFF4FAABD07A47582C.TMP

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):20480
                                                                                                                                        Entropy (8bit):1.4959084329675236
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:48:shX8PhpuRc06WXOknT5lzgpfsGuhS5Mr1sGuhSIKFQHk:shWhp1SnTftU
                                                                                                                                        MD5:91A06847D56325AE022E4B5ACFB64F30
                                                                                                                                        SHA1:17FFBDB808083887EC0B4EB0D89804C1D9619288
                                                                                                                                        SHA-256:AB520AF6F4B7FDE76C7E2A70B386F6B0D023ECCDA7021B7180EC133348193798
                                                                                                                                        SHA-512:16E42D1818C9DD6C78B6822DD316A6EAABDCAE94BDC1372B21ED6BCDFD215575FB1D84BF100E0549D7F9BA07AFC06663FAB4C34D8E5AB309F3607E8EAB82B1EC
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        Static File Info

                                                                                                                                        General

                                                                                                                                        File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Network RPM Ultimate, Author: Brooks Internet Software, Inc., Keywords: Installer, Comments: This installer database contains the logic and data required to install Network RPM Ultimate., Template: Intel;1033, Revision Number: {BA80CBCF-0924-4E9E-98DE-172FF4F64F2A}, Create Time/Date: Thu Dec 12 21:50:16 2024, Last Saved Time/Date: Thu Dec 12 21:50:16 2024, Number of Pages: 200, Number of Words: 10, Name of Creating Application: Windows Installer XML Toolset (3.14.1.8722), Security: 2
                                                                                                                                        Entropy (8bit):7.999201867831205
                                                                                                                                        TrID:
                                                                                                                                        • Microsoft Windows Installer (60509/1) 88.31%
                                                                                                                                        • Generic OLE2 / Multistream Compound File (8008/1) 11.69%
                                                                                                                                        File name:5.msi
                                                                                                                                        File size:42'938'368 bytes
                                                                                                                                        MD5:5ca4f16765f03c281a0a98f99668f283
                                                                                                                                        SHA1:08d34be9b942a09439c95ed9a2e033d613014345
                                                                                                                                        SHA256:d641e6ccee2b1d1431b15d760fff343c4729dcf445f8701a5e2453d36149e719
                                                                                                                                        SHA512:0082bd8193984d03e8dbac2a48ee026fbd251748e3e5bf24a5d4d2ef6965175664944619f8ba7d5ada8b6b0fd39c893b13605df203c3d05bad696296ad67545f
                                                                                                                                        SSDEEP:786432:dbVpTD8h5v5PPobg2I/3VC3BCHzO+7X6x+3N/ZcbtC82wbdLU:dhdD0noUZA2zQx+3Ptrsd
                                                                                                                                        TLSH:E497337950D3D65EC2C68035B6FFBF710E2E0C556162D8FA6339BC4AE4F6F1292421A8
                                                                                                                                        File Content Preview:........................>.................................................................................... ...$...(.........................................................................................................................................

                                                                                                                                        File Icon

                                                                                                                                        Icon Hash:2d2e3797b32b2b99

                                                                                                                                        Network Behavior

                                                                                                                                        Network Port Distribution

                                                                                                                                        TCP Packets

                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                        Dec 17, 2024 22:14:23.589549065 CET4970737192.168.2.5128.138.140.44
                                                                                                                                        Dec 17, 2024 22:14:23.709464073 CET3749707128.138.140.44192.168.2.5
                                                                                                                                        Dec 17, 2024 22:14:23.709563971 CET4970737192.168.2.5128.138.140.44
                                                                                                                                        Dec 17, 2024 22:14:24.699528933 CET3749707128.138.140.44192.168.2.5
                                                                                                                                        Dec 17, 2024 22:14:24.699719906 CET4970737192.168.2.5128.138.140.44
                                                                                                                                        Dec 17, 2024 22:14:24.699800968 CET3749707128.138.140.44192.168.2.5
                                                                                                                                        Dec 17, 2024 22:14:24.699868917 CET4970737192.168.2.5128.138.140.44
                                                                                                                                        Dec 17, 2024 22:15:33.015635967 CET4986653192.168.2.58.8.8.8
                                                                                                                                        Dec 17, 2024 22:15:33.136111021 CET53498668.8.8.8192.168.2.5
                                                                                                                                        Dec 17, 2024 22:15:33.136431932 CET4986653192.168.2.58.8.8.8
                                                                                                                                        Dec 17, 2024 22:15:36.037436962 CET53498668.8.8.8192.168.2.5
                                                                                                                                        Dec 17, 2024 22:15:36.037636995 CET4986653192.168.2.58.8.8.8
                                                                                                                                        Dec 17, 2024 22:15:37.182537079 CET49876443192.168.2.523.227.178.53
                                                                                                                                        Dec 17, 2024 22:15:37.182579041 CET4434987623.227.178.53192.168.2.5
                                                                                                                                        Dec 17, 2024 22:15:37.182651043 CET49876443192.168.2.523.227.178.53
                                                                                                                                        Dec 17, 2024 22:15:37.259624958 CET49876443192.168.2.523.227.178.53
                                                                                                                                        Dec 17, 2024 22:15:37.259649038 CET4434987623.227.178.53192.168.2.5
                                                                                                                                        Dec 17, 2024 22:15:37.259701967 CET4434987623.227.178.53192.168.2.5
                                                                                                                                        Dec 17, 2024 22:15:37.259725094 CET49876443192.168.2.523.227.178.53
                                                                                                                                        Dec 17, 2024 22:15:37.259744883 CET4434987623.227.178.53192.168.2.5
                                                                                                                                        Dec 17, 2024 22:15:38.282893896 CET49878443192.168.2.5185.174.135.68
                                                                                                                                        Dec 17, 2024 22:15:38.282933950 CET44349878185.174.135.68192.168.2.5
                                                                                                                                        Dec 17, 2024 22:15:38.283040047 CET49878443192.168.2.5185.174.135.68
                                                                                                                                        Dec 17, 2024 22:15:38.359787941 CET49878443192.168.2.5185.174.135.68
                                                                                                                                        Dec 17, 2024 22:15:38.359836102 CET44349878185.174.135.68192.168.2.5
                                                                                                                                        Dec 17, 2024 22:15:38.359904051 CET44349878185.174.135.68192.168.2.5
                                                                                                                                        Dec 17, 2024 22:15:38.359916925 CET49878443192.168.2.5185.174.135.68
                                                                                                                                        Dec 17, 2024 22:15:38.359935045 CET44349878185.174.135.68192.168.2.5
                                                                                                                                        Dec 17, 2024 22:15:39.378560066 CET49883443192.168.2.5148.251.107.246
                                                                                                                                        Dec 17, 2024 22:15:39.378607035 CET44349883148.251.107.246192.168.2.5
                                                                                                                                        Dec 17, 2024 22:15:39.379333019 CET49883443192.168.2.5148.251.107.246
                                                                                                                                        Dec 17, 2024 22:15:39.511707067 CET49883443192.168.2.5148.251.107.246
                                                                                                                                        Dec 17, 2024 22:15:39.511729956 CET44349883148.251.107.246192.168.2.5
                                                                                                                                        Dec 17, 2024 22:15:39.511790037 CET49883443192.168.2.5148.251.107.246
                                                                                                                                        Dec 17, 2024 22:15:39.511795044 CET44349883148.251.107.246192.168.2.5
                                                                                                                                        Dec 17, 2024 22:15:39.511883020 CET44349883148.251.107.246192.168.2.5
                                                                                                                                        Dec 17, 2024 22:15:40.532778978 CET49886443192.168.2.5185.81.114.227
                                                                                                                                        Dec 17, 2024 22:15:40.532825947 CET44349886185.81.114.227192.168.2.5
                                                                                                                                        Dec 17, 2024 22:15:40.532929897 CET49886443192.168.2.5185.81.114.227
                                                                                                                                        Dec 17, 2024 22:15:40.592562914 CET49886443192.168.2.5185.81.114.227
                                                                                                                                        Dec 17, 2024 22:15:40.592575073 CET44349886185.81.114.227192.168.2.5
                                                                                                                                        Dec 17, 2024 22:15:40.592622995 CET44349886185.81.114.227192.168.2.5
                                                                                                                                        Dec 17, 2024 22:15:40.592659950 CET49886443192.168.2.5185.81.114.227
                                                                                                                                        Dec 17, 2024 22:15:40.592667103 CET44349886185.81.114.227192.168.2.5

                                                                                                                                        DNS Answers

                                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                        Dec 17, 2024 22:14:11.353137016 CET1.1.1.1192.168.2.50x4c5No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                        Dec 17, 2024 22:14:11.353137016 CET1.1.1.1192.168.2.50x4c5No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false

                                                                                                                                        Statistics

                                                                                                                                        CPU Usage

                                                                                                                                        Click to jump to process

                                                                                                                                        Memory Usage

                                                                                                                                        Click to jump to process

                                                                                                                                        High Level Behavior Distribution

                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                        Behavior

                                                                                                                                        Click to jump to process

                                                                                                                                        System Behavior

                                                                                                                                        General

                                                                                                                                        Target ID:0
                                                                                                                                        Start time:16:14:09
                                                                                                                                        Start date:17/12/2024
                                                                                                                                        Path:C:\Windows\System32\msiexec.exe
                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                        Commandline:"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\5.msi"
                                                                                                                                        Imagebase:0x7ff760070000
                                                                                                                                        File size:69'632 bytes
                                                                                                                                        MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                        Has elevated privileges:true
                                                                                                                                        Has administrator privileges:true
                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                        Reputation:high
                                                                                                                                        Has exited:true

                                                                                                                                        General

                                                                                                                                        Target ID:2
                                                                                                                                        Start time:16:14:12
                                                                                                                                        Start date:17/12/2024
                                                                                                                                        Path:C:\Windows\System32\msiexec.exe
                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                        Commandline:C:\Windows\system32\msiexec.exe /V
                                                                                                                                        Imagebase:0x7ff760070000
                                                                                                                                        File size:69'632 bytes
                                                                                                                                        MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                        Has elevated privileges:true
                                                                                                                                        Has administrator privileges:true
                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                        Reputation:high
                                                                                                                                        Has exited:false

                                                                                                                                        General

                                                                                                                                        Target ID:3
                                                                                                                                        Start time:16:14:21
                                                                                                                                        Start date:17/12/2024
                                                                                                                                        Path:C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exe
                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exe"
                                                                                                                                        Imagebase:0x400000
                                                                                                                                        File size:18'116'600 bytes
                                                                                                                                        MD5 hash:B39FB3CF854F8628C2F38298E0965687
                                                                                                                                        Has elevated privileges:true
                                                                                                                                        Has administrator privileges:true
                                                                                                                                        Programmed in:Borland Delphi
                                                                                                                                        Yara matches:
                                                                                                                                        • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000003.00000000.2211867648.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000003.2297260812.0000000008EFD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                        • Rule: JoeSecurity_DanaBot_stealer_dll, Description: Yara detected DanaBot stealer dll, Source: 00000003.00000003.2297260812.0000000008EFD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000002.3370928782.000000000A530000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                        • Rule: JoeSecurity_DanaBot_stealer_dll, Description: Yara detected DanaBot stealer dll, Source: 00000003.00000002.3370928782.000000000A530000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000003.2286381991.0000000008967000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                        • Rule: JoeSecurity_DanaBot_stealer_dll, Description: Yara detected DanaBot stealer dll, Source: 00000003.00000003.2286381991.0000000008967000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000002.3379869403.000000000B089000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                        • Rule: JoeSecurity_DanaBot_stealer_dll, Description: Yara detected DanaBot stealer dll, Source: 00000003.00000002.3379869403.000000000B089000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000003.2272903621.0000000008EFC000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                        • Rule: JoeSecurity_DanaBot_stealer_dll, Description: Yara detected DanaBot stealer dll, Source: 00000003.00000003.2272903621.0000000008EFC000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                        • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\AppData\Local\Programs\Network RPM Ultimate\CPPlayer.exe, Author: Joe Security
                                                                                                                                        Antivirus matches:
                                                                                                                                        • Detection: 4%, ReversingLabs
                                                                                                                                        Reputation:low
                                                                                                                                        Has exited:false

                                                                                                                                        Disassembly

                                                                                                                                        Reset < >

                                                                                                                                          Execution Graph

                                                                                                                                          Execution Coverage:2.4%
                                                                                                                                          Dynamic/Decrypted Code Coverage:70.5%
                                                                                                                                          Signature Coverage:10.2%
                                                                                                                                          Total number of Nodes:876
                                                                                                                                          Total number of Limit Nodes:33
                                                                                                                                          execution_graph 70546 699109b VirtualAlloc 70547 69910b0 std::locale::_Init 70546->70547 70548 69910f5 VirtualProtect 70547->70548 70549 6991110 70548->70549 70550 6991162 std::locale::_Init 70549->70550 70552 699111c 70549->70552 70551 6991171 ??0WindowedReader@io@dami@@QAE@AAVID3_Reader@@I 70550->70551 70553 699114f VirtualProtect 70552->70553 70554 6991160 70553->70554 70554->70554 70555 6dc36f8 70557 6dc3714 70555->70557 70559 6dc370b 70555->70559 70557->70559 70562 6dc373c 70557->70562 70563 6dc361f 70557->70563 70558 6dc375c 70560 6dc361f 105 API calls 70558->70560 70558->70562 70559->70558 70561 6dc361f 105 API calls 70559->70561 70559->70562 70560->70562 70561->70558 70564 6dc362c GetVersion 70563->70564 70565 6dc36b4 70563->70565 70592 6dc3958 HeapCreate 70564->70592 70566 6dc36ba 70565->70566 70567 6dc36e6 70565->70567 70569 6dc367f 70566->70569 70571 6dc36d5 70566->70571 70610 6dc4bee 32 API calls 70566->70610 70567->70569 70614 6dc4dba 31 API calls 70567->70614 70569->70559 70570 6dc363e 70570->70569 70604 6dc4cce 37 API calls 70570->70604 70611 6dc5016 30 API calls 70571->70611 70576 6dc3676 70578 6dc367a 70576->70578 70579 6dc3683 GetCommandLineA 70576->70579 70577 6dc36da 70612 6dc4d22 35 API calls 70577->70612 70605 6dc39b5 6 API calls 70578->70605 70606 6dc5370 37 API calls 70579->70606 70583 6dc36df 70613 6dc39b5 6 API calls 70583->70613 70584 6dc3693 70607 6dc4e5a 34 API calls 70584->70607 70587 6dc369d 70608 6dc5123 49 API calls 70587->70608 70589 6dc36a2 70609 6dc506a 48 API calls 70589->70609 70591 6dc36a7 70591->70569 70593 6dc39ae 70592->70593 70594 6dc3978 70592->70594 70593->70570 70615 6dc3810 57 API calls 70594->70615 70596 6dc397d 70597 6dc3994 70596->70597 70598 6dc3987 70596->70598 70600 6dc39b1 70597->70600 70617 6dc42ae HeapAlloc VirtualAlloc VirtualAlloc VirtualFree HeapFree 70597->70617 70616 6dc3a5d HeapAlloc 70598->70616 70600->70570 70601 6dc3991 70601->70600 70603 6dc39a2 HeapDestroy 70601->70603 70603->70593 70604->70576 70605->70569 70606->70584 70607->70587 70608->70589 70609->70591 70610->70571 70611->70577 70612->70583 70613->70569 70614->70569 70615->70596 70616->70601 70617->70601 70618 b55ef93 70619 b55ef82 70618->70619 70622 b55ef9d 70618->70622 70627 b54fcac LoadIconW LoadCursorW GetStockObject 70619->70627 70621 b55ef89 Sleep 70621->70618 70644 b079fd8 SysFreeString 70622->70644 70624 b55efc4 70645 b079f60 70624->70645 70628 b54fd09 70627->70628 70629 b54fd16 RegisterClassW 70628->70629 70630 b54fe34 GetMessageW 70629->70630 70636 b54fd2b 70629->70636 70631 b54fe19 70630->70631 70632 b54fe4b 70630->70632 70631->70632 70633 b54fe22 TranslateMessage DispatchMessageW 70631->70633 70632->70621 70633->70630 70634 b54fd42 Sleep 70634->70636 70635 b54fd5b Sleep 70635->70636 70636->70634 70636->70635 70637 b54fd74 Sleep 70636->70637 70638 b54fda6 GetModuleHandleW 70636->70638 70637->70636 70639 b54fdd9 70638->70639 70648 b084190 70639->70648 70641 b54fdee 70652 b545f7c LoadLibraryW 70641->70652 70643 b54fdff ShowWindow UpdateWindow 70643->70630 70644->70624 70646 b079f66 SysFreeString 70645->70646 70647 b079f74 70645->70647 70646->70647 70649 b0773b4 70648->70649 70650 b0841a3 CreateWindowExW 70649->70650 70651 b0841dd 70650->70651 70651->70641 70653 b545fb0 70652->70653 70654 b54600d 70652->70654 70659 b083900 GetProcAddress GetProcAddress 70653->70659 70654->70643 70656 b546005 70656->70643 70657 b545ffc FreeLibrary 70657->70656 70658 b545fcc 70658->70656 70658->70657 70659->70658 70660 6ddd55a 70661 6ddd567 70660->70661 70668 6dde98b 70661->70668 70664 6dde98b 30 API calls 70665 6ddd59a 70664->70665 70666 6ddd5ac 70665->70666 70679 6ddc312 7 API calls 70665->70679 70669 6dde9c0 70668->70669 70671 6ddea78 RtlAllocateHeap 70669->70671 70674 6ddd581 70669->70674 70678 6ddea3a 70669->70678 70680 6ddd4e4 29 API calls 70669->70680 70681 6ddc976 HeapReAlloc HeapAlloc VirtualAlloc HeapFree VirtualAlloc 70669->70681 70682 6ddea24 LeaveCriticalSection 70669->70682 70671->70669 70674->70664 70674->70666 70678->70669 70678->70671 70683 6ddd4e4 29 API calls 70678->70683 70684 6ddd123 6 API calls 70678->70684 70685 6ddeaad LeaveCriticalSection 70678->70685 70679->70666 70680->70669 70681->70669 70682->70669 70683->70678 70684->70678 70685->70678 70686 b07e1e0 70687 b07e202 70686->70687 70689 b07e20c 70686->70689 70690 b07dec4 70687->70690 70691 b07dedb 70690->70691 70692 b07deef GetModuleFileNameW 70691->70692 70693 b07df04 70691->70693 70692->70693 70694 b07e0d3 70693->70694 70695 b07df2c RegOpenKeyExW 70693->70695 70694->70689 70696 b07df53 RegOpenKeyExW 70695->70696 70697 b07dfed 70695->70697 70696->70697 70698 b07df71 RegOpenKeyExW 70696->70698 70700 b07e00b RegQueryValueExW 70697->70700 70698->70697 70699 b07df8f RegOpenKeyExW 70698->70699 70699->70697 70703 b07dfad RegOpenKeyExW 70699->70703 70701 b07e05c RegQueryValueExW 70700->70701 70702 b07e029 70700->70702 70706 b07e078 70701->70706 70708 b07e05a 70701->70708 70705 b07e031 RegQueryValueExW 70702->70705 70703->70697 70704 b07dfcb RegOpenKeyExW 70703->70704 70704->70694 70704->70697 70705->70708 70709 b07e080 RegQueryValueExW 70706->70709 70707 b07e0c2 RegCloseKey 70707->70689 70708->70707 70709->70708 70710 6ddc275 70713 6ddc288 70710->70713 70714 6ddc291 70710->70714 70711 6ddc2b9 70713->70711 70715 6ddc2d9 70713->70715 70716 6ddc19c 105 API calls 70713->70716 70714->70711 70714->70713 70718 6ddc19c 70714->70718 70715->70711 70717 6ddc19c 105 API calls 70715->70717 70716->70715 70717->70711 70719 6ddc1a9 GetVersion 70718->70719 70720 6ddc231 70718->70720 70747 6ddc4d5 HeapCreate 70719->70747 70721 6ddc237 70720->70721 70722 6ddc263 70720->70722 70724 6ddc1fc 70721->70724 70726 6ddc252 70721->70726 70765 6ddeb06 32 API calls 70721->70765 70722->70724 70769 6dde8eb 31 API calls 70722->70769 70724->70713 70725 6ddc1bb 70725->70724 70759 6dde7ff 37 API calls 70725->70759 70766 6dde4ee 30 API calls 70726->70766 70731 6ddc1f3 70733 6ddc1f7 70731->70733 70734 6ddc200 GetCommandLineA 70731->70734 70732 6ddc257 70767 6dde853 35 API calls 70732->70767 70760 6ddc532 6 API calls 70733->70760 70761 6ddf064 37 API calls 70734->70761 70738 6ddc25c 70768 6ddc532 6 API calls 70738->70768 70739 6ddc210 70762 6dde332 34 API calls 70739->70762 70742 6ddc21a 70763 6ddee17 49 API calls 70742->70763 70744 6ddc21f 70764 6dded5e 48 API calls 70744->70764 70746 6ddc224 70746->70724 70748 6ddc52b 70747->70748 70749 6ddc4f5 70747->70749 70748->70725 70770 6ddc38d 57 API calls 70749->70770 70751 6ddc4fa 70752 6ddc504 70751->70752 70753 6ddc511 70751->70753 70771 6ddc5da HeapAlloc 70752->70771 70755 6ddc52e 70753->70755 70772 6ddce2b HeapAlloc VirtualAlloc VirtualAlloc VirtualFree HeapFree 70753->70772 70755->70725 70757 6ddc50e 70757->70755 70758 6ddc51f HeapDestroy 70757->70758 70758->70748 70759->70731 70760->70724 70761->70739 70762->70742 70763->70744 70764->70746 70765->70726 70766->70732 70767->70738 70768->70724 70769->70724 70770->70751 70771->70757 70772->70757 70773 699cb90 70774 699cb9c 70773->70774 70777 699cbdd 70774->70777 70778 6992383 70774->70778 70776 699cbd1 70781 69922a8 70778->70781 70779 69922e8 70779->70776 70780 69922d9 LoadLibraryA 70780->70781 70781->70776 70781->70779 70781->70780 70782 6db35f0 70799 6db1170 70782->70799 70784 6db35fc GetCurrentProcess GetProcessAffinityMask 70785 6db3623 LoadLibraryA GetProcAddress 70784->70785 70787 6db367c FreeLibrary 70785->70787 70788 6db3696 70785->70788 70789 6db36a2 LoadLibraryA 70787->70789 70788->70789 70790 6db36b2 GetProcAddress 70789->70790 70791 6db36c4 70789->70791 70790->70791 70792 6db36ef GetProcAddress 70791->70792 70793 6db36cc 70791->70793 70794 6db36fb 70792->70794 70795 6db3701 FreeLibrary 70792->70795 70796 6db36da FreeLibrary 70793->70796 70797 6db36dd 70793->70797 70794->70795 70798 6db3726 70794->70798 70796->70797 70800 6db1179 70799->70800 70801 6db117f pthread_key_create 70799->70801 70800->70784 70802 6db11ae 70801->70802 70803 6db119c pthread_key_create 70801->70803 70806 6db11f0 11 API calls 70802->70806 70803->70802 70804 6db11b3 6 API calls 70803->70804 70804->70784 70806->70804 70807 69c6151 70808 69c615c 70807->70808 70809 69c6161 70807->70809 70821 69d1d00 GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 70808->70821 70813 69c605b 70809->70813 70812 69c616f 70814 69c6067 __cputws 70813->70814 70818 69c6104 __cputws 70814->70818 70819 69c60b4 ___DllMainCRTStartup 70814->70819 70822 69c5f26 70814->70822 70816 69c60e4 70817 69c5f26 __CRT_INIT@12 156 API calls 70816->70817 70816->70818 70817->70818 70818->70812 70819->70816 70819->70818 70820 69c5f26 __CRT_INIT@12 156 API calls 70819->70820 70820->70816 70821->70809 70823 69c5f35 70822->70823 70824 69c5fb1 70822->70824 70872 69cbda4 HeapCreate 70823->70872 70826 69c5fe8 70824->70826 70827 69c5fb7 70824->70827 70828 69c5fed 70826->70828 70829 69c6046 70826->70829 70833 69c5fd2 70827->70833 70840 69c5f40 70827->70840 70894 69cf1ce 67 API calls _doexit 70827->70894 70874 69c9fe2 TlsGetValue 70828->70874 70829->70840 70901 69ca319 79 API calls 2 library calls 70829->70901 70832 69c5f47 70885 69ca393 78 API calls 8 library calls 70832->70885 70833->70840 70895 69cbd4a 68 API calls __read_nolock 70833->70895 70840->70819 70841 69c5f4c __RTC_Initialize 70844 69c5f50 70841->70844 70850 69c5f5c GetCommandLineA 70841->70850 70842 69c5fdc 70896 69ca033 70 API calls 2 library calls 70842->70896 70886 69cbdd4 VirtualFree HeapFree HeapFree HeapDestroy 70844->70886 70847 69c600a 70898 69c9f47 6 API calls __crt_waiting_on_module_handle 70847->70898 70848 69c5f55 70848->70840 70849 69c5fe1 70897 69cbdd4 VirtualFree HeapFree HeapFree HeapDestroy 70849->70897 70887 69d19c1 76 API calls 3 library calls 70850->70887 70854 69c601c 70857 69c603a 70854->70857 70858 69c6023 70854->70858 70855 69c5f6c 70888 69cbaf6 72 API calls 3 library calls 70855->70888 70900 69c3e7f 67 API calls 7 library calls 70857->70900 70899 69ca070 67 API calls 5 library calls 70858->70899 70859 69c5f76 70870 69c5f7a 70859->70870 70890 69d1906 112 API calls 3 library calls 70859->70890 70862 69c602a GetCurrentThreadId 70862->70840 70865 69c5f86 70866 69c5f9a 70865->70866 70891 69d167f 111 API calls 6 library calls 70865->70891 70866->70848 70893 69cbd4a 68 API calls __read_nolock 70866->70893 70869 69c5f8f 70869->70866 70892 69ceff1 74 API calls 5 library calls 70869->70892 70889 69ca033 70 API calls 2 library calls 70870->70889 70873 69c5f3b 70872->70873 70873->70832 70873->70840 70875 69c9ff7 70874->70875 70876 69c5ff2 70874->70876 70902 69c9f47 6 API calls __crt_waiting_on_module_handle 70875->70902 70879 69c6aba 70876->70879 70878 69ca002 TlsSetValue 70878->70876 70881 69c6ac3 70879->70881 70882 69c5ffe 70881->70882 70883 69c6ae1 Sleep 70881->70883 70903 69d0f47 70881->70903 70882->70840 70882->70847 70884 69c6af6 70883->70884 70884->70881 70884->70882 70885->70841 70886->70848 70887->70855 70888->70859 70889->70844 70890->70865 70891->70869 70892->70866 70893->70870 70894->70833 70895->70842 70896->70849 70897->70840 70898->70854 70899->70862 70900->70848 70901->70840 70902->70878 70904 69d0f53 __cputws 70903->70904 70905 69d0f6b 70904->70905 70915 69d0f8a _memset 70904->70915 70916 69cabdc 67 API calls __getptd_noexit 70905->70916 70907 69d0f70 70917 69c3df2 6 API calls 2 library calls 70907->70917 70908 69d0ffc RtlAllocateHeap 70908->70915 70912 69d0f80 __cputws 70912->70881 70915->70908 70915->70912 70918 69cbfe2 67 API calls 2 library calls 70915->70918 70919 69ccd4f 5 API calls 2 library calls 70915->70919 70920 69d1043 LeaveCriticalSection _doexit 70915->70920 70921 69ca9b7 6 API calls __decode_pointer 70915->70921 70916->70907 70918->70915 70919->70915 70920->70915 70921->70915 70922 b07d354 70923 b07d364 GetModuleFileNameW 70922->70923 70924 b07d380 70922->70924 70923->70924 70925 b55eb40 70926 b55eb77 70925->70926 70927 b55ebd5 70926->70927 70930 b55ebef 70926->70930 71071 b53fa84 GetModuleFileNameW 70927->71071 70929 b55ebdd 70929->70930 70971 b53e5f0 70930->70971 70933 b55ec2c 70934 b55ec5a 70933->70934 70936 b55ec70 70933->70936 70937 b55ede3 Sleep 70933->70937 70968 b55ed83 70933->70968 70985 b46a720 socket 70933->70985 70997 b46a198 70933->70997 70993 b079dd8 70934->70993 70938 b55ee03 70936->70938 70939 b55ee7a 70936->70939 70937->70933 71072 b53faf8 GetSystemDirectoryW 70938->71072 70940 b55ef56 70939->70940 70941 b55ee8f 70939->70941 71074 b557ed4 CreateThread Sleep Sleep 70940->71074 71016 b4757dc 70941->71016 70945 b55ee10 71073 b07adb4 SysAllocStringLen SysFreeString 70945->71073 70946 b55ee94 GetCurrentProcessId 70950 b55ee9e 70946->70950 70949 b55ef65 71020 b53c928 70950->71020 70953 b55eec0 71030 b542298 70953->71030 70956 b55eecc 70957 b55ef00 70956->70957 71042 b5493b8 70956->71042 71058 b550fe8 70957->71058 70961 b55ef05 70962 b079dd8 CreateThread 70961->70962 70963 b55ef1b ResumeThread 70962->70963 70965 b079dd8 CreateThread 70963->70965 70964 b55eed5 71051 b541b04 70964->71051 70966 b55ef48 ResumeThread 70965->70966 70966->70949 70969 b55edc7 closesocket ExitProcess 70968->70969 70970 b55eda7 closesocket Sleep 70968->70970 70969->70936 70970->70933 70972 b53e61b 70971->70972 70973 b53e625 CryptAcquireContextA 70972->70973 70974 b53e641 CryptGenKey 70973->70974 70975 b53e709 70973->70975 70976 b53e6fe CryptReleaseContext 70974->70976 70977 b53e65d CryptExportKey 70974->70977 70975->70933 70976->70975 70978 b53e676 CryptExportKey 70977->70978 70979 b53e6f5 CryptDestroyKey 70977->70979 70978->70979 70981 b53e6a7 CryptExportKey 70978->70981 70979->70976 70981->70979 70982 b53e6c0 CryptExportKey 70981->70982 70982->70979 70984 b53e6f1 70982->70984 70984->70979 70986 b46a7a7 70985->70986 70987 b46a741 70985->70987 70986->70933 70988 b46a750 htons 70987->70988 70989 b46a777 bind 70988->70989 70990 b46a76a inet_addr 70988->70990 70991 b46a78a listen 70989->70991 70992 b46a799 closesocket 70989->70992 70990->70989 70991->70986 70991->70992 70992->70986 70994 b079df5 70993->70994 70995 b079e14 CreateThread 70994->70995 70996 b079e3d 70995->70996 71075 b079da0 70995->71075 70996->70936 70999 b46a1c8 70997->70999 70998 b46a1f0 71000 b46a245 70998->71000 71012 b46a239 70998->71012 70999->70998 71106 b457034 70999->71106 71001 b53f2d0 16 API calls 71000->71001 71002 b46a250 71001->71002 71004 b46a240 71002->71004 71005 b46a258 71002->71005 71004->70933 71006 b46a275 send 71005->71006 71006->71004 71007 b46a2ad 71006->71007 71008 b46c1e8 send 71007->71008 71009 b46a2b8 71008->71009 71009->71004 71011 b46a3a1 71011->71004 71013 b46a3ac send 71011->71013 71012->71004 71077 b53f2d0 71012->71077 71013->71004 71014 b46a3c5 71013->71014 71102 b46c1e8 71014->71102 71017 b4757ff 71016->71017 71164 b540028 71017->71164 71019 b475849 71019->70946 71021 b53c96b 71020->71021 71183 b09368c 71021->71183 71023 b53c928 4 API calls 71027 b53c9c7 71023->71027 71024 b53cafb 71025 b079f60 SysFreeString 71024->71025 71026 b53cb52 71025->71026 71028 b07b9a4 2 API calls 71026->71028 71027->71023 71027->71024 71029 b53cb73 71028->71029 71029->70953 71031 b54230b 71030->71031 71040 b542391 71031->71040 71188 b308e74 71031->71188 71033 b542361 71033->71040 71196 b308a84 SysFreeString SysFreeString 71033->71196 71035 b542395 71035->70956 71036 b542489 71036->70956 71198 b079fd8 SysFreeString 71036->71198 71038 b5429ec 71038->70956 71039 b53eadc 16 API calls 71039->71040 71040->71035 71040->71036 71040->71039 71197 b3af86c SysFreeString SysFreeString 71040->71197 71213 b540fc4 71042->71213 71044 b5493e5 71245 b3093a8 71044->71245 71048 b54941c 71252 b545bf8 GetTimeZoneInformation 71048->71252 71050 b549426 71050->70964 71053 b541b36 71051->71053 71052 b541b40 71052->70957 71053->71052 71054 b541bbb 71053->71054 71055 b457034 2 API calls 71053->71055 71362 b53e728 71054->71362 71055->71054 71057 b541bdf 71057->70957 71060 b550ff0 71058->71060 71059 b551088 71059->70961 71060->71059 71391 b472b3c SysFreeString SysFreeString 71060->71391 71062 b552761 71062->70961 71064 b5513f5 71064->71062 71065 b3af86c SysFreeString SysFreeString 71064->71065 71066 b551614 71064->71066 71069 b09eba8 SysFreeString SysFreeString 71064->71069 71065->71064 71067 b079dd8 CreateThread 71066->71067 71068 b551631 ResumeThread 71067->71068 71068->71064 71069->71064 71070 b55115b 71070->71064 71392 b3af86c SysFreeString SysFreeString 71070->71392 71071->70929 71072->70945 71074->70949 71076 b079da8 71075->71076 71078 b53f2ea 71077->71078 71079 b53f2fd CryptAcquireContextA 71078->71079 71080 b53f2f4 71078->71080 71079->71080 71081 b53f327 CryptImportKey 71079->71081 71080->71011 71083 b53f6a4 CryptReleaseContext 71081->71083 71084 b53f35d CryptAcquireContextA 71081->71084 71083->71011 71085 b53f387 CryptGenKey 71084->71085 71086 b53f686 CryptDestroyKey 71084->71086 71087 b53f3b1 CryptExportKey 71085->71087 71088 b53f666 CryptReleaseContext 71085->71088 71086->71011 71089 b53f648 CryptDestroyKey 71087->71089 71090 b53f3dc 71087->71090 71088->71011 71089->71011 71091 b53f3e6 CryptExportKey 71090->71091 71092 b53f62b 71091->71092 71098 b53f416 71091->71098 71092->71011 71093 b53f52a 71094 b53f5e1 71093->71094 71095 b53f546 CryptEncrypt 71093->71095 71094->71011 71096 b53f567 CryptEncrypt 71095->71096 71100 b53f586 71095->71100 71096->71100 71097 b53f4a1 CryptEncrypt 71097->71093 71097->71098 71098->71093 71098->71097 71099 b53f4ed CryptEncrypt 71098->71099 71099->71093 71099->71098 71100->71094 71116 b29aec0 SysFreeString SysFreeString 71100->71116 71103 b46c21e 71102->71103 71104 b46c2cf 71103->71104 71105 b46c276 send 71103->71105 71104->71004 71105->71103 71105->71104 71107 b45704b 71106->71107 71117 b40f8b4 71107->71117 71109 b4570ba 71120 b4118d4 71109->71120 71113 b4570d2 71144 b29aec0 SysFreeString SysFreeString 71113->71144 71115 b4570fa 71115->70998 71116->71094 71118 b40f988 2 API calls 71117->71118 71119 b40f8ce 71118->71119 71119->71109 71121 b4118fa 71120->71121 71145 b07cfd8 71121->71145 71125 b411a13 71153 b07cf94 SysFreeString SysFreeString 71125->71153 71127 b411a2e 71154 b07b9a4 71127->71154 71129 b411a44 71130 b40f988 71129->71130 71131 b40f9b0 71130->71131 71132 b40fa25 71131->71132 71135 b40fc64 71131->71135 71143 b40fe1d 71131->71143 71133 b07b9a4 2 API calls 71132->71133 71134 b40fa58 71133->71134 71136 b07b9a4 2 API calls 71134->71136 71137 b40fd6f 71135->71137 71161 b40c834 SysFreeString SysFreeString 71135->71161 71139 b40fabb 71136->71139 71137->71143 71163 b07ce70 SysFreeString SysFreeString 71137->71163 71139->71113 71141 b40fd48 71162 b40c8b8 SysFreeString SysFreeString 71141->71162 71143->71113 71144->71115 71146 b07cfdc 71145->71146 71148 b07d005 71146->71148 71158 b07cf94 SysFreeString SysFreeString 71146->71158 71149 b410ff8 71148->71149 71150 b41103d 71149->71150 71152 b4112f6 71150->71152 71159 b29aec0 SysFreeString SysFreeString 71150->71159 71152->71125 71153->71127 71155 b07b9ba 71154->71155 71156 b07b9d7 71154->71156 71155->71156 71160 b07ba1c SysFreeString SysFreeString 71155->71160 71156->71129 71158->71148 71159->71152 71160->71155 71161->71141 71162->71137 71163->71143 71165 b07a00c 71164->71165 71166 b540047 CryptAcquireContextA 71165->71166 71167 b54007f CryptCreateHash 71166->71167 71171 b540195 71166->71171 71169 b540175 CryptReleaseContext 71167->71169 71170 b5400ab CryptHashData 71167->71170 71169->71019 71174 b540157 CryptDestroyHash 71170->71174 71175 b5400e7 CryptGetHashParam 71170->71175 71182 b07cf94 SysFreeString SysFreeString 71171->71182 71174->71019 71175->71174 71177 b5400fe 71175->71177 71176 b5401cc 71176->71019 71181 b07ce70 SysFreeString SysFreeString 71177->71181 71179 b540115 CryptGetHashParam 71179->71174 71180 b540131 71179->71180 71180->71174 71181->71179 71182->71176 71184 b07b008 71183->71184 71185 b0936a6 FindFirstFileW 71184->71185 71186 b0936cc GetLastError 71185->71186 71187 b0936b6 71185->71187 71186->71187 71187->71027 71189 b308eb3 71188->71189 71199 b308dc4 71189->71199 71191 b308ebb 71207 b079fd8 SysFreeString 71191->71207 71193 b3090ac 71208 b079fd8 SysFreeString 71193->71208 71195 b3090c1 71195->71033 71196->71040 71197->71040 71198->71038 71200 b308dd5 71199->71200 71209 b3072e4 71200->71209 71202 b308ddb 71203 b308e47 GetLastError 71202->71203 71205 b308de4 71202->71205 71204 b308df0 71203->71204 71204->71191 71205->71204 71206 b308e13 GetLastError 71205->71206 71206->71204 71207->71193 71208->71195 71210 b30730a 71209->71210 71211 b307320 GetFileAttributesW 71210->71211 71212 b30732d 71210->71212 71211->71212 71212->71202 71214 b540fcc 71213->71214 71254 b30a040 71214->71254 71216 b541013 71217 b30a040 8 API calls 71216->71217 71218 b541043 71217->71218 71219 b30a040 8 API calls 71218->71219 71221 b541073 71219->71221 71220 b30a040 8 API calls 71222 b541115 71220->71222 71221->71220 71223 b30a040 8 API calls 71222->71223 71224 b541145 71223->71224 71225 b30a040 8 API calls 71224->71225 71226 b541175 71225->71226 71265 b53fbd0 GetWindowsDirectoryW 71226->71265 71228 b5411ac 71229 b5411ed GetVolumeInformationW 71228->71229 71230 b54120a 71229->71230 71267 b3097b0 71230->71267 71232 b541261 71273 b542270 GetCurrentHwProfileA 71232->71273 71233 b541245 71233->71232 71271 b540f34 GetTimeZoneInformation 71233->71271 71236 b54134e 71275 b53fd04 71236->71275 71238 b541370 71279 b53fd6c 71238->71279 71241 b540028 9 API calls 71242 b5413df 71241->71242 71243 b079f60 SysFreeString 71242->71243 71244 b541438 71243->71244 71244->71044 71358 b306e4c 71245->71358 71247 b3093cf 71248 b545758 71247->71248 71249 b54579c 71248->71249 71250 b5457f9 71249->71250 71251 b30a040 8 API calls 71249->71251 71250->71048 71251->71250 71253 b545c67 71252->71253 71253->71050 71255 b30a062 71254->71255 71285 b30aa5c 71255->71285 71257 b30a0a2 71258 b30a0aa IsTextUnicode 71257->71258 71262 b30a1bd 71257->71262 71259 b30a0c1 71258->71259 71258->71262 71297 b07ce70 SysFreeString SysFreeString 71259->71297 71298 b07cf94 SysFreeString SysFreeString 71262->71298 71263 b30a215 71263->71216 71264 b30a0d8 71264->71216 71266 b53fc0e 71265->71266 71266->71228 71268 b3097c7 71267->71268 71269 b30aa5c 5 API calls 71268->71269 71270 b3097f9 71269->71270 71270->71233 71272 b540f5f 71271->71272 71272->71232 71274 b542294 71273->71274 71274->71236 71356 b076edc 71275->71356 71277 b53fd2d GetComputerNameW 71278 b53fd48 71277->71278 71278->71238 71280 b53fd83 71279->71280 71281 b53fdfc 71280->71281 71282 b53fdaf WideCharToMultiByte 71280->71282 71281->71241 71283 b53fdcd 71282->71283 71283->71281 71284 b53fdef WideCharToMultiByte 71283->71284 71284->71281 71286 b30aa7e 71285->71286 71287 b30aaa4 71286->71287 71289 b30aac6 71286->71289 71307 b309610 71287->71307 71299 b30a828 71289->71299 71291 b30a828 4 API calls 71294 b30abd6 71291->71294 71292 b30ab40 71292->71291 71293 b30aabe 71293->71257 71294->71293 71295 b30a60c RegOpenKeyExW RegQueryValueExW GetNativeSystemInfo 71294->71295 71296 b309610 RegOpenKeyExW RegQueryValueExW GetNativeSystemInfo 71294->71296 71295->71294 71296->71294 71297->71264 71298->71263 71300 b30a831 71299->71300 71303 b30a976 71300->71303 71320 b30a7c4 71300->71320 71302 b30a88e 71302->71303 71304 b30a964 71302->71304 71306 b30a828 4 API calls 71302->71306 71303->71292 71324 b30a760 71304->71324 71306->71302 71308 b30962d 71307->71308 71309 b3093a8 GetNativeSystemInfo 71308->71309 71310 b309743 71308->71310 71311 b309672 71309->71311 71310->71293 71312 b30967d 71311->71312 71313 b30969f 71311->71313 71315 b306250 RegOpenKeyExW 71312->71315 71314 b306250 RegOpenKeyExW 71313->71314 71316 b30969a 71314->71316 71315->71316 71316->71310 71352 b3064c0 71316->71352 71318 b309714 71318->71310 71319 b3064c0 RegQueryValueExW 71318->71319 71319->71310 71321 b30a7db 71320->71321 71328 b30a324 71321->71328 71323 b30a7fd 71323->71302 71325 b30a777 71324->71325 71326 b30a324 4 API calls 71325->71326 71327 b30a799 71326->71327 71327->71303 71329 b30a341 71328->71329 71330 b3093a8 GetNativeSystemInfo 71329->71330 71331 b30a360 71330->71331 71332 b30a38d 71331->71332 71333 b30a36b 71331->71333 71334 b306250 RegOpenKeyExW 71332->71334 71340 b306250 71333->71340 71337 b30a388 71334->71337 71336 b30a480 71336->71323 71337->71336 71344 b306684 71337->71344 71348 b30672c 71337->71348 71341 b306276 71340->71341 71342 b3062a9 71341->71342 71343 b30628c RegOpenKeyExW 71341->71343 71342->71337 71343->71342 71345 b3066aa 71344->71345 71346 b3066c0 RegEnumKeyExW 71345->71346 71347 b3066e9 71345->71347 71346->71347 71347->71337 71349 b306752 71348->71349 71350 b306791 71349->71350 71351 b306768 RegEnumValueW 71349->71351 71350->71337 71351->71350 71353 b3064e6 71352->71353 71354 b3064fc RegQueryValueExW 71353->71354 71355 b30651d 71353->71355 71354->71355 71355->71318 71357 b076ee0 71356->71357 71357->71277 71359 b306e6c 71358->71359 71360 b306e82 GetNativeSystemInfo 71359->71360 71361 b306e8c 71359->71361 71360->71361 71361->71247 71363 b07a00c 71362->71363 71364 b53e742 CryptAcquireContextA 71363->71364 71365 b53ea99 71364->71365 71366 b53e77e CryptCreateHash 71364->71366 71365->71057 71367 b53e7aa CryptHashData 71366->71367 71368 b53ea79 CryptReleaseContext 71366->71368 71370 b53ea5b CryptDestroyHash 71367->71370 71371 b53e7ea CryptDeriveKey 71367->71371 71368->71057 71370->71057 71371->71370 71372 b53e80a CryptEncrypt 71371->71372 71374 b53e843 CryptEncrypt 71372->71374 71375 b53ea3d CryptDestroyKey 71372->71375 71374->71375 71377 b53e888 71374->71377 71375->71057 71378 b53e8a3 CryptAcquireContextA 71377->71378 71379 b53ea39 71377->71379 71378->71375 71380 b53e8bf CryptCreateHash 71378->71380 71379->71375 71381 b53e8eb CryptHashData 71380->71381 71382 b53ea19 CryptReleaseContext 71380->71382 71383 b53e9fb CryptDestroyHash 71381->71383 71384 b53e919 CryptImportKey 71381->71384 71382->71057 71383->71057 71384->71383 71386 b53e941 CryptSignHashA 71384->71386 71387 b53e968 71386->71387 71388 b53e9dd CryptDestroyKey 71386->71388 71389 b53e970 CryptSignHashA 71387->71389 71388->71057 71390 b53e99c 71389->71390 71390->71057 71390->71388 71391->71070 71392->71070 71393 b46b930 socket 71394 b46b98d 71393->71394 71397 b46b980 71393->71397 71395 b46b99c htons 71394->71395 71396 b46b9be 71395->71396 71398 b46b9c9 inet_addr 71396->71398 71411 b46b788 WSAEventSelect 71398->71411 71400 b46b9da connect 71401 b46b9f1 WSAGetLastError 71400->71401 71402 b46baf8 71400->71402 71403 b46b9fd closesocket 71401->71403 71407 b46ba10 71401->71407 71402->71397 71412 b46b7a4 WSAEventSelect ioctlsocket 71402->71412 71403->71402 71405 b46bae4 71405->71402 71406 b46baea closesocket 71405->71406 71406->71402 71407->71405 71408 b46ba5f select 71407->71408 71410 b46babf WSASetLastError closesocket 71407->71410 71408->71407 71409 b46ba8f Sleep 71408->71409 71409->71407 71410->71407 71411->71400 71412->71397 71413 7314806 71414 7314811 71413->71414 71415 7314816 71413->71415 71427 7318d6b GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 71414->71427 71419 7314710 71415->71419 71418 7314824 71420 731471c __calloc_impl 71419->71420 71421 73147b9 __calloc_impl 71420->71421 71425 7314769 ___DllMainCRTStartup 71420->71425 71428 73145db 71420->71428 71421->71418 71423 7314799 71423->71421 71424 73145db __CRT_INIT@12 154 API calls 71423->71424 71424->71421 71425->71421 71425->71423 71426 73145db __CRT_INIT@12 154 API calls 71425->71426 71426->71423 71427->71415 71429 7314666 71428->71429 71430 73145ea 71428->71430 71432 731469d 71429->71432 71433 731466c 71429->71433 71478 731568c HeapCreate 71430->71478 71434 73146a2 71432->71434 71435 73146fb 71432->71435 71439 7314687 71433->71439 71447 73145f5 71433->71447 71500 73159e6 66 API calls _doexit 71433->71500 71480 7317d28 TlsGetValue 71434->71480 71435->71447 71506 731805f 78 API calls 2 library calls 71435->71506 71438 73145fc 71491 73180cd 75 API calls 8 library calls 71438->71491 71439->71447 71501 7318861 67 API calls ___convertcp 71439->71501 71444 7314601 __RTC_Initialize 71448 7314605 71444->71448 71456 7314611 GetCommandLineA 71444->71456 71447->71425 71492 73156bc VirtualFree HeapFree HeapFree HeapDestroy 71448->71492 71449 7314691 71502 7317d79 7 API calls __decode_pointer 71449->71502 71453 73146bf 71503 7317c8d 6 API calls __crt_waiting_on_module_handle 71453->71503 71454 731460a 71454->71447 71493 7318be2 76 API calls 3 library calls 71456->71493 71458 73146d1 71463 73146d8 71458->71463 71464 73146ef 71458->71464 71461 7314621 71494 731860d 71 API calls 3 library calls 71461->71494 71504 7317db6 66 API calls 5 library calls 71463->71504 71505 7313d59 66 API calls 6 library calls 71464->71505 71465 731462b 71468 731462f 71465->71468 71496 7318b27 111 API calls 3 library calls 71465->71496 71495 7317d79 7 API calls __decode_pointer 71468->71495 71469 73146df GetCurrentThreadId 71469->71447 71472 731463b 71473 731464f 71472->71473 71497 73188af 110 API calls 6 library calls 71472->71497 71473->71454 71499 7318861 67 API calls ___convertcp 71473->71499 71476 7314644 71476->71473 71498 731581f 74 API calls 5 library calls 71476->71498 71479 73145f0 71478->71479 71479->71438 71479->71447 71481 73146a7 71480->71481 71482 7317d3d 71480->71482 71485 7318573 71481->71485 71507 7317c8d 6 API calls __crt_waiting_on_module_handle 71482->71507 71484 7317d48 TlsSetValue 71484->71481 71487 731857c 71485->71487 71488 73146b3 71487->71488 71489 731859a Sleep 71487->71489 71508 731ba65 71487->71508 71488->71447 71488->71453 71490 73185af 71489->71490 71490->71487 71490->71488 71491->71444 71492->71454 71493->71461 71494->71465 71496->71472 71497->71476 71498->71473 71499->71468 71500->71439 71501->71449 71503->71458 71504->71469 71505->71454 71506->71447 71507->71484 71509 731ba71 __calloc_impl 71508->71509 71510 731ba89 71509->71510 71513 731baa8 _memset 71509->71513 71521 7315c69 66 API calls __getptd_noexit 71510->71521 71512 731ba8e 71522 7317bec 6 API calls 2 library calls 71512->71522 71515 731bb1a RtlAllocateHeap 71513->71515 71518 731ba9e __calloc_impl 71513->71518 71523 73149a5 66 API calls 2 library calls 71513->71523 71524 73151b7 5 API calls 2 library calls 71513->71524 71525 731bb61 LeaveCriticalSection _doexit 71513->71525 71526 7315cc1 6 API calls __decode_pointer 71513->71526 71515->71513 71518->71487 71521->71512 71523->71513 71524->71513 71525->71513 71526->71513 71527 b075f50 71528 b075f60 71527->71528 71529 b075fe8 71527->71529 71530 b075fa4 71528->71530 71531 b075f6d 71528->71531 71532 b075ff1 71529->71532 71533 b075888 71529->71533 71534 b0759d4 8 API calls 71530->71534 71535 b075f78 71531->71535 71540 b0759d4 8 API calls 71531->71540 71537 b076009 71532->71537 71550 b076118 71532->71550 71536 b076263 71533->71536 71538 b0758ac VirtualQuery 71533->71538 71539 b07598b 71533->71539 71558 b075fbb 71534->71558 71542 b07602c 71537->71542 71546 b0760f0 71537->71546 71569 b076010 71537->71569 71551 b0758e5 71538->71551 71552 b075953 71538->71552 71545 b07593e 71539->71545 71548 b0759d4 8 API calls 71539->71548 71556 b075f85 71540->71556 71541 b07617c 71543 b0759d4 8 API calls 71541->71543 71562 b076195 71541->71562 71555 b07606c Sleep 71542->71555 71542->71569 71565 b07622c 71543->71565 71544 b075fe1 71553 b0759d4 8 API calls 71546->71553 71567 b0759a2 71548->71567 71549 b075f9d 71550->71541 71554 b076154 Sleep 71550->71554 71550->71562 71551->71552 71561 b075912 VirtualAlloc 71551->71561 71577 b0759d4 71552->71577 71570 b0760f9 71553->71570 71554->71541 71559 b07616e Sleep 71554->71559 71560 b076084 Sleep 71555->71560 71555->71569 71556->71549 71563 b075d58 8 API calls 71556->71563 71558->71544 71566 b075d58 8 API calls 71558->71566 71559->71550 71560->71542 71561->71552 71568 b075928 VirtualAlloc 71561->71568 71563->71549 71564 b076111 71565->71562 71571 b075d58 8 API calls 71565->71571 71566->71544 71567->71545 71572 b075d58 8 API calls 71567->71572 71568->71545 71568->71552 71570->71564 71574 b075d58 8 API calls 71570->71574 71575 b076250 71571->71575 71572->71545 71573 b07595a 71573->71545 71599 b075d58 71573->71599 71574->71564 71578 b075c34 71577->71578 71579 b0759ec 71577->71579 71580 b075bf8 71578->71580 71581 b075d4c 71578->71581 71586 b0759fe 71579->71586 71589 b075a89 Sleep 71579->71589 71588 b075c12 Sleep 71580->71588 71590 b075c52 71580->71590 71582 b075d55 71581->71582 71583 b075780 VirtualAlloc 71581->71583 71582->71573 71585 b0757ab 71583->71585 71584 b075a0d 71584->71573 71585->71573 71586->71584 71587 b075aec 71586->71587 71594 b075acd Sleep 71586->71594 71598 b075af8 71587->71598 71617 b0756b8 71587->71617 71588->71590 71591 b075c28 Sleep 71588->71591 71589->71586 71592 b075a9f Sleep 71589->71592 71593 b075c70 71590->71593 71595 b0756b8 VirtualAlloc 71590->71595 71591->71580 71592->71579 71593->71573 71594->71587 71597 b075ae3 Sleep 71594->71597 71595->71593 71597->71586 71598->71573 71600 b075e50 71599->71600 71601 b075d6d 71599->71601 71602 b0757e4 71600->71602 71603 b075d73 71600->71603 71601->71603 71606 b075dea Sleep 71601->71606 71604 b075f4a 71602->71604 71610 b075825 71602->71610 71611 b07580b VirtualFree 71602->71611 71605 b075d7c 71603->71605 71608 b075e2e Sleep 71603->71608 71612 b075e65 71603->71612 71604->71545 71605->71545 71606->71603 71607 b075e04 Sleep 71606->71607 71607->71601 71609 b075e44 Sleep 71608->71609 71608->71612 71609->71603 71613 b07582e VirtualQuery VirtualFree 71610->71613 71614 b07581c 71610->71614 71611->71614 71615 b075ee4 VirtualFree 71612->71615 71616 b075e88 71612->71616 71613->71610 71613->71614 71614->71545 71615->71545 71616->71545 71618 b07564c 71617->71618 71619 b0756c1 VirtualAlloc 71618->71619 71620 b0756d8 71619->71620 71620->71598 71621 6991005 71623 699101b 71621->71623 71624 6993305 71621->71624 71625 6993310 std::locale::_Init 71624->71625 71630 699318e 71625->71630 71628 699345f 71628->71623 71629 69933f3 71634 699308a 71629->71634 71631 6993199 std::locale::_Init 71630->71631 71632 69931a9 GetFileAttributesW 71631->71632 71633 69931bd 71632->71633 71633->71629 71635 6993095 std::locale::_Init 71634->71635 71636 69930ff CreateFileW 71635->71636 71637 6993129 SetFilePointerEx 71636->71637 71638 6993125 71636->71638 71637->71638 71639 6993152 GlobalAlloc ReadFile 71637->71639 71638->71628 71639->71638 71640 6993183 CloseHandle 71639->71640 71640->71638

                                                                                                                                          Executed Functions

                                                                                                                                          Function 0B53E728 Relevance: 27.3, APIs: 18, Instructions: 333encryptionCOMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          APIs
                                                                                                                                          • CryptAcquireContextA.ADVAPI32(?,00000000,00000000,00000018,F0000000,00000000,0B53EAA3,?,00000000,0B53EAC7), ref: 0B53E771
                                                                                                                                          • CryptCreateHash.ADVAPI32(?,00008003,00000000,00000000,?,00000000,0B53EA92,?,?,00000000,00000000,00000018,F0000000,00000000,0B53EAA3), ref: 0B53E79D
                                                                                                                                          • CryptHashData.ADVAPI32(?,0B46A186,00000000,00000000,00000000,0B53EA72,?,?,00008003,00000000,00000000,?,00000000,0B53EA92,?,?), ref: 0B53E7DD
                                                                                                                                          • CryptDeriveKey.ADVAPI32(?,00006610,?,00000000,0B46A0E6,?,0B46A186,00000000,00000000,00000000,0B53EA72,?,?,00008003,00000000,00000000), ref: 0B53E7FD
                                                                                                                                          • CryptEncrypt.ADVAPI32(0B46A0E6,00000000,000000FF,00000000,00000000,?,00000000,?,?,00006610,?,00000000,0B46A0E6,?,0B46A186,00000000), ref: 0B53E836
                                                                                                                                          • CryptEncrypt.ADVAPI32(0B46A0E6,00000000,000000FF,00000000,?,?,?,?,?,00006610,?,00000000,0B46A0E6,?,0B46A186,00000000), ref: 0B53E87B
                                                                                                                                          • CryptAcquireContextA.ADVAPI32(?,00000000,00000000,00000001,F0000000,?,?,00006610,?,00000000,0B46A0E6,?,0B46A186,00000000,00000000,00000000), ref: 0B53E8B2
                                                                                                                                          • CryptCreateHash.ADVAPI32(?,00008003,00000000,00000000,?,00000000,0B53EA32,?,?,00000000,00000000,00000001,F0000000,?,?,00006610), ref: 0B53E8DE
                                                                                                                                          • CryptHashData.ADVAPI32(?,?,?,00000000,00000000,0B53EA12,?,?,00008003,00000000,00000000,?,00000000,0B53EA32,?,?), ref: 0B53E90C
                                                                                                                                          • CryptImportKey.ADVAPI32(?,?,00000000,?,?,00008003,00000000,00000000,?,00000000,0B53EA32,?,?,00000000,00000000,00000001), ref: 0B53E934
                                                                                                                                          • CryptSignHashA.ADVAPI32(?,00000001,00000000,00000000,00000000,?,00000000,0B53E9F4,?,?,?,00000000,?,?,00008003,00000000), ref: 0B53E95F
                                                                                                                                          • CryptSignHashA.ADVAPI32(?,00000001,00000000,00000000,?,?,00000000,0B53E9D6,?,?,00000001,00000000,00000000,00000000,?,00000000), ref: 0B53E993
                                                                                                                                          • CryptDestroyKey.ADVAPI32(?,0B53E9FB,00000000,00000000,?,00000000,0B53E9F4,?,?,?,00000000,?,?,00008003,00000000,00000000), ref: 0B53E9EE
                                                                                                                                          • CryptDestroyHash.ADVAPI32(?,0B53EA19,00000000,00000000,0B53EA12,?,?,00008003,00000000,00000000,?,00000000,0B53EA32,?,?,00000000), ref: 0B53EA0C
                                                                                                                                          • CryptReleaseContext.ADVAPI32(?,00000000,0B53EA3D,00000000,?,00000000,0B53EA32,?,?,00000000,00000000,00000001,F0000000,?,?,00006610), ref: 0B53EA2C
                                                                                                                                          • CryptReleaseContext.ADVAPI32(?,00000000,0B53EA99,00000000,?,00000000,0B53EA92,?,?,00000000,00000000,00000018,F0000000,00000000,0B53EAA3), ref: 0B53EA8C
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3379869403.000000000B089000.00000040.00001000.00020000.00000000.sdmp, Offset: 0B070000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B070000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5AF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5B1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5BB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5F7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_b070000_CPPlayer.jbxd
                                                                                                                                          Yara matches
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Crypt$Hash$Context$AcquireCreateDataDestroyEncryptReleaseSign$DeriveImport
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1568222982-0
                                                                                                                                          • Opcode ID: 3c320364d1659764bf2a316015ea16e7103cdb0df2f961569ead89a6a62c5436
                                                                                                                                          • Instruction ID: 632f6601cd1465f05b7f3f25dac232074ceb9ea8c42d15da305562467e22e721
                                                                                                                                          • Opcode Fuzzy Hash: 3c320364d1659764bf2a316015ea16e7103cdb0df2f961569ead89a6a62c5436
                                                                                                                                          • Instruction Fuzzy Hash: 06B10975A44604AFEB11DBA8DC56FAEB7F8FB49B10F5184A1FA00E7790D675A800CB30
                                                                                                                                          Function 0B53EADC Relevance: 24.4, APIs: 16, Instructions: 356encryptionCOMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          APIs
                                                                                                                                          • CryptAcquireContextA.ADVAPI32(?,00000000,00000000,00000018,F0000000,00000000,0B53EEB3,?,00000000,0B53EED7,?,?,?,00000000), ref: 0B53EB4B
                                                                                                                                          • CryptCreateHash.ADVAPI32(?,00008003,00000000,00000000,?,00000000,0B53EEA2,?,?,00000000,00000000,00000018,F0000000,00000000,0B53EEB3), ref: 0B53EB77
                                                                                                                                          • CryptHashData.ADVAPI32(?,?,00000000,00000000,00000000,0B53EE82,?,?,00008003,00000000,00000000,?,00000000,0B53EEA2,?,?), ref: 0B53EBB7
                                                                                                                                          • CryptDeriveKey.ADVAPI32(?,00006610,?,00000000,?,?,?,00000000,00000000,00000000,0B53EE82,?,?,00008003,00000000,00000000), ref: 0B53EBD7
                                                                                                                                          • CryptDecrypt.ADVAPI32(?,00000000,000000FF,00000000,?,?,?,?,00006610,?,00000000,?,?,?,00000000,00000000), ref: 0B53EC1B
                                                                                                                                          • CryptAcquireContextA.ADVAPI32(00000000,00000000,00000000,00000001,F0000000,00000000,0B53EE64,?,?,00006610,?,00000000,?,?,?,00000000), ref: 0B53EC51
                                                                                                                                          • CryptImportKey.ADVAPI32(00000000,?,00000000,?,00000000,00000000,00000000,00000001,F0000000,00000000,0B53EE64,?,?,00006610,?,00000000), ref: 0B53EC93
                                                                                                                                          • CryptCreateHash.ADVAPI32(00000000,00008003,00000000,00000000,?,?,?,00000000,0B53EE26,?,00000000,?,00000000,?,00000000,00000000), ref: 0B53ED38
                                                                                                                                          • CryptHashData.ADVAPI32(?,?,00000000,?,00000000,00008003,00000000,00000000,?,?,?,00000000,0B53EE26,?,00000000,?), ref: 0B53ED6C
                                                                                                                                          • CryptVerifySignatureW.ADVAPI32(?,?,00000080,?,00000000,00000000,?,?,00000000,?,00000000,00008003,00000000,00000000,?), ref: 0B53ED8A
                                                                                                                                          • CryptDecrypt.ADVAPI32(?,00000000,000000FF,00000000,?,?,?,00000000,00008003,00000000,00000000,?,?,?,00000000,0B53EE26), ref: 0B53EDB6
                                                                                                                                          • CryptDestroyHash.ADVAPI32(?,0B53EDF2,?,00000000,00008003,00000000,00000000,?,?,?,00000000,0B53EE26,?,00000000,?,00000000), ref: 0B53EDE5
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3379869403.000000000B089000.00000040.00001000.00020000.00000000.sdmp, Offset: 0B070000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B070000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5AF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5B1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5BB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5F7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_b070000_CPPlayer.jbxd
                                                                                                                                          Yara matches
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Crypt$Hash$AcquireContextCreateDataDecrypt$DeriveDestroyImportSignatureVerify
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3332142056-0
                                                                                                                                          • Opcode ID: f9b23171f9124e62ab4cc616a2e0d8e91d0c1a47e6db7be41b2eade4c589604b
                                                                                                                                          • Instruction ID: 439e8da6409bcf7df3d0caa3fb126e62c8f48c8d44c0cdfb35cfe25dcfea54c3
                                                                                                                                          • Opcode Fuzzy Hash: f9b23171f9124e62ab4cc616a2e0d8e91d0c1a47e6db7be41b2eade4c589604b
                                                                                                                                          • Instruction Fuzzy Hash: 7FC11A75A04605AFEB11DFA8C856FAEBBF8FB4DB10F1184A4F504E7790D635A900DB60
                                                                                                                                          Function 0B53F2D0 Relevance: 21.4, APIs: 14, Instructions: 359encryptionCOMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 291 b53f2d0-b53f2ed 293 b53f2ef-b53f2f2 291->293 294 b53f2fd-b53f321 CryptAcquireContextA 291->294 293->294 295 b53f2f4-b53f2f8 293->295 296 b53f327-b53f357 CryptImportKey 294->296 297 b53f6c4-b53f6cc 294->297 298 b53f6d8-b53f6e1 295->298 300 b53f6a4-b53f6bc CryptReleaseContext 296->300 301 b53f35d-b53f381 CryptAcquireContextA 296->301 297->298 302 b53f387-b53f3ab CryptGenKey 301->302 303 b53f686-b53f69c CryptDestroyKey 301->303 304 b53f3b1-b53f3d6 CryptExportKey 302->304 305 b53f666-b53f67e CryptReleaseContext 302->305 306 b53f648-b53f65e CryptDestroyKey 304->306 307 b53f3dc-b53f410 call b076edc CryptExportKey 304->307 310 b53f416-b53f46c call b077f7c call b076edc 307->310 311 b53f62b-b53f640 call b076ef8 307->311 320 b53f51a-b53f51e 310->320 321 b53f520-b53f524 320->321 322 b53f52c 320->322 323 b53f471-b53f475 321->323 324 b53f52a 321->324 322->323 325 b53f532-b53f536 322->325 326 b53f482 323->326 327 b53f477-b53f47e 323->327 324->325 328 b53f5f1-b53f606 call b076ef8 325->328 329 b53f53c-b53f540 325->329 332 b53f48d-b53f490 326->332 333 b53f484-b53f48b 326->333 331 b53f480 327->331 327->332 329->328 334 b53f546-b53f565 CryptEncrypt 329->334 331->333 336 b53f493-b53f4dc call b299fe4 CryptEncrypt 332->336 333->336 337 b53f567-b53f584 CryptEncrypt 334->337 338 b53f5a4-b53f5c2 call b29bc08 334->338 336->325 346 b53f4de-b53f4e2 336->346 337->338 339 b53f586-b53f59f call b29ad70 * 2 337->339 354 b53f5c4-b53f5c7 338->354 355 b53f5cb 338->355 339->338 349 b53f4e4-b53f4ea 346->349 350 b53f4ed-b53f50a CryptEncrypt 346->350 349->350 350->325 351 b53f50c-b53f515 call b29ad70 350->351 351->320 356 b53f5e1-b53f5ed 354->356 357 b53f5c9 354->357 355->356 358 b53f5cd-b53f5dc call b29aec0 355->358 356->328 357->358 358->356
                                                                                                                                          APIs
                                                                                                                                          • CryptAcquireContextA.ADVAPI32(00000000,00000000,00000000,00000001,F0000000,00000000,0B53F6CE), ref: 0B53F31A
                                                                                                                                          • CryptImportKey.ADVAPI32(00000000,?,00000000,?,00000000,00000000,00000000,00000001,F0000000,00000000,0B53F6CE), ref: 0B53F350
                                                                                                                                          • CryptAcquireContextA.ADVAPI32(?,00000000,00000000,00000018,F0000000,00000000,0B53F69D,?,00000000,?,00000000,?,00000000,00000000,00000000,00000001), ref: 0B53F37A
                                                                                                                                          • CryptGenKey.ADVAPI32(?,00006610,00000001,0B46A3FF,00000000,0B53F67F,?,?,00000000,00000000,00000018,F0000000,00000000,0B53F69D,?,00000000), ref: 0B53F3A4
                                                                                                                                          • CryptExportKey.ADVAPI32(0B46A3FF,00000000,00000008,00000000,00000000,0B46A250,00000000,0B53F65F,?,?,00006610,00000001,0B46A3FF,00000000,0B53F67F), ref: 0B53F3CF
                                                                                                                                          • CryptExportKey.ADVAPI32(0B46A3FF,00000000,00000008,00000000,?,0B46A250,00000000,0B53F641,?,0B46A3FF,00000000,00000008,00000000,00000000,0B46A250,00000000), ref: 0B53F409
                                                                                                                                          • CryptEncrypt.ADVAPI32(?,00000000,000000FF,00000000,00000000,?,00000000,0B46A3FF,00000000,000000FF,00000000,00000000,?,00000000,00000000,0B53F607), ref: 0B53F55E
                                                                                                                                          • CryptEncrypt.ADVAPI32(?,00000000,000000FF,00000000,?,0B46A250,?,?,00000000,000000FF,00000000,00000000,?,00000000,0B46A3FF,00000000), ref: 0B53F57D
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3379869403.000000000B089000.00000040.00001000.00020000.00000000.sdmp, Offset: 0B070000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B070000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5AF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5B1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5BB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5F7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_b070000_CPPlayer.jbxd
                                                                                                                                          Yara matches
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Crypt$AcquireContextEncryptExport$Import
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3847805902-0
                                                                                                                                          • Opcode ID: fdb2d9d05bb306dcbe273a606a2189ed7a3490aaed11170b82159490a66ccd9b
                                                                                                                                          • Instruction ID: f13bed651f01b187177e3494e074aafe6326d1cb96279c1b33ab9eac1a7dc6e8
                                                                                                                                          • Opcode Fuzzy Hash: fdb2d9d05bb306dcbe273a606a2189ed7a3490aaed11170b82159490a66ccd9b
                                                                                                                                          • Instruction Fuzzy Hash: 2EC10571E04308AFEB11DFA4D991FAEB7F9FB49B10F2044A5F904E7390DA75A9418B60
                                                                                                                                          Function 0B46A720 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 49networkCOMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 567 b46a720-b46a73f socket 568 b46a7a7-b46a7ad 567->568 569 b46a741-b46a768 call b0778e8 htons 567->569 572 b46a777-b46a788 bind 569->572 573 b46a76a-b46a774 inet_addr 569->573 574 b46a78a-b46a797 listen 572->574 575 b46a799-b46a7a4 closesocket 572->575 573->572 574->568 574->575 575->568
                                                                                                                                          APIs
                                                                                                                                          • socket.WS2_32(00000002,00000001,00000000), ref: 0B46A733
                                                                                                                                          • htons.WS2_32(0B55EFDA), ref: 0B46A75B
                                                                                                                                          • inet_addr.WS2_32(127.0.0.1), ref: 0B46A76F
                                                                                                                                          • bind.WS2_32(00000000,00000002,00000010), ref: 0B46A781
                                                                                                                                          • listen.WS2_32(00000000,00000000), ref: 0B46A790
                                                                                                                                          • closesocket.WS2_32(00000000), ref: 0B46A79D
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3379869403.000000000B089000.00000040.00001000.00020000.00000000.sdmp, Offset: 0B070000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B070000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5AF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5B1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5BB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5F7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_b070000_CPPlayer.jbxd
                                                                                                                                          Yara matches
                                                                                                                                          Similarity
                                                                                                                                          • API ID: bindclosesockethtonsinet_addrlistensocket
                                                                                                                                          • String ID: 127.0.0.1
                                                                                                                                          • API String ID: 362504746-3619153832
                                                                                                                                          • Opcode ID: 1962307caa31e674ecd928342c59bd8c4284ec567f5a359452d8b5eb71cdbe7b
                                                                                                                                          • Instruction ID: 88ef6f7141028b27539028eb83ef1d1bec47532fe49ee0f3e04a1b63d14ba3e9
                                                                                                                                          • Opcode Fuzzy Hash: 1962307caa31e674ecd928342c59bd8c4284ec567f5a359452d8b5eb71cdbe7b
                                                                                                                                          • Instruction Fuzzy Hash: 03011E60D503099ADB04EBE48C6ABFFF6B8AF04305F100416A644F7280EA70C645C79A
                                                                                                                                          Function 0B53E5F0 Relevance: 12.1, APIs: 8, Instructions: 125encryptionCOMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          APIs
                                                                                                                                          • CryptAcquireContextA.ADVAPI32(?,00000000,00000000,00000001,F0000000,00000000,0B53E713), ref: 0B53E634
                                                                                                                                          • CryptGenKey.ADVAPI32(?,00000001,04000001,0B55EFDA,?,00000000,00000000,00000001,F0000000,00000000,0B53E713), ref: 0B53E650
                                                                                                                                          • CryptExportKey.ADVAPI32(0B55EFDA,00000000,00000007,00000000,00000000,00000000,?,00000001,04000001,0B55EFDA,?,00000000,00000000,00000001,F0000000,00000000), ref: 0B53E66D
                                                                                                                                          • CryptExportKey.ADVAPI32(0B55EFDA,00000000,00000007,00000000,?,00000000), ref: 0B53E69E
                                                                                                                                          • CryptExportKey.ADVAPI32(0B55EFDA,00000000,00000006,00000000,00000000,00000000,0B55EFDA,00000000,00000007,00000000,?,00000000), ref: 0B53E6B7
                                                                                                                                          • CryptExportKey.ADVAPI32(0B55EFDA,00000000,00000006,00000000,?,00000000), ref: 0B53E6E8
                                                                                                                                          • CryptDestroyKey.ADVAPI32(0B55EFDA,0B55EFDA,00000000,00000007,00000000,00000000,00000000,?,00000001,04000001,0B55EFDA,?,00000000,00000000,00000001,F0000000), ref: 0B53E6F9
                                                                                                                                          • CryptReleaseContext.ADVAPI32(?,00000000,?,00000001,04000001,0B55EFDA,?,00000000,00000000,00000001,F0000000,00000000,0B53E713), ref: 0B53E704
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3379869403.000000000B089000.00000040.00001000.00020000.00000000.sdmp, Offset: 0B070000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B070000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5AF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5B1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5BB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5F7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_b070000_CPPlayer.jbxd
                                                                                                                                          Yara matches
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Crypt$Export$Context$AcquireDestroyRelease
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3750629692-0
                                                                                                                                          • Opcode ID: d8736955ffffb2a9bdada2c2ac8b22e91e6bcca7ff180c1f85d0615038806a74
                                                                                                                                          • Instruction ID: 1f72f4e011cdbbd3aa6eb17c76475676906c476e50a45a9d680ef5649dd58a58
                                                                                                                                          • Opcode Fuzzy Hash: d8736955ffffb2a9bdada2c2ac8b22e91e6bcca7ff180c1f85d0615038806a74
                                                                                                                                          • Instruction Fuzzy Hash: 3641CC71B40249AFEB10DA98DD86FAEB7F8FB49B00F144490F644EB290DA71ED418B60
                                                                                                                                          Function 0B540028 Relevance: 10.7, APIs: 7, Instructions: 152encryptionCOMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          APIs
                                                                                                                                          • CryptAcquireContextA.ADVAPI32(?,00000000,00000000,00000001,F0000000,00000000,0B54019F,?,00000000,0B5401D5), ref: 0B540072
                                                                                                                                          • CryptCreateHash.ADVAPI32(?,00008003,00000000,00000000,?,00000000,0B54018E,?,?,00000000,00000000,00000001,F0000000,00000000,0B54019F), ref: 0B54009E
                                                                                                                                          • CryptHashData.ADVAPI32(?,?,00000000,00000000,00000000,0B54016E,?,?,00008003,00000000,00000000,?,00000000,0B54018E,?,?), ref: 0B5400DE
                                                                                                                                          • CryptGetHashParam.ADVAPI32(?,00000002,00000000,0B55EFDA,00000000,?,?,00000000,00000000,00000000,0B54016E,?,?,00008003,00000000,00000000), ref: 0B5400F5
                                                                                                                                          • CryptGetHashParam.ADVAPI32(?,00000002,00000000,0B55EFDA,00000000), ref: 0B540128
                                                                                                                                          • CryptDestroyHash.ADVAPI32(?,0B540175,00000000,00000000,0B54016E,?,?,00008003,00000000,00000000,?,00000000,0B54018E,?,?,00000000), ref: 0B540168
                                                                                                                                          • CryptReleaseContext.ADVAPI32(?,00000000,0B540195,00000000,?,00000000,0B54018E,?,?,00000000,00000000,00000001,F0000000,00000000,0B54019F), ref: 0B540188
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3379869403.000000000B089000.00000040.00001000.00020000.00000000.sdmp, Offset: 0B070000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B070000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5AF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5B1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5BB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5F7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_b070000_CPPlayer.jbxd
                                                                                                                                          Yara matches
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Crypt$Hash$ContextParam$AcquireCreateDataDestroyRelease
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3606780921-0
                                                                                                                                          • Opcode ID: ca49c0c1e00913f76fd4fc580346895711a9829b6938f171e9e25d32744bdd49
                                                                                                                                          • Instruction ID: f65be8054d54b3c45a7ebf7de8df96796f0a2c2234b8e1d6f4b8b94ff87a15e8
                                                                                                                                          • Opcode Fuzzy Hash: ca49c0c1e00913f76fd4fc580346895711a9829b6938f171e9e25d32744bdd49
                                                                                                                                          • Instruction Fuzzy Hash: C5516C71A04309AFFB11EBA4DC52FAEB7F8FB49700F6444A5EA04E7680D774A900CB64
                                                                                                                                          Function 0B09368C Relevance: 3.0, APIs: 2, Instructions: 33fileCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • FindFirstFileW.KERNEL32(00000000,?,?,?,00000000,0B53C9C7,00000000,0B53CB21,?,00000000,0B53CB81), ref: 0B0936A7
                                                                                                                                          • GetLastError.KERNEL32(00000000,?,?,?,00000000,0B53C9C7,00000000,0B53CB21,?,00000000,0B53CB81), ref: 0B0936CC
                                                                                                                                            • Part of subcall function 0B0935F4: FileTimeToLocalFileTime.KERNEL32(?), ref: 0B093629
                                                                                                                                            • Part of subcall function 0B0935F4: FileTimeToDosDateTime.KERNEL32(?,?,?), ref: 0B093648
                                                                                                                                            • Part of subcall function 0B093700: FindClose.KERNEL32(?,?,0B0936CA,00000000,?,?,?,00000000,0B53C9C7,00000000,0B53CB21,?,00000000,0B53CB81), ref: 0B09370C
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3379869403.000000000B089000.00000040.00001000.00020000.00000000.sdmp, Offset: 0B070000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B070000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5AF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5B1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5BB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5F7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_b070000_CPPlayer.jbxd
                                                                                                                                          Yara matches
                                                                                                                                          Similarity
                                                                                                                                          • API ID: FileTime$Find$CloseDateErrorFirstLastLocal
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 976985129-0
                                                                                                                                          • Opcode ID: 8bd9595aed6736a6e8c596f4eb38431d5d2463cde179250a92fe296ebb938f65
                                                                                                                                          • Instruction ID: 00ca8dcef22ce48f265fe21704a7a91ddcf074b895140e047eca90a227a35190
                                                                                                                                          • Opcode Fuzzy Hash: 8bd9595aed6736a6e8c596f4eb38431d5d2463cde179250a92fe296ebb938f65
                                                                                                                                          • Instruction Fuzzy Hash: 5AE022B6B002201F0B2CBA7CACC16EEA1D89A88570319827AF864EB341D524CC061BD8
                                                                                                                                          Function 0B545BF8 Relevance: 1.6, APIs: 1, Instructions: 59timeCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • GetTimeZoneInformation.KERNEL32(?,00000000,0B545C85,?,?,?,?,?,0B549426,00000000,0B5494E8,?,?,0B55EED5,?,00000000), ref: 0B545C1E
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3379869403.000000000B089000.00000040.00001000.00020000.00000000.sdmp, Offset: 0B070000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B070000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5AF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5B1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5BB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5F7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_b070000_CPPlayer.jbxd
                                                                                                                                          Yara matches
                                                                                                                                          Similarity
                                                                                                                                          • API ID: InformationTimeZone
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 565725191-0
                                                                                                                                          • Opcode ID: 83279421c28f465103f62365bbaf02b86e3d5cf68a8e96050437d7f631e6eb5d
                                                                                                                                          • Instruction ID: cea5dcc92499a14ef6194680863c0a16c24ca8a2b75ef96e55a219c0b1103743
                                                                                                                                          • Opcode Fuzzy Hash: 83279421c28f465103f62365bbaf02b86e3d5cf68a8e96050437d7f631e6eb5d
                                                                                                                                          • Instruction Fuzzy Hash: 88110A75E04208EFDB44CFA9D891A9DFBF9EB89314F1084EAE409E3250E7309B40CB14
                                                                                                                                          Function 0B07DEC4 Relevance: 28.2, APIs: 12, Strings: 4, Instructions: 173registryCOMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          APIs
                                                                                                                                          • GetModuleFileNameW.KERNEL32(00000000,?,00000105), ref: 0B07DEFD
                                                                                                                                          • RegOpenKeyExW.ADVAPI32(80000001,Software\Embarcadero\Locales,00000000,000F0019,?), ref: 0B07DF46
                                                                                                                                          • RegOpenKeyExW.ADVAPI32(80000002,Software\Embarcadero\Locales,00000000,000F0019,?,80000001,Software\Embarcadero\Locales,00000000,000F0019,?), ref: 0B07DF68
                                                                                                                                          • RegOpenKeyExW.ADVAPI32(80000001,Software\CodeGear\Locales,00000000,000F0019,?,80000002,Software\Embarcadero\Locales,00000000,000F0019,?,80000001,Software\Embarcadero\Locales,00000000,000F0019,?), ref: 0B07DF86
                                                                                                                                          • RegOpenKeyExW.ADVAPI32(80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001,Software\CodeGear\Locales,00000000,000F0019,?,80000002,Software\Embarcadero\Locales,00000000,000F0019,?,80000001), ref: 0B07DFA4
                                                                                                                                          • RegOpenKeyExW.ADVAPI32(80000001,Software\Borland\Locales,00000000,000F0019,?,80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001,Software\CodeGear\Locales,00000000,000F0019,?,80000002), ref: 0B07DFC2
                                                                                                                                          • RegOpenKeyExW.ADVAPI32(80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001), ref: 0B07DFE0
                                                                                                                                          • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,00000000,0B07E0CC,?,80000001,Software\Embarcadero\Locales,00000000,000F0019,?), ref: 0B07E020
                                                                                                                                          • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,?,00000000,00000000,00000000,?,00000000,0B07E0CC,?,80000001), ref: 0B07E04B
                                                                                                                                          • RegCloseKey.ADVAPI32(?,0B07E0D3,00000000,00000000,?,?,?,00000000,00000000,00000000,?,00000000,0B07E0CC,?,80000001,Software\Embarcadero\Locales), ref: 0B07E0C6
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3379869403.000000000B070000.00000040.00001000.00020000.00000000.sdmp, Offset: 0B070000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5AF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5B1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5BB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5F7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_b070000_CPPlayer.jbxd
                                                                                                                                          Yara matches
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Open$QueryValue$CloseFileModuleName
                                                                                                                                          • String ID: Software\Borland\Delphi\Locales$Software\Borland\Locales$Software\CodeGear\Locales$Software\Embarcadero\Locales
                                                                                                                                          • API String ID: 2701450724-3496071916
                                                                                                                                          • Opcode ID: 02c5601df14b46c5182d3d890a8ea94bb1700d61f50aa0eefceded1460b6de4a
                                                                                                                                          • Instruction ID: 78eee311bd6e94cc05866b7a7407291cf1f96cc91d91b456f6499d42cd33bddc
                                                                                                                                          • Opcode Fuzzy Hash: 02c5601df14b46c5182d3d890a8ea94bb1700d61f50aa0eefceded1460b6de4a
                                                                                                                                          • Instruction Fuzzy Hash: 75510575FC120CBEEB18FA94CC42FEEF3ACDB08704F5444B5B614EA591D670DA418AA9
                                                                                                                                          Function 0B54FCAC Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 128windowsleepregistryCOMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          APIs
                                                                                                                                          • LoadIconW.USER32(00000000,00007F00), ref: 0B54FCDE
                                                                                                                                          • LoadCursorW.USER32(00000000,00007F00), ref: 0B54FCED
                                                                                                                                          • GetStockObject.GDI32(00000000), ref: 0B54FCF7
                                                                                                                                          • RegisterClassW.USER32(00000003), ref: 0B54FD1D
                                                                                                                                          • GetMessageW.USER32(?,000D007A,00000000,00000000), ref: 0B54FE42
                                                                                                                                            • Part of subcall function 0B077338: QueryPerformanceCounter.KERNEL32 ref: 0B07733C
                                                                                                                                            • Part of subcall function 0B077338: GetTickCount.KERNEL32 ref: 0B077350
                                                                                                                                          • Sleep.KERNEL32(00000005), ref: 0B54FD44
                                                                                                                                          • Sleep.KERNEL32(00000005,00000005), ref: 0B54FD5D
                                                                                                                                          • Sleep.KERNEL32(00000005,00000005,00000005), ref: 0B54FD76
                                                                                                                                          • GetModuleHandleW.KERNEL32(00000000,00000000,00000000,00000032,00000032,00000000,00000000,00CF0000,00000005,00000005,00000005), ref: 0B54FDC7
                                                                                                                                          • ShowWindow.USER32(000D007A,00000000,00000000,00000000,00000000,00000000,00000000,00000032,00000032,00000000,00000000,00CF0000,00000005,00000005,00000005), ref: 0B54FE07
                                                                                                                                          • UpdateWindow.USER32(000D007A), ref: 0B54FE12
                                                                                                                                          • TranslateMessage.USER32(?), ref: 0B54FE26
                                                                                                                                          • DispatchMessageW.USER32(?), ref: 0B54FE2F
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3379869403.000000000B089000.00000040.00001000.00020000.00000000.sdmp, Offset: 0B070000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B070000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5AF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5B1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5BB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5F7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_b070000_CPPlayer.jbxd
                                                                                                                                          Yara matches
                                                                                                                                          Similarity
                                                                                                                                          • API ID: MessageSleep$LoadWindow$ClassCountCounterCursorDispatchHandleIconModuleObjectPerformanceQueryRegisterShowStockTickTranslateUpdate
                                                                                                                                          • String ID: 2$2$\=5
                                                                                                                                          • API String ID: 781974586-2454586703
                                                                                                                                          • Opcode ID: 75afd8f5a3bed6d81da0c7d16fb9acffd35f6dc95f73398b65a45b5715e5c4bb
                                                                                                                                          • Instruction ID: 196d740a766bb166efa5849891cb060501da3022690667546cb148ef9671c8db
                                                                                                                                          • Opcode Fuzzy Hash: 75afd8f5a3bed6d81da0c7d16fb9acffd35f6dc95f73398b65a45b5715e5c4bb
                                                                                                                                          • Instruction Fuzzy Hash: AE411D70E44209AFEB44FBF8D846BDEBBF4BF08701F1044A5E554EB290DB759A048BA5
                                                                                                                                          Function 06DB35F0 Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 110libraryloaderCOMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 117 6db35f0-6db3621 call 6db1170 GetCurrentProcess GetProcessAffinityMask 120 6db3623-6db3629 117->120 121 6db3647 117->121 122 6db362e-6db3630 120->122 123 6db364d-6db367a LoadLibraryA GetProcAddress 121->123 124 6db3633-6db3635 122->124 125 6db3632 122->125 126 6db367c-6db3694 FreeLibrary 123->126 127 6db3696-6db369d 123->127 124->122 128 6db3637-6db3645 124->128 125->124 129 6db36a2-6db36b0 LoadLibraryA 126->129 127->129 128->123 130 6db36b2-6db36bf GetProcAddress 129->130 131 6db36c4-6db36ca 129->131 130->131 132 6db36ef-6db36f9 GetProcAddress 131->132 133 6db36cc-6db36d8 131->133 134 6db36fb-6db36ff 132->134 135 6db3701-6db3725 FreeLibrary 132->135 136 6db36da-6db36db FreeLibrary 133->136 137 6db36dd-6db36ee 133->137 134->135 139 6db3726-6db372c 134->139 136->137 140 6db373a-6db3745 139->140 141 6db372e-6db3735 139->141 141->140
                                                                                                                                          APIs
                                                                                                                                          • GetCurrentProcess.KERNEL32(?,?), ref: 06DB3612
                                                                                                                                          • GetProcessAffinityMask.KERNEL32(00000000), ref: 06DB3619
                                                                                                                                          • LoadLibraryA.KERNEL32(KERNEL32.DLL), ref: 06DB3658
                                                                                                                                          • GetProcAddress.KERNEL32(00000000,InterlockedCompareExchange), ref: 06DB366B
                                                                                                                                          • FreeLibrary.KERNEL32(75900000), ref: 06DB368C
                                                                                                                                          • LoadLibraryA.KERNEL32(QUSEREX.DLL), ref: 06DB36A7
                                                                                                                                          • GetProcAddress.KERNEL32(00000000,QueueUserAPCEx), ref: 06DB36B8
                                                                                                                                          • FreeLibrary.KERNEL32(00000000), ref: 06DB36DB
                                                                                                                                          • GetProcAddress.KERNEL32(00000000,QueueUserAPCEx_Init), ref: 06DB36F5
                                                                                                                                          • FreeLibrary.KERNEL32(00000000), ref: 06DB3712
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361426622.0000000006DB1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 06DB0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361402305.0000000006DB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361483658.0000000006DB6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361523421.0000000006DB8000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361556198.0000000006DB9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6db0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Library$AddressFreeProc$LoadProcess$AffinityCurrentMask
                                                                                                                                          • String ID: InterlockedCompareExchange$KERNEL32.DLL$QUSEREX.DLL$QueueUserAPCEx$QueueUserAPCEx_Init
                                                                                                                                          • API String ID: 3261526113-851271219
                                                                                                                                          • Opcode ID: 3471ed976725ec8e64ba1f8722958d2944ed60d6404fba95a3f50df7e49eb312
                                                                                                                                          • Instruction ID: c66570cff118484d28e3c338a95d18e73a4f94bed85634629f1496fa07e0e68e
                                                                                                                                          • Opcode Fuzzy Hash: 3471ed976725ec8e64ba1f8722958d2944ed60d6404fba95a3f50df7e49eb312
                                                                                                                                          • Instruction Fuzzy Hash: F0315071A06349DBC790DF6BBC809A677AEF7446D1751242AEA06C330CDB31D509EB91
                                                                                                                                          Function 0B55EB40 Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 279threadsleepCOMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 193 b55eb40-b55eb75 194 b55ebc7-b55ebd3 193->194 195 b55eb77-b55eba1 call b07b100 193->195 197 b55ebd5-b55ebea call b53fa84 call b07a2f8 194->197 198 b55ebef-b55ec27 call b077f7c call b46a6f8 call b53e5f0 194->198 195->194 197->198 208 b55ec2c-b55ec58 call b46a720 198->208 211 b55ec75-b55ec92 call b475698 208->211 212 b55ec5a-b55ec6b call b079dd8 208->212 218 b55ede3-b55eded Sleep 211->218 219 b55ec98-b55ed39 call b0778e8 call b07b0e0 call b540ba8 call b549388 call b29bc08 call b29ad70 call b46a198 211->219 215 b55ec70 212->215 217 b55edf2-b55ee01 215->217 220 b55ee03-b55ee75 call b53faf8 call b07adb4 CreateThread call b07b2fc call b07b114 call b5463f8 ExitProcess 217->220 221 b55ee7a-b55ee89 217->221 218->208 269 b55ed3e-b55ed40 219->269 223 b55ef56-b55ef60 call b557ed4 221->223 224 b55ee8f-b55eece call b4757dc GetCurrentProcessId call b475440 call b093860 call b53c928 call b542298 221->224 231 b55ef65-b55ef7a call b077fac 223->231 260 b55ef00-b55ef54 call b550fe8 call b079dd8 ResumeThread call b079dd8 ResumeThread 224->260 261 b55eed0-b55eefb call b5493b8 call b29bc08 call b29ad70 call b541b04 224->261 260->231 261->260 269->217 272 b55ed46-b55ed6c call b46a428 269->272 272->217 281 b55ed72-b55ed7c 272->281 283 b55ed85 281->283 284 b55ed7e-b55ed81 281->284 283->217 286 b55ed87-b55eda5 call b299fe4 283->286 284->217 285 b55ed83 284->285 285->286 289 b55edc7-b55ede1 closesocket ExitProcess 286->289 290 b55eda7-b55edc2 closesocket Sleep 286->290 289->217 290->208
                                                                                                                                          APIs
                                                                                                                                          • closesocket.WS2_32(00000000), ref: 0B55EDB3
                                                                                                                                          • Sleep.KERNEL32(00000BB8,00000000,?,00000000,0B55EFDA), ref: 0B55EDBD
                                                                                                                                          • closesocket.WS2_32(00000000), ref: 0B55EDD3
                                                                                                                                          • ExitProcess.KERNEL32(?,00000000,?,00000000,0B55EFDA), ref: 0B55EDDC
                                                                                                                                          • Sleep.KERNEL32(000003E8,00000000,0B55EF7B,?,00000000,0B55EFDA), ref: 0B55EDE8
                                                                                                                                            • Part of subcall function 0B079DD8: CreateThread.KERNEL32(?,?,Function_00009DA0,00000000,?,?), ref: 0B079E32
                                                                                                                                          • CreateThread.KERNEL32(00000000,00000000,0B5462AC,00000000,00000000,?), ref: 0B55EE36
                                                                                                                                          • ExitProcess.KERNEL32(00000000,,start",092DDBDC,0B55F024,rundll32.exe",?,0B55EFF4,?,00000000,00000000,000003E8,00000000,0B55EF7B,?,00000000,0B55EFDA), ref: 0B55EE75
                                                                                                                                          • GetCurrentProcessId.KERNEL32(?,00000000,00000000,000003E8,00000000,0B55EF7B,?,00000000,0B55EFDA), ref: 0B55EE94
                                                                                                                                            • Part of subcall function 0B475698: WSAIoctl.WS2_32(00000000,98000004,00000001,0000000C,00000000,00000000,?,00000000,00000000), ref: 0B47571B
                                                                                                                                            • Part of subcall function 0B475698: setsockopt.WS2_32(00000000,0000FFFF,00001006,0036EE80,00000004), ref: 0B47573E
                                                                                                                                            • Part of subcall function 0B475698: closesocket.WS2_32(00000000), ref: 0B475794
                                                                                                                                          • ResumeThread.KERNEL32(?,?,00000004,00000000,?,00000000,00000000,000003E8,00000000,0B55EF7B,?,00000000,0B55EFDA), ref: 0B55EF22
                                                                                                                                          • ResumeThread.KERNEL32(?,?,00000004,00000000,?,?,00000004,00000000,?,00000000,00000000,000003E8,00000000,0B55EF7B,?,00000000), ref: 0B55EF4F
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3379869403.000000000B089000.00000040.00001000.00020000.00000000.sdmp, Offset: 0B070000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B070000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5AF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5B1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5BB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5F7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_b070000_CPPlayer.jbxd
                                                                                                                                          Yara matches
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Thread$Processclosesocket$CreateExitResumeSleep$CurrentIoctlsetsockopt
                                                                                                                                          • String ID: *.upd$,start"$rundll32.exe"
                                                                                                                                          • API String ID: 2798972191-2267217653
                                                                                                                                          • Opcode ID: 36c57aa4107d85ad6e9e196d3e48cb99e776e7f98d75148ff3585ea1f2d72596
                                                                                                                                          • Instruction ID: af61a8301bf6c62810eef4eeebadb5e33b4f1b1dd7de3ce95248e747e1c3560e
                                                                                                                                          • Opcode Fuzzy Hash: 36c57aa4107d85ad6e9e196d3e48cb99e776e7f98d75148ff3585ea1f2d72596
                                                                                                                                          • Instruction Fuzzy Hash: A2B15170A042159FEB04EFA4C896B9EB7F5FB48701F5084E6E908EB254DB34EA49CF54
                                                                                                                                          Function 0B540FC4 Relevance: 17.8, APIs: 1, Strings: 9, Instructions: 308COMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 362 b540fc4-b540fc7 363 b540fcc-b540fd1 362->363 363->363 364 b540fd3-b541015 call b079f18 call b30a040 363->364 369 b541017-b54101a call b079f18 364->369 370 b54101f-b541045 call b07b21c call b30a040 364->370 369->370 376 b541047-b54104a call b079f18 370->376 377 b54104f-b541075 call b07b21c call b30a040 370->377 376->377 383 b541077-b54109c call b091a14 call b07b5f4 377->383 384 b5410e9-b5410ec call b079f18 377->384 394 b54109e-b5410a8 383->394 395 b5410aa-b5410cf call b091a14 call b07b5f4 383->395 388 b5410f1-b541117 call b07b21c call b30a040 384->388 398 b541121-b541147 call b07b21c call b30a040 388->398 399 b541119-b54111c call b079f18 388->399 394->388 407 b5410d1-b5410db 395->407 408 b5410dd-b5410e7 395->408 410 b541151-b541177 call b07b21c call b30a040 398->410 411 b541149-b54114c call b079f18 398->411 399->398 407->388 408->388 417 b541181-b541247 call b07b21c call b53fbd0 call b07b3e4 call b07b008 GetVolumeInformationW call b092958 call b07b21c call b3097b0 410->417 418 b541179-b54117c call b079f18 410->418 411->410 435 b541333-b541336 call b079f18 417->435 436 b54124d-b54125c call b540e80 call b540f34 417->436 418->417 440 b54133b-b54147b call b542270 call b07b0e0 call b53fd04 call b07b2fc call b07b0e0 call b07b274 call b07b114 call b53fd6c call b540028 call b07a2f8 call b079f78 call b079f60 call b079f3c call b079f78 call b079f3c call b079f78 * 2 435->440 444 b541261-b541331 call b09611c call b095e3c call b0925e0 * 7 call b07b2fc 436->444 444->440
                                                                                                                                          APIs
                                                                                                                                          • GetVolumeInformationW.KERNEL32(00000000,?,00000104,?,?,?,?,00000104,?,00000000,0B541225,?,00000001,00000001,00000001,00000001), ref: 0B5411EE
                                                                                                                                          Strings
                                                                                                                                          • SOFTWARE\Microsoft\Windows NT\CurrentVersion\InstallDate, xrefs: 0B541236
                                                                                                                                          • HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier, xrefs: 0B541034
                                                                                                                                          • INTEL, xrefs: 0B541090
                                                                                                                                          • SOFTWARE\Microsoft\Cryptography\MachineGuid, xrefs: 0B541004
                                                                                                                                          • SOFTWARE\Microsoft\Windows NT\CurrentVersion\BuildGUID, xrefs: 0B541136
                                                                                                                                          • SOFTWARE\Microsoft\Windows NT\CurrentVersion\BuildLabEx, xrefs: 0B541106
                                                                                                                                          • AMD , xrefs: 0B5410C3
                                                                                                                                          • HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString, xrefs: 0B541064
                                                                                                                                          • SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId, xrefs: 0B541166
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3379869403.000000000B089000.00000040.00001000.00020000.00000000.sdmp, Offset: 0B070000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B070000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5AF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5B1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5BB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5F7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_b070000_CPPlayer.jbxd
                                                                                                                                          Yara matches
                                                                                                                                          Similarity
                                                                                                                                          • API ID: InformationVolume
                                                                                                                                          • String ID: AMD $HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier$HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString$INTEL$SOFTWARE\Microsoft\Cryptography\MachineGuid$SOFTWARE\Microsoft\Windows NT\CurrentVersion\BuildGUID$SOFTWARE\Microsoft\Windows NT\CurrentVersion\BuildLabEx$SOFTWARE\Microsoft\Windows NT\CurrentVersion\InstallDate$SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId
                                                                                                                                          • API String ID: 2039140958-1519853149
                                                                                                                                          • Opcode ID: c8b8b93a869cc68f0dbf874db862774e2e58a60434c8c506118e92301e1bb3fc
                                                                                                                                          • Instruction ID: 953614cf1392dd8edf236866d59867c9028deb337deb1f27807a0f5e176babf5
                                                                                                                                          • Opcode Fuzzy Hash: c8b8b93a869cc68f0dbf874db862774e2e58a60434c8c506118e92301e1bb3fc
                                                                                                                                          • Instruction Fuzzy Hash: 49D14A70A4011DAFEF14EB90C992BEEB7B5FF44304F6044A1E604B7290DB75AF858B69
                                                                                                                                          Function 0B46B930 Relevance: 16.7, APIs: 11, Instructions: 153networkCOMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          APIs
                                                                                                                                          • socket.WS2_32(00000002,00000001,00000000), ref: 0B46B972
                                                                                                                                          • htons.WS2_32(?), ref: 0B46B9A7
                                                                                                                                          • inet_addr.WS2_32(00000000), ref: 0B46B9CA
                                                                                                                                          • connect.WS2_32(00000000,00000002,00000010), ref: 0B46B9E4
                                                                                                                                          • WSAGetLastError.WS2_32(00000000,?,00000002,00000001,00000000,00000000,0B46BB10,?,00000000,0B46BB33,?,?,?,?,?,0B4756DE), ref: 0B46B9F1
                                                                                                                                          • closesocket.WS2_32(00000000), ref: 0B46BA01
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3379869403.000000000B089000.00000040.00001000.00020000.00000000.sdmp, Offset: 0B070000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B070000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5AF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5B1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5BB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5F7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_b070000_CPPlayer.jbxd
                                                                                                                                          Yara matches
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ErrorLastclosesocketconnecthtonsinet_addrsocket
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3670979538-0
                                                                                                                                          • Opcode ID: 1aa2ac26145d43fcc9576094b05fa6d3d2125c30e2d01639870fd6f3aeb46e29
                                                                                                                                          • Instruction ID: a914de8be83d83c4dd80b07c18e7f4579fc6044a781bfd420c618ce67ebef780
                                                                                                                                          • Opcode Fuzzy Hash: 1aa2ac26145d43fcc9576094b05fa6d3d2125c30e2d01639870fd6f3aeb46e29
                                                                                                                                          • Instruction Fuzzy Hash: CF515A30D102099EDF14EBA5DC6ABEFB7F8EF08740F504466E514E2280EB789A05CF65
                                                                                                                                          Function 0699308A Relevance: 16.6, APIs: 11, Instructions: 94fileCOMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 542 699308a-6993123 call 6992007 call 6992473 * 6 CreateFileW 557 6993129-6993146 SetFilePointerEx 542->557 558 6993125-6993127 542->558 560 6993148-6993150 557->560 561 6993152-6993171 GlobalAlloc ReadFile 557->561 559 699318c-699318d 558->559 560->559 562 6993183-6993189 CloseHandle 561->562 563 6993173-6993181 561->563 562->559 563->559
                                                                                                                                          APIs
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(000E5600,631C7A3A,?,?,?,?,?,?,?,?,0699345F,?,0002EC40,000E5600), ref: 069930A0
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(000E5600,0BFCA690,?,?,?,?,?,?,?,?,0699345F,?,0002EC40,000E5600), ref: 069930B2
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(000E5600,D8086ACD,?,?,?,?,?,?,?,?,0699345F,?,0002EC40,000E5600), ref: 069930C4
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(000E5600,21297648,?,?,?,?,?,?,?,?,0699345F,?,0002EC40,000E5600), ref: 069930D6
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(000E5600,0069BB65,?,?,?,?,?,?,?,?,0699345F,?,0002EC40,000E5600), ref: 069930E8
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(000E5600,279AD17A,?,?,?,?,?,?,?,?,0699345F,?,0002EC40,000E5600), ref: 069930FA
                                                                                                                                          • CreateFileW.KERNEL32(0002EC40,80000000,00000001,00000000,00000003,00000080,00000000,?,?,?,?,?,?,?,?,0699345F), ref: 06993119
                                                                                                                                          • SetFilePointerEx.KERNEL32(000000FF,?,?,00000000,00000000,?,?,?,?,?,?,?,?,0699345F,?), ref: 06993141
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ?getCharEnd@Reader@io@dami@@$File$CreatePointer
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1172716262-0
                                                                                                                                          • Opcode ID: c888c2953cec04e799af3f28a28d32ac5b11fecd54fbc2d42e3164ff684e97c3
                                                                                                                                          • Instruction ID: f4fc9e2db9b6b52976b46984f46cf5b3c844d2305f1a69817c2800174d00def1
                                                                                                                                          • Opcode Fuzzy Hash: c888c2953cec04e799af3f28a28d32ac5b11fecd54fbc2d42e3164ff684e97c3
                                                                                                                                          • Instruction Fuzzy Hash: 8031C531D14209BFEF51AFA8DC06AADBFB5EF08310F204569F521B61A0DB715B509F68
                                                                                                                                          Function 0B075D58 Relevance: 12.2, APIs: 8, Instructions: 221sleepCOMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 576 b075d58-b075d67 577 b075e50-b075e53 576->577 578 b075d6d-b075d71 576->578 581 b075f40-b075f44 577->581 582 b075e59-b075e63 577->582 579 b075dd4-b075ddd 578->579 580 b075d73-b075d7a 578->580 579->580 585 b075ddf-b075de8 579->585 586 b075d7c-b075d87 580->586 587 b075da8-b075daa 580->587 583 b0757e4-b075809 call b075734 581->583 584 b075f4a-b075f4f 581->584 588 b075e65-b075e71 582->588 589 b075e14-b075e21 582->589 607 b075825-b07582c 583->607 608 b07580b-b07581a VirtualFree 583->608 585->579 590 b075dea-b075dfe Sleep 585->590 593 b075d90-b075da5 586->593 594 b075d89-b075d8e 586->594 597 b075dbf 587->597 598 b075dac-b075dbd 587->598 595 b075e73-b075e76 588->595 596 b075ea8-b075eb6 588->596 589->588 591 b075e23-b075e2c 589->591 590->580 602 b075e04-b075e0f Sleep 590->602 591->589 603 b075e2e-b075e42 Sleep 591->603 600 b075e7a-b075e7e 595->600 596->600 601 b075eb8-b075ebd call b0755ac 596->601 599 b075dc2-b075dcf 597->599 598->597 598->599 599->582 609 b075ec0-b075ecd 600->609 610 b075e80-b075e86 600->610 601->600 602->579 603->588 606 b075e44-b075e4b Sleep 603->606 606->589 613 b07582e-b07584a VirtualQuery VirtualFree 607->613 616 b075820-b075823 608->616 617 b07581c-b07581e 608->617 609->610 615 b075ecf-b075ed6 call b0755ac 609->615 611 b075ed8-b075ee2 610->611 612 b075e88-b075ea6 call b0755ec 610->612 623 b075ee4-b075f0c VirtualFree 611->623 624 b075f10-b075f3d call b07564c 611->624 620 b075851-b075857 613->620 621 b07584c-b07584f 613->621 615->610 618 b07585f-b075861 616->618 617->618 627 b075876-b075886 618->627 628 b075863-b075873 618->628 620->618 626 b075859-b07585d 620->626 621->618 626->613 628->627
                                                                                                                                          APIs
                                                                                                                                          • Sleep.KERNEL32(00000000,?), ref: 0B075DEE
                                                                                                                                          • Sleep.KERNEL32(0000000A,00000000,?), ref: 0B075E08
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3379869403.000000000B070000.00000040.00001000.00020000.00000000.sdmp, Offset: 0B070000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5AF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5B1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5BB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5F7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_b070000_CPPlayer.jbxd
                                                                                                                                          Yara matches
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Sleep
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3472027048-0
                                                                                                                                          • Opcode ID: f3e1413087d11bc373ee5962430ed03568d822ce5962eb9ef7f98eeac7dd6279
                                                                                                                                          • Instruction ID: d3a626975cc73f144ca2887e9d9e8acded9acdd13d7068ab2cf84d76981996fe
                                                                                                                                          • Opcode Fuzzy Hash: f3e1413087d11bc373ee5962430ed03568d822ce5962eb9ef7f98eeac7dd6279
                                                                                                                                          • Instruction Fuzzy Hash: 3A71F131E842008FE76DEF28CD85B9AFBD5EB65310F14C2AAD4458B392D6B0C845CB99
                                                                                                                                          Function 0B075F50 Relevance: 10.9, APIs: 7, Instructions: 406COMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 649 b075f50-b075f5a 650 b075f60-b075f6b 649->650 651 b075fe8-b075feb 649->651 652 b075fa4-b075fbd call b0759d4 650->652 653 b075f6d-b075f76 650->653 654 b075ff1-b076003 651->654 655 b076258-b07625d 651->655 674 b075fe3-b075fe6 652->674 675 b075fbf-b075fc5 652->675 657 b075f7c-b075f87 call b0759d4 653->657 658 b075f78-b075f7a 653->658 661 b076009-b07600e 654->661 662 b076118-b07611d 654->662 659 b076263-b076265 655->659 660 b075888-b0758a6 655->660 692 b075f9f-b075fa1 657->692 693 b075f89-b075f9d call b075590 call b075d58 657->693 666 b0758ac-b0758b5 660->666 667 b07598b-b07598f 660->667 663 b076010-b076014 661->663 664 b076018-b07601e 661->664 669 b076123-b07612b 662->669 670 b076210-b07622f call b0759d4 662->670 671 b076035-b076050 664->671 672 b076020-b076026 664->672 676 b0758b7-b0758b9 666->676 677 b0758bb 666->677 678 b075991-b075999 667->678 679 b07599b-b0759a6 call b0759d4 667->679 669->670 681 b076131-b076138 669->681 708 b076202-b076206 670->708 709 b076231-b076237 670->709 685 b076052-b07605f 671->685 686 b076098-b0760a5 671->686 682 b0760f0-b0760fb call b0759d4 672->682 683 b07602c-b076033 672->683 687 b075fc7 675->687 688 b075fca-b075fe1 call b075d58 675->688 689 b0758bd-b0758e3 VirtualQuery 676->689 677->689 690 b0759ca-b0759d3 678->690 679->690 727 b0759a8-b0759ae 679->727 694 b076195-b07619a 681->694 695 b07613a-b076147 681->695 740 b076113-b076117 682->740 741 b0760fd-b076111 call b075590 call b075d58 682->741 683->663 683->671 698 b076061-b07606a 685->698 699 b076090-b076095 685->699 704 b0760a7-b0760ad 686->704 705 b0760b0-b0760bf 686->705 687->688 688->674 702 b0758e5-b0758f7 689->702 703 b075953-b07595e call b0759d4 689->703 693->692 700 b0761a7-b0761cb 694->700 701 b07619c-b0761a6 call b0755ac 694->701 696 b07617c-b076189 695->696 697 b076149-b076152 695->697 712 b07618b-b076193 696->712 713 b076209 696->713 697->695 711 b076154-b07616c Sleep 697->711 698->685 714 b07606c-b076082 Sleep 698->714 699->686 716 b0761cd-b0761d4 700->716 717 b0761d8-b0761eb 700->717 701->700 702->703 718 b0758f9-b07590e 702->718 703->690 751 b075960-b075966 703->751 719 b0760c6-b0760d6 704->719 705->719 720 b0760c1 call b0755ac 705->720 724 b07623c-b076256 call b075560 call b075d58 709->724 725 b076239 709->725 711->696 728 b07616e-b076179 Sleep 711->728 712->694 712->713 713->670 714->699 729 b076084-b07608d Sleep 714->729 731 b0761f4-b076200 716->731 717->731 734 b0761ed-b0761ef call b0755ec 717->734 732 b075912-b075926 VirtualAlloc 718->732 733 b075910 718->733 737 b0760e2-b0760ef 719->737 738 b0760d8-b0760dd call b0755ec 719->738 720->719 725->724 744 b0759b0-b0759b5 727->744 745 b0759b8-b0759c5 call b075590 call b075d58 727->745 728->695 729->685 731->708 732->703 747 b075928-b07593c VirtualAlloc 732->747 733->732 734->731 738->737 741->740 744->745 745->690 747->703 756 b07593e-b075951 747->756 757 b075970-b075989 call b075560 call b075d58 751->757 758 b075968-b07596d 751->758 756->690 757->690 758->757
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3379869403.000000000B070000.00000040.00001000.00020000.00000000.sdmp, Offset: 0B070000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5AF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5B1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5BB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5F7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_b070000_CPPlayer.jbxd
                                                                                                                                          Yara matches
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: f9447a3c2b996fcc1134dee6eb2f1bc551d46aae379ad16d4bdd5a5b06f29a71
                                                                                                                                          • Instruction ID: a01ecf4d4178c010d0b346d776764d68e4f8e3eb6e20088ba47f23f55d8ed57e
                                                                                                                                          • Opcode Fuzzy Hash: f9447a3c2b996fcc1134dee6eb2f1bc551d46aae379ad16d4bdd5a5b06f29a71
                                                                                                                                          • Instruction Fuzzy Hash: EAC12662F90B040FE32DBA7C9C857EEF3C6DBD4220F18867AE155CB395DA65C8058388
                                                                                                                                          Function 0699103C Relevance: 9.1, APIs: 6, Instructions: 95memoryCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • ?getAlbum@v2@id3@dami@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABVID3_TagImpl@@@Z.ID3LIB ref: 06991065
                                                                                                                                          • ?getCur@ID3_MemoryWriter@@UAEIXZ.ID3LIB(?), ref: 06991079
                                                                                                                                            • Part of subcall function 06992189: ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,F1C25B45,?,?,0699108F), ref: 0699219D
                                                                                                                                          • VirtualAlloc.KERNEL32(00000000,?,00003000,00000040), ref: 0699109E
                                                                                                                                          • VirtualProtect.KERNEL32(00000000,?,00000002,?), ref: 069910FD
                                                                                                                                          • VirtualProtect.KERNEL32(?,?,?,?), ref: 0699115C
                                                                                                                                          • ??0WindowedReader@io@dami@@QAE@AAVID3_Reader@@I@Z.ID3LIB ref: 06991174
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ?getVirtual$ProtectReader@io@dami@@$Album@v2@id3@dami@@AllocCharCur@D@2@@std@@D@std@@End@Impl@@@MemoryReader@@U?$char_traits@V?$allocator@V?$basic_string@WindowedWriter@@
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1817250905-0
                                                                                                                                          • Opcode ID: 8228fa029caeaca26b5a48269c7c4e38a8583bafd0a51fde7f3d652ddefffcd8
                                                                                                                                          • Instruction ID: d0882a75a5e0abce56a2bf3de2141a6532dfa702f937c26eb34eeb6f7d49c120
                                                                                                                                          • Opcode Fuzzy Hash: 8228fa029caeaca26b5a48269c7c4e38a8583bafd0a51fde7f3d652ddefffcd8
                                                                                                                                          • Instruction Fuzzy Hash: 2041C271D00209EFDF45DFE8C845AECBBB1BF49210F10816AE525BA661D7355992CF20
                                                                                                                                          Function 06991037 Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: eaf49f0b4c217bbaf591a44bcdebbaf1d62cb46722d7ac2a86bd1556158f0199
                                                                                                                                          • Instruction ID: 78c0158935b0cf3cf84177ab9f0a91b137a1377ff5c8565f34a8dbc55e0b18eb
                                                                                                                                          • Opcode Fuzzy Hash: eaf49f0b4c217bbaf591a44bcdebbaf1d62cb46722d7ac2a86bd1556158f0199
                                                                                                                                          • Instruction Fuzzy Hash: 1541BD75D00209AFCF85DFE8D885AEDBBB1BF48311F10805AE514BB661D735AA91CF20
                                                                                                                                          Function 0699104B Relevance: 9.1, APIs: 6, Instructions: 88memoryCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • ?getAlbum@v2@id3@dami@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABVID3_TagImpl@@@Z.ID3LIB ref: 06991065
                                                                                                                                          • ?getCur@ID3_MemoryWriter@@UAEIXZ.ID3LIB(?), ref: 06991079
                                                                                                                                            • Part of subcall function 06992189: ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,F1C25B45,?,?,0699108F), ref: 0699219D
                                                                                                                                          • VirtualAlloc.KERNEL32(00000000,?,00003000,00000040), ref: 0699109E
                                                                                                                                          • VirtualProtect.KERNEL32(00000000,?,00000002,?), ref: 069910FD
                                                                                                                                          • VirtualProtect.KERNEL32(?,?,?,?), ref: 0699115C
                                                                                                                                          • ??0WindowedReader@io@dami@@QAE@AAVID3_Reader@@I@Z.ID3LIB ref: 06991174
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ?getVirtual$ProtectReader@io@dami@@$Album@v2@id3@dami@@AllocCharCur@D@2@@std@@D@std@@End@Impl@@@MemoryReader@@U?$char_traits@V?$allocator@V?$basic_string@WindowedWriter@@
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1817250905-0
                                                                                                                                          • Opcode ID: 435cb646ecaa0f0c6c7f21a989aecb966632777dd731823c965195a4180f0ea2
                                                                                                                                          • Instruction ID: 07bcbd710d69acbf657ac29fdeeb8e897a8045ee9453bdec649f9e13af25f1e4
                                                                                                                                          • Opcode Fuzzy Hash: 435cb646ecaa0f0c6c7f21a989aecb966632777dd731823c965195a4180f0ea2
                                                                                                                                          • Instruction Fuzzy Hash: 5D419D75D00209AFCF95DFE8C885AECBBB1BF48310F10805AE915BB661D735AA91CF20
                                                                                                                                          Function 06991055 Relevance: 9.1, APIs: 6, Instructions: 86memoryCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • ?getAlbum@v2@id3@dami@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABVID3_TagImpl@@@Z.ID3LIB ref: 06991065
                                                                                                                                          • ?getCur@ID3_MemoryWriter@@UAEIXZ.ID3LIB(?), ref: 06991079
                                                                                                                                            • Part of subcall function 06992189: ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,F1C25B45,?,?,0699108F), ref: 0699219D
                                                                                                                                          • VirtualAlloc.KERNEL32(00000000,?,00003000,00000040), ref: 0699109E
                                                                                                                                          • VirtualProtect.KERNEL32(00000000,?,00000002,?), ref: 069910FD
                                                                                                                                          • VirtualProtect.KERNEL32(?,?,?,?), ref: 0699115C
                                                                                                                                          • ??0WindowedReader@io@dami@@QAE@AAVID3_Reader@@I@Z.ID3LIB ref: 06991174
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ?getVirtual$ProtectReader@io@dami@@$Album@v2@id3@dami@@AllocCharCur@D@2@@std@@D@std@@End@Impl@@@MemoryReader@@U?$char_traits@V?$allocator@V?$basic_string@WindowedWriter@@
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1817250905-0
                                                                                                                                          • Opcode ID: 98e46b8772b59a5ea750f6140e480dcb3821ebcf61f9c0ee043c5d2424a9f53c
                                                                                                                                          • Instruction ID: 805760643d7104e7d78ecaf0c1fdc148b82cce4fea2f24f99d0da8f3ef08cc3e
                                                                                                                                          • Opcode Fuzzy Hash: 98e46b8772b59a5ea750f6140e480dcb3821ebcf61f9c0ee043c5d2424a9f53c
                                                                                                                                          • Instruction Fuzzy Hash: 0C31B071D00209AFCF55DFE8D885AECBBB1BF48310F10815AE525BA6A1D735AA91CF20
                                                                                                                                          Function 0699105A Relevance: 9.1, APIs: 6, Instructions: 83memoryCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • ?getAlbum@v2@id3@dami@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABVID3_TagImpl@@@Z.ID3LIB ref: 06991065
                                                                                                                                          • ?getCur@ID3_MemoryWriter@@UAEIXZ.ID3LIB(?), ref: 06991079
                                                                                                                                            • Part of subcall function 06992189: ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,F1C25B45,?,?,0699108F), ref: 0699219D
                                                                                                                                          • VirtualAlloc.KERNEL32(00000000,?,00003000,00000040), ref: 0699109E
                                                                                                                                          • VirtualProtect.KERNEL32(00000000,?,00000002,?), ref: 069910FD
                                                                                                                                          • VirtualProtect.KERNEL32(?,?,?,?), ref: 0699115C
                                                                                                                                          • ??0WindowedReader@io@dami@@QAE@AAVID3_Reader@@I@Z.ID3LIB ref: 06991174
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ?getVirtual$ProtectReader@io@dami@@$Album@v2@id3@dami@@AllocCharCur@D@2@@std@@D@std@@End@Impl@@@MemoryReader@@U?$char_traits@V?$allocator@V?$basic_string@WindowedWriter@@
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1817250905-0
                                                                                                                                          • Opcode ID: 7c0bfd953d6e3a468d95d621a2fa1520f5de46c0f674e9694e26aa12030dbd4d
                                                                                                                                          • Instruction ID: f5b637591c7630de649b9e73c0f47ce8dcc66a2daa06c6cdb3b87ea79510aa7c
                                                                                                                                          • Opcode Fuzzy Hash: 7c0bfd953d6e3a468d95d621a2fa1520f5de46c0f674e9694e26aa12030dbd4d
                                                                                                                                          • Instruction Fuzzy Hash: 6131A071D00209AFDF55DFE8D885AECFBB1BF48310F10805AE515BA661D735AA91CF20
                                                                                                                                          Function 0B0759D4 Relevance: 9.0, APIs: 7, Instructions: 298sleepCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • Sleep.KERNEL32(00000000,?,0B076274), ref: 0B075A8B
                                                                                                                                          • Sleep.KERNEL32(0000000A,00000000,?,0B076274), ref: 0B075AA1
                                                                                                                                          • Sleep.KERNEL32(00000000,?,?,?,0B076274), ref: 0B075ACF
                                                                                                                                          • Sleep.KERNEL32(0000000A,00000000,?,?,?,0B076274), ref: 0B075AE5
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3379869403.000000000B070000.00000040.00001000.00020000.00000000.sdmp, Offset: 0B070000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5AF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5B1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5BB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5F7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_b070000_CPPlayer.jbxd
                                                                                                                                          Yara matches
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Sleep
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3472027048-0
                                                                                                                                          • Opcode ID: 5f5eb4242b2983abddff5e3cedc7e810171def4af6c0e6883e0f4e89917d52a3
                                                                                                                                          • Instruction ID: 37da63ac657e63753593d5f04053317e0b7dc451836771c025acb16d30530fe0
                                                                                                                                          • Opcode Fuzzy Hash: 5f5eb4242b2983abddff5e3cedc7e810171def4af6c0e6883e0f4e89917d52a3
                                                                                                                                          • Instruction Fuzzy Hash: 38C11F72E413518FD71ADF28ED847AAFBE1EB95310F0882AED4159B381C7B0D589CB84
                                                                                                                                          Function 06991064 Relevance: 6.1, APIs: 4, Instructions: 88memoryCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • ?getAlbum@v2@id3@dami@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABVID3_TagImpl@@@Z.ID3LIB ref: 06991065
                                                                                                                                          • ?getCur@ID3_MemoryWriter@@UAEIXZ.ID3LIB(?), ref: 06991079
                                                                                                                                          • VirtualAlloc.KERNEL32(00000000,?,00003000,00000040), ref: 0699109E
                                                                                                                                          • VirtualProtect.KERNEL32(00000000,?,00000002,?), ref: 069910FD
                                                                                                                                          • VirtualProtect.KERNEL32(?,?,?,?), ref: 0699115C
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Virtual$?getProtect$Album@v2@id3@dami@@AllocCur@D@2@@std@@D@std@@Impl@@@MemoryU?$char_traits@V?$allocator@V?$basic_string@Writer@@
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 196110529-0
                                                                                                                                          • Opcode ID: 1984532fb6c55dc467458f5e22c63df1709e226c452667c408a58c35ff4230ec
                                                                                                                                          • Instruction ID: 2e42e903706703ff25ac907d31318c5ba2bb294bd56f9027b14e6d1e01c76b8a
                                                                                                                                          • Opcode Fuzzy Hash: 1984532fb6c55dc467458f5e22c63df1709e226c452667c408a58c35ff4230ec
                                                                                                                                          • Instruction Fuzzy Hash: 4A41F571D01209EFCF55DFD8C881AEDBBB5BF08310F10805AE515BA661D735AA52CF20
                                                                                                                                          Function 0699106E Relevance: 6.1, APIs: 4, Instructions: 81memoryCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • ?getAlbum@v2@id3@dami@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABVID3_TagImpl@@@Z.ID3LIB ref: 06991065
                                                                                                                                          • ?getCur@ID3_MemoryWriter@@UAEIXZ.ID3LIB(?), ref: 06991079
                                                                                                                                          • VirtualAlloc.KERNEL32(00000000,?,00003000,00000040), ref: 0699109E
                                                                                                                                          • VirtualProtect.KERNEL32(00000000,?,00000002,?), ref: 069910FD
                                                                                                                                          • VirtualProtect.KERNEL32(?,?,?,?), ref: 0699115C
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Virtual$?getProtect$Album@v2@id3@dami@@AllocCur@D@2@@std@@D@std@@Impl@@@MemoryU?$char_traits@V?$allocator@V?$basic_string@Writer@@
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 196110529-0
                                                                                                                                          • Opcode ID: 2ea5824067f6af5f91a517aa5ab29e7ddcf55622d25934a91a60c9af43b426c6
                                                                                                                                          • Instruction ID: 7d0dd85363637744ccc6ee94b3ee8513597df1f83e094963c365a34afead1613
                                                                                                                                          • Opcode Fuzzy Hash: 2ea5824067f6af5f91a517aa5ab29e7ddcf55622d25934a91a60c9af43b426c6
                                                                                                                                          • Instruction Fuzzy Hash: 5231E071C00209AFCF55DFE8C881AEDBBB5BF08204F10805AE525BA661D731AA528F20
                                                                                                                                          Function 0699107D Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: aaceb30879be0cc55cc9b6219d2320af21b1d8a52e3d214581e9469a555fe7cf
                                                                                                                                          • Instruction ID: 4e9b1c8bef8dfd7d081fae2e3b7c6fea52c97b4294e71d2b8991417a353866a9
                                                                                                                                          • Opcode Fuzzy Hash: aaceb30879be0cc55cc9b6219d2320af21b1d8a52e3d214581e9469a555fe7cf
                                                                                                                                          • Instruction Fuzzy Hash: 9431CF71D00209AFCF55DFD4C885AEDFBB5BF48310F10805AE515BA661D731AA928F20
                                                                                                                                          Function 06991087 Relevance: 6.1, APIs: 4, Instructions: 70memoryCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 06992189: ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,F1C25B45,?,?,0699108F), ref: 0699219D
                                                                                                                                          • VirtualAlloc.KERNEL32(00000000,?,00003000,00000040), ref: 0699109E
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ?getAllocCharEnd@Reader@io@dami@@Virtual
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3716546612-0
                                                                                                                                          • Opcode ID: 4f18506d8027c6b88f3506b844bd5a05d3f6ebe8c52afd1ce29d5b9d58d95d05
                                                                                                                                          • Instruction ID: 5af5bde6628251161ad21665fc0c38b22fb81e03526d2b1aa4f282469bbadb48
                                                                                                                                          • Opcode Fuzzy Hash: 4f18506d8027c6b88f3506b844bd5a05d3f6ebe8c52afd1ce29d5b9d58d95d05
                                                                                                                                          • Instruction Fuzzy Hash: 0931BB71D00209AFCF55DFD8C885AEDFBB5BF48311F10805AE525BA6A1D731AA92CF20
                                                                                                                                          Function 069910AF Relevance: 6.1, APIs: 4, Instructions: 70memoryCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • VirtualAlloc.KERNEL32(00000000,?,00003000,00000040), ref: 0699109E
                                                                                                                                          • VirtualProtect.KERNEL32(00000000,?,00000002,?), ref: 069910FD
                                                                                                                                          • VirtualProtect.KERNEL32(?,?,?,?), ref: 0699115C
                                                                                                                                          • ??0WindowedReader@io@dami@@QAE@AAVID3_Reader@@I@Z.ID3LIB ref: 06991174
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Virtual$Protect$AllocReader@@Reader@io@dami@@Windowed
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 790233916-0
                                                                                                                                          • Opcode ID: 961cf8e406f16f13d8fe451000beafae38fad1b93f4b9b7e16aca24caa8c1fbc
                                                                                                                                          • Instruction ID: 318ae2b76fd4e0640267f0044371ef1f16e515649c09a455592c6606707f3e0e
                                                                                                                                          • Opcode Fuzzy Hash: 961cf8e406f16f13d8fe451000beafae38fad1b93f4b9b7e16aca24caa8c1fbc
                                                                                                                                          • Instruction Fuzzy Hash: 4E31AD71D00209AFDF55DFD8C881AEDFBB5BF48311F10805AE525BA6A1D731AA92DF20
                                                                                                                                          Function 0699108C Relevance: 6.1, APIs: 4, Instructions: 68memoryCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • VirtualAlloc.KERNEL32(00000000,?,00003000,00000040), ref: 0699109E
                                                                                                                                          • VirtualProtect.KERNEL32(00000000,?,00000002,?), ref: 069910FD
                                                                                                                                          • VirtualProtect.KERNEL32(?,?,?,?), ref: 0699115C
                                                                                                                                          • ??0WindowedReader@io@dami@@QAE@AAVID3_Reader@@I@Z.ID3LIB ref: 06991174
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Virtual$Protect$AllocReader@@Reader@io@dami@@Windowed
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 790233916-0
                                                                                                                                          • Opcode ID: 4371cb8665f4828f6dda57341f3e5b51aaa47c7bb91f586d56fb418b21420399
                                                                                                                                          • Instruction ID: 8adc68b0ba9c792aa6c1f1e23a6a770597f37869551e28e8099efaf558a41ccf
                                                                                                                                          • Opcode Fuzzy Hash: 4371cb8665f4828f6dda57341f3e5b51aaa47c7bb91f586d56fb418b21420399
                                                                                                                                          • Instruction Fuzzy Hash: 2131DC71C00209AFCF45DF94C881AEDFBB5BF49214F10809AE511BA2A1D731AA92CF20
                                                                                                                                          Function 0699109B Relevance: 6.1, APIs: 4, Instructions: 64memoryCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • VirtualAlloc.KERNEL32(00000000,?,00003000,00000040), ref: 0699109E
                                                                                                                                          • VirtualProtect.KERNEL32(00000000,?,00000002,?), ref: 069910FD
                                                                                                                                          • VirtualProtect.KERNEL32(?,?,?,?), ref: 0699115C
                                                                                                                                          • ??0WindowedReader@io@dami@@QAE@AAVID3_Reader@@I@Z.ID3LIB ref: 06991174
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Virtual$Protect$AllocReader@@Reader@io@dami@@Windowed
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 790233916-0
                                                                                                                                          • Opcode ID: 905fc0d51a2db4c7853941b3ef3216a77ce819fa23339a720c3eae288e757224
                                                                                                                                          • Instruction ID: c790b9b4a3e916d9e51b8ba69da9515bcda5c06a4fdadacbdd4b7a7238891762
                                                                                                                                          • Opcode Fuzzy Hash: 905fc0d51a2db4c7853941b3ef3216a77ce819fa23339a720c3eae288e757224
                                                                                                                                          • Instruction Fuzzy Hash: 5331BD71C00209EFCF45DF98C885AEDFBB5BF48311F10805AE515B6661D731AA92CF10
                                                                                                                                          Function 06993305 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 142COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,D8086ACD), ref: 0699331B
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,0069BB65), ref: 0699332D
                                                                                                                                            • Part of subcall function 0699318E: ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,6232EAB0,?,?,069933F3,?), ref: 069931A4
                                                                                                                                            • Part of subcall function 0699318E: GetFileAttributesW.KERNEL32(069933F3,?,?,069933F3,?), ref: 069931B1
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ?getCharEnd@Reader@io@dami@@$AttributesFile
                                                                                                                                          • String ID: #
                                                                                                                                          • API String ID: 705579616-1885708031
                                                                                                                                          • Opcode ID: fc71412d759d29d96533701bef4620f2b3f1c8b88e74cbefb37ceff561e90078
                                                                                                                                          • Instruction ID: 06edb4dc6d141f7feca0718bf96831c84e4815510174ec9c7ce01b68f5fbf964
                                                                                                                                          • Opcode Fuzzy Hash: fc71412d759d29d96533701bef4620f2b3f1c8b88e74cbefb37ceff561e90078
                                                                                                                                          • Instruction Fuzzy Hash: 4B419F36D54348ADEF90CFE8EC12BFDBBB1AF48710F20001AE514EA2A0E7750A85DB55
                                                                                                                                          Function 069910A5 Relevance: 4.6, APIs: 3, Instructions: 60memoryCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • VirtualProtect.KERNEL32(00000000,?,00000002,?), ref: 069910FD
                                                                                                                                          • VirtualProtect.KERNEL32(?,?,?,?), ref: 0699115C
                                                                                                                                          • ??0WindowedReader@io@dami@@QAE@AAVID3_Reader@@I@Z.ID3LIB ref: 06991174
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ProtectVirtual$Reader@@Reader@io@dami@@Windowed
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1014679849-0
                                                                                                                                          • Opcode ID: d02821894f61a8c2eed3b3b2771aec38594e12aad90e7a84d87784edf5bb320e
                                                                                                                                          • Instruction ID: 341c1025c26343bdba6f7a42a3db1763e9669ec0c1649537b3b0eb2a7d954b52
                                                                                                                                          • Opcode Fuzzy Hash: d02821894f61a8c2eed3b3b2771aec38594e12aad90e7a84d87784edf5bb320e
                                                                                                                                          • Instruction Fuzzy Hash: FE212D31C00109EFCF45DFE8C8819ECFBB6BF48210F04806AE825BA6A1D7319A92CF10
                                                                                                                                          Function 0B308DC4 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 59COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 0B3072E4: GetFileAttributesW.KERNEL32(0B308DDB,00000000,0B307343), ref: 0B307324
                                                                                                                                          • GetLastError.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,00000000), ref: 0B308E16
                                                                                                                                          • GetLastError.KERNEL32(00000000), ref: 0B308E47
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3379869403.000000000B089000.00000040.00001000.00020000.00000000.sdmp, Offset: 0B070000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B070000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5AF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5B1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5BB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5F7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_b070000_CPPlayer.jbxd
                                                                                                                                          Yara matches
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ErrorLast$AttributesFile
                                                                                                                                          • String ID: {
                                                                                                                                          • API String ID: 2642427456-366298937
                                                                                                                                          • Opcode ID: 2c2f17b77d90564161ca82e227a29ef3acb23dbd9d1ce615eda42189d0006b23
                                                                                                                                          • Instruction ID: 38c589ff6a7a6f94a1ab6b74689599a96acefc08da5b7e742ed2bb31c4fdef3f
                                                                                                                                          • Opcode Fuzzy Hash: 2c2f17b77d90564161ca82e227a29ef3acb23dbd9d1ce615eda42189d0006b23
                                                                                                                                          • Instruction Fuzzy Hash: 20119030D1438DEEDF11EBF8891ABEEBBB46F11744F2445A49860761D0CBB11B50CB56
                                                                                                                                          Function 069910B9 Relevance: 4.6, APIs: 3, Instructions: 56memoryCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • VirtualProtect.KERNEL32(00000000,?,00000002,?), ref: 069910FD
                                                                                                                                          • VirtualProtect.KERNEL32(?,?,?,?), ref: 0699115C
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ProtectVirtual
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 544645111-0
                                                                                                                                          • Opcode ID: 62f2765acc1924f1ec62a915a031d4b4cbc4e0baeb2381e6ece87b57164e094f
                                                                                                                                          • Instruction ID: 05f6ac7c3a4c84212cbc95479b3cfcb80e7f8bbc68f513134649747692585cf4
                                                                                                                                          • Opcode Fuzzy Hash: 62f2765acc1924f1ec62a915a031d4b4cbc4e0baeb2381e6ece87b57164e094f
                                                                                                                                          • Instruction Fuzzy Hash: 5221FE71C00209EFCF45DFD8C8819EDFBB5BF49211F10805AE825BA661D732AA92CF20
                                                                                                                                          Function 069910C8 Relevance: 4.5, APIs: 3, Instructions: 49COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: c6c016d4f7a808c4e8aa891d1818cf3f9c9546cd3109788f109dd7c734403b77
                                                                                                                                          • Instruction ID: 048e7a9645d4ce0de8c6398885407ed1a8af35360546251f59e9443065d31e70
                                                                                                                                          • Opcode Fuzzy Hash: c6c016d4f7a808c4e8aa891d1818cf3f9c9546cd3109788f109dd7c734403b77
                                                                                                                                          • Instruction Fuzzy Hash: AC21CC71C00209EFCF54DFD8C8858EDFBB5BF49215F10805AE825BA661D735AA92CF20
                                                                                                                                          Function 0B30672C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 46registryCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • RegEnumValueW.ADVAPI32(?,?,?,?,?,?,?,?,00000000,0B3067A7), ref: 0B306788
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3379869403.000000000B089000.00000040.00001000.00020000.00000000.sdmp, Offset: 0B070000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B070000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5AF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5B1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5BB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5F7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_b070000_CPPlayer.jbxd
                                                                                                                                          Yara matches
                                                                                                                                          Similarity
                                                                                                                                          • API ID: EnumValue
                                                                                                                                          • String ID: RegEnumValueW
                                                                                                                                          • API String ID: 2814608202-4254430394
                                                                                                                                          • Opcode ID: 653ab25df285f1b10a6dfe2e72a73a1d9d2557da30805c3c8ac56d98d5c125a2
                                                                                                                                          • Instruction ID: c6b4c93db6820733ab8ffaadebd05bfde44cc358035d542e454e9ee1b62c4086
                                                                                                                                          • Opcode Fuzzy Hash: 653ab25df285f1b10a6dfe2e72a73a1d9d2557da30805c3c8ac56d98d5c125a2
                                                                                                                                          • Instruction Fuzzy Hash: 3A011E79614148AF8B40DFA8DC92D9E7BEDEB4C650B614461F908D3284DA34E911CB60
                                                                                                                                          Function 0B306684 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 46registryCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • RegEnumKeyExW.ADVAPI32(?,?,?,?,?,?,?,?,00000000,0B3066FF), ref: 0B3066E0
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3379869403.000000000B089000.00000040.00001000.00020000.00000000.sdmp, Offset: 0B070000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B070000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5AF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5B1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5BB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5F7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_b070000_CPPlayer.jbxd
                                                                                                                                          Yara matches
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Enum
                                                                                                                                          • String ID: RegEnumKeyExW
                                                                                                                                          • API String ID: 2928410991-194899230
                                                                                                                                          • Opcode ID: 72a0d37c65a6dfebb01cc1996e64435aa92e4e89677a4b82642e85511fe48ccb
                                                                                                                                          • Instruction ID: 8915c0df5ddf86d0d5e775bceffc72025f7efaaf954652cec1dea9795a5c7a7a
                                                                                                                                          • Opcode Fuzzy Hash: 72a0d37c65a6dfebb01cc1996e64435aa92e4e89677a4b82642e85511fe48ccb
                                                                                                                                          • Instruction Fuzzy Hash: 64011E75614248EFDB40DFA8E861D9E7BEDFF4C250B514561F908D3284DA34E910CB60
                                                                                                                                          Function 0B3064C0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 42registryCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • RegQueryValueExW.ADVAPI32(?,0B30A74C,00000000,0B30B04E,0B30B01E,00020019,00000000,0B306533), ref: 0B306514
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3379869403.000000000B089000.00000040.00001000.00020000.00000000.sdmp, Offset: 0B070000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B070000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5AF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5B1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5BB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5F7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_b070000_CPPlayer.jbxd
                                                                                                                                          Yara matches
                                                                                                                                          Similarity
                                                                                                                                          • API ID: QueryValue
                                                                                                                                          • String ID: RegQueryValueExW
                                                                                                                                          • API String ID: 3660427363-1156389039
                                                                                                                                          • Opcode ID: e2f93ff61fce61f87fba4ec4090541f612c734212d320cbaf4acd19a1836aef0
                                                                                                                                          • Instruction ID: 7d5c0eb2a5d63d70b8b33ea80f91658a5457d797ccc486aac2fc684d12962da6
                                                                                                                                          • Opcode Fuzzy Hash: e2f93ff61fce61f87fba4ec4090541f612c734212d320cbaf4acd19a1836aef0
                                                                                                                                          • Instruction Fuzzy Hash: 87014475614148AFCB00DFA8E85289E7BEDEF48250B504461F904C7284D630DA10CB54
                                                                                                                                          Function 0B306250 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40registryCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • RegOpenKeyExW.ADVAPI32(?,?,?,?,?,00000000,0B3062BF), ref: 0B3062A0
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3379869403.000000000B089000.00000040.00001000.00020000.00000000.sdmp, Offset: 0B070000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B070000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5AF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5B1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5BB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5F7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_b070000_CPPlayer.jbxd
                                                                                                                                          Yara matches
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Open
                                                                                                                                          • String ID: RegOpenKeyExW
                                                                                                                                          • API String ID: 71445658-904843138
                                                                                                                                          • Opcode ID: 0eb34a4807d2cb52908ad0985d7d30d1ab932bd8ebbb7ba2e0b6a89f76691650
                                                                                                                                          • Instruction ID: 26306d09a439fa157d12192d79e85ddc07676f06193f75bb76469f5053eb5b23
                                                                                                                                          • Opcode Fuzzy Hash: 0eb34a4807d2cb52908ad0985d7d30d1ab932bd8ebbb7ba2e0b6a89f76691650
                                                                                                                                          • Instruction Fuzzy Hash: 97013675B24248EFDB00DFA8EC5289E7BEDFF48250B614565F904D7280EB31DA10CB60
                                                                                                                                          Function 0B3072E4 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 32COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • GetFileAttributesW.KERNEL32(0B308DDB,00000000,0B307343), ref: 0B307324
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3379869403.000000000B089000.00000040.00001000.00020000.00000000.sdmp, Offset: 0B070000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B070000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5AF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5B1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5BB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5F7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_b070000_CPPlayer.jbxd
                                                                                                                                          Yara matches
                                                                                                                                          Similarity
                                                                                                                                          • API ID: AttributesFile
                                                                                                                                          • String ID: GetFileAttributesW
                                                                                                                                          • API String ID: 3188754299-3300174157
                                                                                                                                          • Opcode ID: 609b2c829214053e77a01f7ab07c9f05ef36042be20dbf4037e861a3a7b267ee
                                                                                                                                          • Instruction ID: 34549a84365acd79e565180436bdd9e2feb11ff832fb1868adf97dc1eaf12427
                                                                                                                                          • Opcode Fuzzy Hash: 609b2c829214053e77a01f7ab07c9f05ef36042be20dbf4037e861a3a7b267ee
                                                                                                                                          • Instruction Fuzzy Hash: BCF05475B64248EFDB05EF74F86189DBBE9FB48250B6184E1EC00D3790EA34EE01CA94
                                                                                                                                          Function 0B306E4C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • GetNativeSystemInfo.KERNEL32(?,00000000,0B306EA2,?,00000000,?,0B3093CF,?,00000000,0B3093F0), ref: 0B306E86
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3379869403.000000000B089000.00000040.00001000.00020000.00000000.sdmp, Offset: 0B070000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B070000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5AF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5B1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5BB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5F7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_b070000_CPPlayer.jbxd
                                                                                                                                          Yara matches
                                                                                                                                          Similarity
                                                                                                                                          • API ID: InfoNativeSystem
                                                                                                                                          • String ID: GetNativeSystemInfo
                                                                                                                                          • API String ID: 1721193555-3949249589
                                                                                                                                          • Opcode ID: fbdfb225a5b1b30c346a22af8ac9993599f4e2100f5a6ee319b4346163273dec
                                                                                                                                          • Instruction ID: f20cbc3af5e7ffbd6a0d9ba9b50b6c13974c88850b9b0b8ed3d637d36bad05ee
                                                                                                                                          • Opcode Fuzzy Hash: fbdfb225a5b1b30c346a22af8ac9993599f4e2100f5a6ee319b4346163273dec
                                                                                                                                          • Instruction Fuzzy Hash: 26F08234664304EFDB00EF65E922A5DB7E9EB59640BB140A1E80087680DE75AE14D6A4
                                                                                                                                          Function 0B46A198 Relevance: 3.2, APIs: 2, Instructions: 210networkCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • send.WS2_32(?,?,0000001C,00000000), ref: 0B46A29F
                                                                                                                                          • send.WS2_32(?,?,00000004,00000000), ref: 0B46A3BB
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3379869403.000000000B089000.00000040.00001000.00020000.00000000.sdmp, Offset: 0B070000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B070000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5AF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5B1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5BB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5F7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_b070000_CPPlayer.jbxd
                                                                                                                                          Yara matches
                                                                                                                                          Similarity
                                                                                                                                          • API ID: send
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2809346765-0
                                                                                                                                          • Opcode ID: ada1e2cda3514898f8ed23f0eec5f2c89aff9a0d8872e30b7ccbec209b8fd42f
                                                                                                                                          • Instruction ID: 52321511611b78649ab2a5d76841205ea372c910094682e3823011a2f0f00234
                                                                                                                                          • Opcode Fuzzy Hash: ada1e2cda3514898f8ed23f0eec5f2c89aff9a0d8872e30b7ccbec209b8fd42f
                                                                                                                                          • Instruction Fuzzy Hash: C081B574E00609DFDB10DF98C885AAEBBB5FF49340F108166E814EB364DB35AA46CB52
                                                                                                                                          Function 069910CD Relevance: 3.0, APIs: 2, Instructions: 48COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: bfda37782e2b254b4811ee553ef65a201ea7139d1f3196f47a8a280c626c4534
                                                                                                                                          • Instruction ID: 3b8700936e8971a3e8b80297fcb662df71be760bf7164df93914b59fde48097a
                                                                                                                                          • Opcode Fuzzy Hash: bfda37782e2b254b4811ee553ef65a201ea7139d1f3196f47a8a280c626c4534
                                                                                                                                          • Instruction Fuzzy Hash: 3711CA71C00209EFCF54CF98C8818EDFBB5BF49215F10806AE825BA661D735AA92CF20
                                                                                                                                          Function 069910E6 Relevance: 3.0, APIs: 2, Instructions: 41memoryCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • VirtualProtect.KERNEL32(00000000,?,00000002,?), ref: 069910FD
                                                                                                                                          • VirtualProtect.KERNEL32(?,?,?,?), ref: 0699115C
                                                                                                                                          • ??0WindowedReader@io@dami@@QAE@AAVID3_Reader@@I@Z.ID3LIB ref: 06991174
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ProtectVirtual$Reader@@Reader@io@dami@@Windowed
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1014679849-0
                                                                                                                                          • Opcode ID: 62cfc8c585830045e5af9a4cf4891669cf83d5cde004bf53e8d515fedfbd9ad2
                                                                                                                                          • Instruction ID: c0c17ef9dc1fbfeff6e81df51a480eee74bad73e79d77e4401c6c3ddd950175f
                                                                                                                                          • Opcode Fuzzy Hash: 62cfc8c585830045e5af9a4cf4891669cf83d5cde004bf53e8d515fedfbd9ad2
                                                                                                                                          • Instruction Fuzzy Hash: F711BA71D00209EFCF14CF98C8819EDFBB5BF49315F10915AE821BA261D735A992CF50
                                                                                                                                          Function 06DC3958 Relevance: 3.0, APIs: 2, Instructions: 30memoryCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • HeapCreate.KERNEL32(00000000,00001000,00000000,06DC363E,00000001), ref: 06DC3969
                                                                                                                                            • Part of subcall function 06DC3810: GetVersionExA.KERNEL32 ref: 06DC382F
                                                                                                                                          • HeapDestroy.KERNEL32 ref: 06DC39A8
                                                                                                                                            • Part of subcall function 06DC3A5D: HeapAlloc.KERNEL32(00000000,00000140,06DC3991,000003F8), ref: 06DC3A6A
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361628266.0000000006DC1000.00000020.00000001.01000000.00000010.sdmp, Offset: 06DC0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361583894.0000000006DC0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361695467.0000000006DC8000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361730827.0000000006DCB000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361760959.0000000006DCD000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361801698.0000000006DCF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6dc0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Heap$AllocCreateDestroyVersion
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2507506473-0
                                                                                                                                          • Opcode ID: 9c9df6061a4b49df909c69e7f8ad27bf8d04db10c985c155b932bee17247c091
                                                                                                                                          • Instruction ID: e1d263b7e72007b75b453eb376b0945192c5f8a06a0219e3ff3e6431725dd882
                                                                                                                                          • Opcode Fuzzy Hash: 9c9df6061a4b49df909c69e7f8ad27bf8d04db10c985c155b932bee17247c091
                                                                                                                                          • Instruction Fuzzy Hash: 95F02B70E5530F5AEFF05B305C45B2977E1DB007B5F21842DF608CA180EF64C580E562
                                                                                                                                          Function 06DDC4D5 Relevance: 3.0, APIs: 2, Instructions: 30memoryCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • HeapCreate.KERNEL32(00000000,00001000,00000000,06DDC1BB,00000001), ref: 06DDC4E6
                                                                                                                                            • Part of subcall function 06DDC38D: GetVersionExA.KERNEL32 ref: 06DDC3AC
                                                                                                                                          • HeapDestroy.KERNEL32 ref: 06DDC525
                                                                                                                                            • Part of subcall function 06DDC5DA: HeapAlloc.KERNEL32(00000000,00000140,06DDC50E,000003F8), ref: 06DDC5E7
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361849390.0000000006DD1000.00000020.00000001.01000000.00000011.sdmp, Offset: 06DD0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361827332.0000000006DD0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361960118.0000000006DE2000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361980942.0000000006DE5000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3362017883.0000000006DE8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6dd0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Heap$AllocCreateDestroyVersion
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2507506473-0
                                                                                                                                          • Opcode ID: 6f6a52746d547b0b3e092b20683f7b9c11535f6183f5e74506b17fbbba5bbf9e
                                                                                                                                          • Instruction ID: 915144f004704ac793d43659f77981b5436b7d62ffc4b6c27f6afea3e8e88816
                                                                                                                                          • Opcode Fuzzy Hash: 6f6a52746d547b0b3e092b20683f7b9c11535f6183f5e74506b17fbbba5bbf9e
                                                                                                                                          • Instruction Fuzzy Hash: 1EF0EDB0E75301AAEFE07BB0AD49B3976DEEB44792F100465FA15CD2D0EBE08281D631
                                                                                                                                          Function 06991082 Relevance: 3.0, APIs: 2, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 06992189: ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,F1C25B45,?,?,0699108F), ref: 0699219D
                                                                                                                                          • VirtualAlloc.KERNEL32(00000000,?,00003000,00000040), ref: 0699109E
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ?getAllocCharEnd@Reader@io@dami@@Virtual
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3716546612-0
                                                                                                                                          • Opcode ID: 2cfa0ec34b38b4c23b9e16996bf9a5ce61697c48651dfae57dce1018121c66c6
                                                                                                                                          • Instruction ID: ae9a02f0d5222e0027fb0d15360c895eee301494f814007d16b1ac7c9695b0fc
                                                                                                                                          • Opcode Fuzzy Hash: 2cfa0ec34b38b4c23b9e16996bf9a5ce61697c48651dfae57dce1018121c66c6
                                                                                                                                          • Instruction Fuzzy Hash: AEF0B775D01209BFDF85EFE4DC45B9CBF71BF44700F200055E614766A0D7726A609B24
                                                                                                                                          Function 0699318E Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,6232EAB0,?,?,069933F3,?), ref: 069931A4
                                                                                                                                          • GetFileAttributesW.KERNEL32(069933F3,?,?,069933F3,?), ref: 069931B1
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ?getAttributesCharEnd@FileReader@io@dami@@
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1870771807-0
                                                                                                                                          • Opcode ID: 6b58c5a8bc688003a8af2d29a51322e59d63d8274404289cc9c4a1fc9fbb48ae
                                                                                                                                          • Instruction ID: 357ecb80d2955c7590e7ce3fbb16bb74757cf182d0329528ed7ab3c9abff8469
                                                                                                                                          • Opcode Fuzzy Hash: 6b58c5a8bc688003a8af2d29a51322e59d63d8274404289cc9c4a1fc9fbb48ae
                                                                                                                                          • Instruction Fuzzy Hash: 8BF01570C14208EFEF50EFA8D8456ACBBB5FB01329F208999E430A65A0D7755B51CB64
                                                                                                                                          Function 0B46B7A4 Relevance: 3.0, APIs: 2, Instructions: 21networkCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • WSAEventSelect.WS2_32(?,00000000,00000000), ref: 0B46B7B5
                                                                                                                                          • ioctlsocket.WS2_32(?,8004667E,?), ref: 0B46B7CC
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3379869403.000000000B089000.00000040.00001000.00020000.00000000.sdmp, Offset: 0B070000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B070000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5AF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5B1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5BB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5F7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_b070000_CPPlayer.jbxd
                                                                                                                                          Yara matches
                                                                                                                                          Similarity
                                                                                                                                          • API ID: EventSelectioctlsocket
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2974038276-0
                                                                                                                                          • Opcode ID: f59a4da12e1edb9ae51933f3651f0a03d0d4b977586f95720daed2cede666d42
                                                                                                                                          • Instruction ID: 5c393a731c3e4bc719127ad8ba9d618c66d59a7bc06ae37ec9eae8221a141033
                                                                                                                                          • Opcode Fuzzy Hash: f59a4da12e1edb9ae51933f3651f0a03d0d4b977586f95720daed2cede666d42
                                                                                                                                          • Instruction Fuzzy Hash: B0E0EC72D14208BEDB14DAE89D56F9EB7BC9F04210F2001A6A614E71C0E971AB109758
                                                                                                                                          Function 0B30A040 Relevance: 1.6, APIs: 1, Instructions: 122COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • IsTextUnicode.ADVAPI32(?,?,00000000), ref: 0B30A0B4
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3379869403.000000000B089000.00000040.00001000.00020000.00000000.sdmp, Offset: 0B070000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B070000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5AF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5B1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5BB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5F7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_b070000_CPPlayer.jbxd
                                                                                                                                          Yara matches
                                                                                                                                          Similarity
                                                                                                                                          • API ID: TextUnicode
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1982823515-0
                                                                                                                                          • Opcode ID: 8cf598a38136269581f5a039725bd7a89c1f4043ede626bcb10fc2d881c1ff64
                                                                                                                                          • Instruction ID: 95d64cc8712d5b061991439f40b197f05f9ad6824123e6eee195c3befff5005a
                                                                                                                                          • Opcode Fuzzy Hash: 8cf598a38136269581f5a039725bd7a89c1f4043ede626bcb10fc2d881c1ff64
                                                                                                                                          • Instruction Fuzzy Hash: 02411B75E40248AFDB05EFA8D9529DEFBF8EB49310F608065E504F3690DA35AD418BA4
                                                                                                                                          Function 0B46C1E8 Relevance: 1.6, APIs: 1, Instructions: 106networkCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • send.WS2_32(?,?,?,00000000), ref: 0B46C284
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3379869403.000000000B089000.00000040.00001000.00020000.00000000.sdmp, Offset: 0B070000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B070000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5AF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5B1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5BB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5F7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_b070000_CPPlayer.jbxd
                                                                                                                                          Yara matches
                                                                                                                                          Similarity
                                                                                                                                          • API ID: send
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2809346765-0
                                                                                                                                          • Opcode ID: ea4f036b638bd7f0fa8e23eab2d8e84fb0f9b17c4a63f64ff99f092337445feb
                                                                                                                                          • Instruction ID: 0e9e2a8897c46c5882d5a5e266618fe39164d78639d6c3d4142ad53b702fb3bb
                                                                                                                                          • Opcode Fuzzy Hash: ea4f036b638bd7f0fa8e23eab2d8e84fb0f9b17c4a63f64ff99f092337445feb
                                                                                                                                          • Instruction Fuzzy Hash: 1741E370E04209DFDB00CFE9C484BAEBBF5FB49714F1081A6D854A7251D738AA85CB66
                                                                                                                                          Function 06DDE98B Relevance: 1.6, APIs: 1, Instructions: 99memoryCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,?,00000000,?,06DD32E9,?,?,?), ref: 06DDEA81
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361849390.0000000006DD1000.00000020.00000001.01000000.00000011.sdmp, Offset: 06DD0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361827332.0000000006DD0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361960118.0000000006DE2000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361980942.0000000006DE5000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3362017883.0000000006DE8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6dd0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: AllocateHeap
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1279760036-0
                                                                                                                                          • Opcode ID: b816cce6a458e89fcf53fee749d8c32ce1994f3315a793b637e173ebe03c2885
                                                                                                                                          • Instruction ID: 6ee4e61fe31f81f71472c7efdc615e37145e35cabe045a59e7eb36dbf2cd34e6
                                                                                                                                          • Opcode Fuzzy Hash: b816cce6a458e89fcf53fee749d8c32ce1994f3315a793b637e173ebe03c2885
                                                                                                                                          • Instruction Fuzzy Hash: 2A317E72D00629AFCFE0FFA8AC40AADB775FB04764F10522AE9257E2C0C3745940CBA4
                                                                                                                                          Function 069922D9 Relevance: 1.6, APIs: 1, Instructions: 82libraryCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: LibraryLoad
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1029625771-0
                                                                                                                                          • Opcode ID: 79f96e681428c61490e3f9a43fa5a00ed415c84dd7fa4ee906c555d4829d536b
                                                                                                                                          • Instruction ID: 94a76ae63ecc1e93763b534c03b6c13d99cd1429eb109210f2013d9810930f94
                                                                                                                                          • Opcode Fuzzy Hash: 79f96e681428c61490e3f9a43fa5a00ed415c84dd7fa4ee906c555d4829d536b
                                                                                                                                          • Instruction Fuzzy Hash: 05415C74D24209EFDF45CF98C885BADBBB5FF09305F1484A9E812AB651C334AA90CF64
                                                                                                                                          Function 0B079DD8 Relevance: 1.5, APIs: 1, Instructions: 48threadCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • CreateThread.KERNEL32(?,?,Function_00009DA0,00000000,?,?), ref: 0B079E32
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3379869403.000000000B070000.00000040.00001000.00020000.00000000.sdmp, Offset: 0B070000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5AF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5B1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5BB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5F7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_b070000_CPPlayer.jbxd
                                                                                                                                          Yara matches
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CreateThread
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2422867632-0
                                                                                                                                          • Opcode ID: 25575afafb42d9ab1e8b8264a0e0ac524f33d6bba315023ff34b3ec13a4aad63
                                                                                                                                          • Instruction ID: 9cbdf979e5f578cc78c60052d5a0c14e21aa05a0fe6d9f3fad01cf2f6e1e2757
                                                                                                                                          • Opcode Fuzzy Hash: 25575afafb42d9ab1e8b8264a0e0ac524f33d6bba315023ff34b3ec13a4aad63
                                                                                                                                          • Instruction Fuzzy Hash: 10014F72F45254AFCB55EB9CD884A8EFBECEB49260F108166F509DB350D671DD00C7A8
                                                                                                                                          Function 0B540F34 Relevance: 1.5, APIs: 1, Instructions: 47timeCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • GetTimeZoneInformation.KERNEL32(?,00000000,0B540FA7,?,?,?,?,?,0B541261), ref: 0B540F55
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3379869403.000000000B089000.00000040.00001000.00020000.00000000.sdmp, Offset: 0B070000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B070000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5AF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5B1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5BB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5F7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_b070000_CPPlayer.jbxd
                                                                                                                                          Yara matches
                                                                                                                                          Similarity
                                                                                                                                          • API ID: InformationTimeZone
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 565725191-0
                                                                                                                                          • Opcode ID: a3834da1c6b6b5d8f8b00fba195601a5ff43a193e67a640885546b5dfa924f45
                                                                                                                                          • Instruction ID: ad19c7f74bc50daa44ea479de9ccc25e6abfc40cd31103da48a37230c627ff36
                                                                                                                                          • Opcode Fuzzy Hash: a3834da1c6b6b5d8f8b00fba195601a5ff43a193e67a640885546b5dfa924f45
                                                                                                                                          • Instruction Fuzzy Hash: 3501F27182864CFFEB104F25E845EA9FB7CFB85724F2544F2EA4891180DB3187A0CA56
                                                                                                                                          Function 0B084190 Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • CreateWindowExW.USER32(00000000,00000000,00000005,00000000,00000000,00000032,00000032,00000000,00000000,00CF0000,00000005,00000005), ref: 0B0841CF
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3379869403.000000000B070000.00000040.00001000.00020000.00000000.sdmp, Offset: 0B070000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5AF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5B1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5BB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5F7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_b070000_CPPlayer.jbxd
                                                                                                                                          Yara matches
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CreateWindow
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 716092398-0
                                                                                                                                          • Opcode ID: 30ccaef52477435eed548c0763da4f26b386d8ff045cabf3a34f01c073c1b5fe
                                                                                                                                          • Instruction ID: 891d5924a34adbb11765761994b047f2719453fb9e245b30937e450fdaa4ccea
                                                                                                                                          • Opcode Fuzzy Hash: 30ccaef52477435eed548c0763da4f26b386d8ff045cabf3a34f01c073c1b5fe
                                                                                                                                          • Instruction Fuzzy Hash: 62F07FB2700118AF9B84EE9DDC81EDBB7ECEB4C2A0B054165BA08D3300D634ED118BA4
                                                                                                                                          Function 06991104 Relevance: 1.5, APIs: 1, Instructions: 33memoryCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • VirtualProtect.KERNEL32(?,?,?,?), ref: 0699115C
                                                                                                                                          • ??0WindowedReader@io@dami@@QAE@AAVID3_Reader@@I@Z.ID3LIB ref: 06991174
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ProtectReader@@Reader@io@dami@@VirtualWindowed
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 764992150-0
                                                                                                                                          • Opcode ID: cc16c90bfc2a5863ff841efbbe077d5ce12934169558f728cbc5a8481c8cf2e8
                                                                                                                                          • Instruction ID: 4d0584f22d9a2e07f0ae08daa6a6b8c4111a0abf79e8a0476df83e498db054cd
                                                                                                                                          • Opcode Fuzzy Hash: cc16c90bfc2a5863ff841efbbe077d5ce12934169558f728cbc5a8481c8cf2e8
                                                                                                                                          • Instruction Fuzzy Hash: 3C01C071D01109EFCF58CF98C9818ECFBB5FF49315B14D15AE425AA261D735AA92CF10
                                                                                                                                          Function 069922BB Relevance: 1.5, APIs: 1, Instructions: 32libraryCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: LibraryLoad
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1029625771-0
                                                                                                                                          • Opcode ID: c2f245071cadc81bc93a2b92749fee197481b8958da0b601e4484b1b98c4ccf2
                                                                                                                                          • Instruction ID: 1c3a6011d297343bfae0912e39e1853a098d355d82f122b91a73dc80c24c29cb
                                                                                                                                          • Opcode Fuzzy Hash: c2f245071cadc81bc93a2b92749fee197481b8958da0b601e4484b1b98c4ccf2
                                                                                                                                          • Instruction Fuzzy Hash: 36F04930C24259EFCF859FA4C8486ECBBF0BF1A321F245686D012BA651C3744641CB70
                                                                                                                                          Function 06991109 Relevance: 1.5, APIs: 1, Instructions: 30memoryCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • VirtualProtect.KERNEL32(?,?,?,?), ref: 0699115C
                                                                                                                                          • ??0WindowedReader@io@dami@@QAE@AAVID3_Reader@@I@Z.ID3LIB ref: 06991174
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ProtectReader@@Reader@io@dami@@VirtualWindowed
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 764992150-0
                                                                                                                                          • Opcode ID: 8554620a42186a36595ea0365764e7b5fdc0529af68c34e20e4aaa995a62fc7c
                                                                                                                                          • Instruction ID: 09dc193d592a83e8d12749a27c80375d158be9590dc0fce58d51d924599a4ca1
                                                                                                                                          • Opcode Fuzzy Hash: 8554620a42186a36595ea0365764e7b5fdc0529af68c34e20e4aaa995a62fc7c
                                                                                                                                          • Instruction Fuzzy Hash: 1501CC71C00109EFCF58CF98C9808ACFBB9FF4A205B14D15AE425AA261D735AA52CF10
                                                                                                                                          Function 06992293 Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 9fe6ee8bfed386013d0dd104b6b4f5b496c9915e1d2207fc35a69c98ff6cae60
                                                                                                                                          • Instruction ID: c8f24abd6470f2a11adbd1d61513af4db0bf14b42252da1b3b1afb4b59364fe9
                                                                                                                                          • Opcode Fuzzy Hash: 9fe6ee8bfed386013d0dd104b6b4f5b496c9915e1d2207fc35a69c98ff6cae60
                                                                                                                                          • Instruction Fuzzy Hash: 32F0B234D20219EFDF44CFA4C848BADBBB1BF48319F148559D8127A651C3745A81CBA0
                                                                                                                                          Function 06992298 Relevance: 1.5, APIs: 1, Instructions: 28libraryCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: LibraryLoad
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1029625771-0
                                                                                                                                          • Opcode ID: 560fe83c04c5411349ec8b2441f747df4175a7a0e83f38b43cfdf5ab09c2c1a8
                                                                                                                                          • Instruction ID: d6334de13d9f115e4f19330fe59b9bf42326b7c72584dccc59a526a16753c414
                                                                                                                                          • Opcode Fuzzy Hash: 560fe83c04c5411349ec8b2441f747df4175a7a0e83f38b43cfdf5ab09c2c1a8
                                                                                                                                          • Instruction Fuzzy Hash: 74F01730C25229EFDF55CFA8C848AEDBBB4BF09324F044499D8127B651C3745A40CF64
                                                                                                                                          Function 0B07D354 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • GetModuleFileNameW.KERNEL32(0B070000,?,0000020A), ref: 0B07D372
                                                                                                                                            • Part of subcall function 0B07E5C8: GetModuleFileNameW.KERNEL32(00000000,?,00000105,00000000,0B07E682,?,0B070000,0B56CC1C), ref: 0B07E604
                                                                                                                                            • Part of subcall function 0B07E5C8: LoadLibraryExW.KERNEL32(00000000,00000000,00000002), ref: 0B07E655
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3379869403.000000000B070000.00000040.00001000.00020000.00000000.sdmp, Offset: 0B070000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5AF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5B1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5BB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5F7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_b070000_CPPlayer.jbxd
                                                                                                                                          Yara matches
                                                                                                                                          Similarity
                                                                                                                                          • API ID: FileModuleName$LibraryLoad
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 4113206344-0
                                                                                                                                          • Opcode ID: 9d1dcdb6278ba7d9162398c2b85b4e0448c5d2455f3d4910a007fbcd501b866c
                                                                                                                                          • Instruction ID: 03779bedad16edf99399ec44db433b77eb9eb926c21f866c43ffb3de525c3b13
                                                                                                                                          • Opcode Fuzzy Hash: 9d1dcdb6278ba7d9162398c2b85b4e0448c5d2455f3d4910a007fbcd501b866c
                                                                                                                                          • Instruction Fuzzy Hash: 84E06DB1E403108FCB18EE58C8C1A9673E8AF08610F000AA0EC14CF24AE370D91087E1
                                                                                                                                          Function 06991122 Relevance: 1.5, APIs: 1, Instructions: 23memoryCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • VirtualProtect.KERNEL32(?,?,?,?), ref: 0699115C
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ProtectVirtual
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 544645111-0
                                                                                                                                          • Opcode ID: fae5f96692f3fc9ac78a22d47e5fd73370990efbb6781e40170acbe7806c8a53
                                                                                                                                          • Instruction ID: c8040a0b71070d61620a70884eb9dfd9a04e1872c584dce86393360c1cd3ba76
                                                                                                                                          • Opcode Fuzzy Hash: fae5f96692f3fc9ac78a22d47e5fd73370990efbb6781e40170acbe7806c8a53
                                                                                                                                          • Instruction Fuzzy Hash: AAF06C71C00109AFCB15CB94C9918EDFBB9BF4E215B14925AE42AA6661C632A9538F10
                                                                                                                                          Function 069910D2 Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • VirtualProtect.KERNEL32(00000000,?,00000002,?), ref: 069910FD
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ProtectVirtual
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 544645111-0
                                                                                                                                          • Opcode ID: 0987fd354502cd5e42c66f7f11daa74fa46a04588310d312d3f60d901b8f4d12
                                                                                                                                          • Instruction ID: 2494ff19ce3ec21025e87203f9ad560d56113f32070637ce919f80cd078dbdca
                                                                                                                                          • Opcode Fuzzy Hash: 0987fd354502cd5e42c66f7f11daa74fa46a04588310d312d3f60d901b8f4d12
                                                                                                                                          • Instruction Fuzzy Hash: 8EE0AE71C00209AFDF95DFE8D845AEDBBB4BF08320F108016E421B6660DB3059818F20
                                                                                                                                          Function 06991127 Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • VirtualProtect.KERNEL32(?,?,?,?), ref: 0699115C
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ProtectVirtual
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 544645111-0
                                                                                                                                          • Opcode ID: 65a0e0e2da639aeb91c63f7fb81424222cbcf15d6a6167765598a6da17bb7903
                                                                                                                                          • Instruction ID: 386317631a516a02d98b9dc7349a47a3b6f074608f7a46ccf15d0650c6563ce1
                                                                                                                                          • Opcode Fuzzy Hash: 65a0e0e2da639aeb91c63f7fb81424222cbcf15d6a6167765598a6da17bb7903
                                                                                                                                          • Instruction Fuzzy Hash: 2FF0AE72C01209EFCF55DF98C995CEDBBB9FF4E305B10811AE11AA6621D732A953CB20
                                                                                                                                          Function 0731568C Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • HeapCreate.KERNEL32(00000000,00001000,00000000,?,073145F0,00000001,?,?,?,07314769,?,?,?,07322490,0000000C,07314824), ref: 073156A1
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3364461439.0000000007311000.00000020.00000001.01000000.00000012.sdmp, Offset: 07310000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3364405182.0000000007310000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364564894.0000000007320000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364633835.0000000007324000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364663478.0000000007327000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_7310000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CreateHeap
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 10892065-0
                                                                                                                                          • Opcode ID: 949017826682b32bfa60bf8f38c84ceea5ba97732074da2f05e833e3db95b619
                                                                                                                                          • Instruction ID: fe598e656e41ca9aefb7455c37d966ad958d7567b1164979332904cddf422d35
                                                                                                                                          • Opcode Fuzzy Hash: 949017826682b32bfa60bf8f38c84ceea5ba97732074da2f05e833e3db95b619
                                                                                                                                          • Instruction Fuzzy Hash: 8AD05E76A943099AFB205E746C0A7663BDCA7847A5F10443DB90CC6541F578D5A1C940
                                                                                                                                          Function 069CBDA4 Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • HeapCreate.KERNEL32(00000000,00001000,00000000,?,069C5F3B,00000001,?,?,?,069C60B4,?,?,?,06A09B38,0000000C,069C616F), ref: 069CBDB9
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CreateHeap
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 10892065-0
                                                                                                                                          • Opcode ID: 6d5df78ae8bb1318d2c7ee946e04fd7e8a7a649afdc2729b14634a978b5213d7
                                                                                                                                          • Instruction ID: 6a28dfed5929fef74af6173f1e9ded2df7d132a228dea0667e8d5925cd7c6532
                                                                                                                                          • Opcode Fuzzy Hash: 6d5df78ae8bb1318d2c7ee946e04fd7e8a7a649afdc2729b14634a978b5213d7
                                                                                                                                          • Instruction Fuzzy Hash: 7DD0A776A943899EDB10AF75BC097723BDDE7843A5F10447AFA1CCA544F674CE41CA40
                                                                                                                                          Function 0699112C Relevance: 1.5, APIs: 1, Instructions: 18memoryCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • VirtualProtect.KERNEL32(?,?,?,?), ref: 0699115C
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ProtectVirtual
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 544645111-0
                                                                                                                                          • Opcode ID: 542606a942a6696e3d6c8a32cffb0e6ee9d37bf9e6ffe24985e71286e0482c6e
                                                                                                                                          • Instruction ID: 68cae9119f58434554a38d8762df1696d6f942922b7049695cda4de29a9b778b
                                                                                                                                          • Opcode Fuzzy Hash: 542606a942a6696e3d6c8a32cffb0e6ee9d37bf9e6ffe24985e71286e0482c6e
                                                                                                                                          • Instruction Fuzzy Hash: 6DE0CA72C00109EFCF15CB98C9808ECBBBABF4E201B10811AE11AB6621C732A953CB10
                                                                                                                                          Function 06991136 Relevance: 1.5, APIs: 1, Instructions: 16memoryCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • VirtualProtect.KERNEL32(?,?,?,?), ref: 0699115C
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ProtectVirtual
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 544645111-0
                                                                                                                                          • Opcode ID: fa4d9af2bfca4c498ffa16088d6edb3e7a15ef2adcfe7a87609fa20d1412b9ef
                                                                                                                                          • Instruction ID: 329e0218f475cd2e5f2ff6a64ca7162f74f057feef491d97ce66213a7a6c1492
                                                                                                                                          • Opcode Fuzzy Hash: fa4d9af2bfca4c498ffa16088d6edb3e7a15ef2adcfe7a87609fa20d1412b9ef
                                                                                                                                          • Instruction Fuzzy Hash: 0EE09972C04209EFCF569FD8D9408ECBBB9BF0E301B10912AE11AB6520D732A9529F20
                                                                                                                                          Function 0B542270 Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • GetCurrentHwProfileA.ADVAPI32(00000000), ref: 0B54227D
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3379869403.000000000B089000.00000040.00001000.00020000.00000000.sdmp, Offset: 0B070000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B070000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5AF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5B1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5BB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5F7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_b070000_CPPlayer.jbxd
                                                                                                                                          Yara matches
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CurrentProfile
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2104809126-0
                                                                                                                                          • Opcode ID: 5b042119305f6f62e33fcccfe21d1e7cce0981de402b3e3158df4de884f3a73a
                                                                                                                                          • Instruction ID: da1b9ab69f2f23c70ae838785f3643a0a2565246d7ae795982741185d22c166f
                                                                                                                                          • Opcode Fuzzy Hash: 5b042119305f6f62e33fcccfe21d1e7cce0981de402b3e3158df4de884f3a73a
                                                                                                                                          • Instruction Fuzzy Hash: AED05E30E0420C9BCB14EAE4C842ADEB3789B44204F104259E91857280E9315A0087C9
                                                                                                                                          Function 069922CA Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: LibraryLoad
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1029625771-0
                                                                                                                                          • Opcode ID: 98970e137ee6703dcd2ae86c364fc5e2fb08ae9aad44a8a12efe8a16d57d9808
                                                                                                                                          • Instruction ID: 0c8dda37db90e7a96a5bf59fc5dcd6b5eb1ee3c828bded1efa1ccab344c6b30f
                                                                                                                                          • Opcode Fuzzy Hash: 98970e137ee6703dcd2ae86c364fc5e2fb08ae9aad44a8a12efe8a16d57d9808
                                                                                                                                          • Instruction Fuzzy Hash: 95D04234C24229EFDF405FA4CC096EDBBB4BF19315F105925D42272560C7B506559A64
                                                                                                                                          Function 06991140 Relevance: 1.5, APIs: 1, Instructions: 14COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 89ae68c76a41c1d95d660a6b0bc0f1f43732bfaaac7be28a2d679df5c4ee8333
                                                                                                                                          • Instruction ID: 2f3de5eb5b31c997ee8b3660ac822a823ba41088b6f0bb591548a68b26082b90
                                                                                                                                          • Opcode Fuzzy Hash: 89ae68c76a41c1d95d660a6b0bc0f1f43732bfaaac7be28a2d679df5c4ee8333
                                                                                                                                          • Instruction Fuzzy Hash: 94D09272C0410DEA8F519BD8C8448EDBB79BF0F212B140215E11AB1420D7325853DB20
                                                                                                                                          Function 0B46B788 Relevance: 1.5, APIs: 1, Instructions: 13networkCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • WSAEventSelect.WS2_32(?,00000000,00000020), ref: 0B46B799
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3379869403.000000000B089000.00000040.00001000.00020000.00000000.sdmp, Offset: 0B070000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B070000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5AF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5B1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5BB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5F7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_b070000_CPPlayer.jbxd
                                                                                                                                          Yara matches
                                                                                                                                          Similarity
                                                                                                                                          • API ID: EventSelect
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 31538577-0
                                                                                                                                          • Opcode ID: b493ba91ee9732cac0e6acd2e4840d2afa0eb0ea0011230bfc84432c59efe1c1
                                                                                                                                          • Instruction ID: 715f18e89e11fea696fcb0f4082ecdd514776e795e1bacb312b86903dfeeca75
                                                                                                                                          • Opcode Fuzzy Hash: b493ba91ee9732cac0e6acd2e4840d2afa0eb0ea0011230bfc84432c59efe1c1
                                                                                                                                          • Instruction Fuzzy Hash: 5FC080319583086EE71495D45D1BB5E739CCB00630F300155F5145B1C0FD727B00534C
                                                                                                                                          Function 069910F0 Relevance: 1.5, APIs: 1, Instructions: 10memoryCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • VirtualProtect.KERNEL32(00000000,?,00000002,?), ref: 069910FD
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ProtectVirtual
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 544645111-0
                                                                                                                                          • Opcode ID: d71efc41d44200f2e4ebd2a9bf5ccf5bd6d32a3c11821eb25c97c0434c9529b0
                                                                                                                                          • Instruction ID: 70d55fee3fa0c362bc88fd39d389495a079df112a4b4a8475f411ee1eef37e06
                                                                                                                                          • Opcode Fuzzy Hash: d71efc41d44200f2e4ebd2a9bf5ccf5bd6d32a3c11821eb25c97c0434c9529b0
                                                                                                                                          • Instruction Fuzzy Hash: 52D09571C40208BBEF128AA8DC0AAECFAB8BB04306F408045E810B2260CB3809918F10
                                                                                                                                          Function 069910F5 Relevance: 1.5, APIs: 1, Instructions: 8memoryCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • VirtualProtect.KERNEL32(00000000,?,00000002,?), ref: 069910FD
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ProtectVirtual
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 544645111-0
                                                                                                                                          • Opcode ID: 0b4b15e6218d70a2f4b3793790b64231d565fc1c0fce18401b803acf4be42460
                                                                                                                                          • Instruction ID: 7952f4034fb8869f49ce8f8c228050f857f2ea9ca055e7dba23f0ea8336b1fe4
                                                                                                                                          • Opcode Fuzzy Hash: 0b4b15e6218d70a2f4b3793790b64231d565fc1c0fce18401b803acf4be42460
                                                                                                                                          • Instruction Fuzzy Hash: 16C0EA31D44109ABDF159BE4D80ABDCFBB1BB04305F008455E51176161C77909919F50
                                                                                                                                          Function 0699114F Relevance: 1.5, APIs: 1, Instructions: 8memoryCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • VirtualProtect.KERNEL32(?,?,?,?), ref: 0699115C
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ProtectVirtual
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 544645111-0
                                                                                                                                          • Opcode ID: c422918958c0a0f94b6ae871a63781266608beecfa6fa3bc6a152d81b13d4b2f
                                                                                                                                          • Instruction ID: 0fd183f319c9cfc0a53999ef6cf508025429c4e5aa9e3109e741064d3bf36a13
                                                                                                                                          • Opcode Fuzzy Hash: c422918958c0a0f94b6ae871a63781266608beecfa6fa3bc6a152d81b13d4b2f
                                                                                                                                          • Instruction Fuzzy Hash: BDC00132C0800CEEDF028AD4C8048ECBA3ABF0E202F085010E20AB0020D2225862AB20
                                                                                                                                          Function 0B0756B8 Relevance: 1.3, APIs: 1, Instructions: 41memoryCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • VirtualAlloc.KERNEL32(00000000,0013FFF0,00001000,00000004,?,?,0B075CCF,?,0B076274), ref: 0B0756CF
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3379869403.000000000B070000.00000040.00001000.00020000.00000000.sdmp, Offset: 0B070000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5AF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5B1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5BB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5F7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_b070000_CPPlayer.jbxd
                                                                                                                                          Yara matches
                                                                                                                                          Similarity
                                                                                                                                          • API ID: AllocVirtual
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 4275171209-0
                                                                                                                                          • Opcode ID: a3c6de2761a36f9a712b9d3a59ec4a80b869e51b8c579efd9d643d822fc67001
                                                                                                                                          • Instruction ID: b32d9e4256d82fddbe58a5d3bc00cc3f20efc5120a4a566974cc89e55cca0644
                                                                                                                                          • Opcode Fuzzy Hash: a3c6de2761a36f9a712b9d3a59ec4a80b869e51b8c579efd9d643d822fc67001
                                                                                                                                          • Instruction Fuzzy Hash: 32F069B2B403114FE7589F78AA40786BAE4F704350F1081BEE949EB684E6B08805D784
                                                                                                                                          Function 0B55EF93 Relevance: 1.3, APIs: 1, Instructions: 25sleepCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3379869403.000000000B089000.00000040.00001000.00020000.00000000.sdmp, Offset: 0B070000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B070000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5AF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5B1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5BB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5F7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_b070000_CPPlayer.jbxd
                                                                                                                                          Yara matches
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Sleep
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3472027048-0
                                                                                                                                          • Opcode ID: 20c745a604031ede2b4c80c5055bb6d37881558b3ab3211b10a707d133127566
                                                                                                                                          • Instruction ID: 7ea4777a5179ac85dbf87591ca1f38d5cc8554b57a100e91a45fe2639b8b9cd7
                                                                                                                                          • Opcode Fuzzy Hash: 20c745a604031ede2b4c80c5055bb6d37881558b3ab3211b10a707d133127566
                                                                                                                                          • Instruction Fuzzy Hash: 25E06D30A443086EF709F7E1C862BDDF7E9EB85300F9044A6D404A7180DB24EA46CA64

                                                                                                                                          Non-executed Functions

                                                                                                                                          Function 069D29FD Relevance: 66.4, APIs: 44, Instructions: 432COMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ___getlocaleinfo
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1937885557-0
                                                                                                                                          • Opcode ID: f9ae03805c8f6d2fc413d4065ee0229c77067b34a56da0196b98e771af4c34bf
                                                                                                                                          • Instruction ID: 219f354b9a7f84d04b83b67856e84864fc9691348a920c0d3c768f0bf40ee77c
                                                                                                                                          • Opcode Fuzzy Hash: f9ae03805c8f6d2fc413d4065ee0229c77067b34a56da0196b98e771af4c34bf
                                                                                                                                          • Instruction Fuzzy Hash: 50E1EFB290024DBEEF51DAF0CC80DFFB7BDEB48748F14492AB255E3441EA70AA059761
                                                                                                                                          Function 069E617A Relevance: 18.3, APIs: 4, Strings: 6, Instructions: 793COMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: __invoke_watson_strcpy_s
                                                                                                                                          • String ID: 1#IND$1#INF$1#QNAN$1#SNAN$?$T
                                                                                                                                          • API String ID: 3990783250-1230703744
                                                                                                                                          • Opcode ID: e1ac64762099a98df91834e0b0f02a2f783cece4d98aa8050b132cdb7b495c86
                                                                                                                                          • Instruction ID: be740cfee502b84acb12d57ff1130b2cc0826b5560bb4679a49b21a61c722daf
                                                                                                                                          • Opcode Fuzzy Hash: e1ac64762099a98df91834e0b0f02a2f783cece4d98aa8050b132cdb7b495c86
                                                                                                                                          • Instruction Fuzzy Hash: 1B62C331E1065ACFDF56CFA8C8503EDBBB1FF65310F24816AD815AB681D7749942CB90
                                                                                                                                          Function 0B53EEEC Relevance: 12.3, APIs: 8, Instructions: 316encryptionCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • CryptAcquireContextA.ADVAPI32(00000000,00000000,00000000,00000001,F0000000,00000000,0B53F2BC,?,?,?,00000000), ref: 0B53EF36
                                                                                                                                          • CryptImportKey.ADVAPI32(00000000,?,00000000,?,00000000,00000000,00000000,00000001,F0000000,00000000,0B53F2BC,?,?,?,00000000), ref: 0B53EF6C
                                                                                                                                          • CryptAcquireContextA.ADVAPI32(?,00000000,00000000,00000018,F0000000,00000000,0B53F28B,?,00000000,?,00000000,?,00000000,00000000,00000000,00000001), ref: 0B53EF96
                                                                                                                                          • CryptDecrypt.ADVAPI32(?,00000000,000000FF,00000000,00000000,00000080,?,?,?,00000000,00000000,00000018,F0000000,00000000,0B53F28B), ref: 0B53F05B
                                                                                                                                          • CryptImportKey.ADVAPI32(?,00000000,00000080,00000000,00000000,0B46A6AA,?,00000000,000000FF,00000000,00000000,00000080,?,?,?,00000000), ref: 0B53F07C
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3379869403.000000000B089000.00000040.00001000.00020000.00000000.sdmp, Offset: 0B070000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B070000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5AF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5B1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5BB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5F7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_b070000_CPPlayer.jbxd
                                                                                                                                          Yara matches
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Crypt$AcquireContextImport$Decrypt
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3133234178-0
                                                                                                                                          • Opcode ID: 6c0d7cd4f71ab0570131c79aead6642fcfaff1894fbbd87cf012a6cdbc7ade6f
                                                                                                                                          • Instruction ID: 51b396de0dea88df120536e4e07560c69787743da825f92ba5acaf574937c1eb
                                                                                                                                          • Opcode Fuzzy Hash: 6c0d7cd4f71ab0570131c79aead6642fcfaff1894fbbd87cf012a6cdbc7ade6f
                                                                                                                                          • Instruction Fuzzy Hash: 37C11775E04208AFEB11DFA8D891BAEBBF9FB49B10F1084A5F504E7394DB359940CB60
                                                                                                                                          Function 069AB949 Relevance: 9.2, APIs: 1, Strings: 4, Instructions: 411COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • ?readBENumber@io@dami@@YAIAAVID3_Reader@@I@Z.ID3LIB(?,00000002), ref: 069ABC3A
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ?readNumber@io@dami@@Reader@@
                                                                                                                                          • String ID: X$g$i$n
                                                                                                                                          • API String ID: 502016455-164491756
                                                                                                                                          • Opcode ID: a5c4383ac41b279dd4fd6f01b3a33abf629e463005e42c9be5fc59ecc7d6b141
                                                                                                                                          • Instruction ID: 6d78081d5e0166ee983ed3637f648ecefecde48357c8dc700d9021132ea74df6
                                                                                                                                          • Opcode Fuzzy Hash: a5c4383ac41b279dd4fd6f01b3a33abf629e463005e42c9be5fc59ecc7d6b141
                                                                                                                                          • Instruction Fuzzy Hash: E9F1B1B0A08341CFD7A8CF18C4906AAB7E6FF99300F248A6ED19687659D735D945CBC2
                                                                                                                                          Function 069A1B90 Relevance: 9.1, APIs: 6, Instructions: 107COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • ?GetID@ID3_Frame@@QBE?AW4ID3_FrameID@@XZ.ID3LIB ref: 069A1B9F
                                                                                                                                          • ?CreateIterator@ID3_Frame@@QBEPAVConstIterator@1@XZ.ID3LIB(00000000), ref: 069A1BAE
                                                                                                                                          • ?GetEncryptionID@ID3_Frame@@QBEEXZ.ID3LIB ref: 069A1C66
                                                                                                                                          • ?GetGroupingID@ID3_Frame@@QBEEXZ.ID3LIB ref: 069A1C78
                                                                                                                                          • ?GetCompression@ID3_Frame@@QBE_NXZ.ID3LIB(?), ref: 069A1C8A
                                                                                                                                          • ?GetSpec@ID3_Frame@@QBE?AW4ID3_V2Spec@@XZ.ID3LIB(?,?), ref: 069A1CA2
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Frame@@$Compression@ConstCreateEncryptionFrameGroupingIterator@Iterator@1@Spec@Spec@@
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 4258984014-0
                                                                                                                                          • Opcode ID: df96dd6eb4e43b9d643ecd00b64b3367220a68c9d41ae45013f53127f75878c9
                                                                                                                                          • Instruction ID: ae0886a4dc550ac98a8bb2a55784787416413b750a406194bef48a505b8b4662
                                                                                                                                          • Opcode Fuzzy Hash: df96dd6eb4e43b9d643ecd00b64b3367220a68c9d41ae45013f53127f75878c9
                                                                                                                                          • Instruction Fuzzy Hash: B83192717047019F8BD4FF58885053EB3E9AFD4150F10492DD86687B56DB24EE49C7E2
                                                                                                                                          Function 069AB953 Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 346COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • ?readBENumber@io@dami@@YAIAAVID3_Reader@@I@Z.ID3LIB(?,00000002), ref: 069ABC3A
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ?readNumber@io@dami@@Reader@@
                                                                                                                                          • String ID: X$g$i$n
                                                                                                                                          • API String ID: 502016455-164491756
                                                                                                                                          • Opcode ID: d7475b973f917507ba766edf03e1c8325fdd6d03ac1f810184ff681913f30eb3
                                                                                                                                          • Instruction ID: 8c46253ada9a17c5ac8c35c58a1578b4005f03e94d963ed3b8bb4164efd6bf29
                                                                                                                                          • Opcode Fuzzy Hash: d7475b973f917507ba766edf03e1c8325fdd6d03ac1f810184ff681913f30eb3
                                                                                                                                          • Instruction Fuzzy Hash: 7AE1B0B0A08341CFD7A8CF18C490AAAB7E6FF99300F248A6ED1D687655D735D945CBC2
                                                                                                                                          Function 069AB95D Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 345COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • ?readBENumber@io@dami@@YAIAAVID3_Reader@@I@Z.ID3LIB(?,00000002), ref: 069ABC3A
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ?readNumber@io@dami@@Reader@@
                                                                                                                                          • String ID: X$g$i$n
                                                                                                                                          • API String ID: 502016455-164491756
                                                                                                                                          • Opcode ID: 48c5da84028ad41dff4337a154997b322ea179a6b354eef434fd5cd8b748df03
                                                                                                                                          • Instruction ID: 5e7bd8f309c74c811ee08fde8fba8347d1ad703030d6f42b16b16a8ee0670edc
                                                                                                                                          • Opcode Fuzzy Hash: 48c5da84028ad41dff4337a154997b322ea179a6b354eef434fd5cd8b748df03
                                                                                                                                          • Instruction Fuzzy Hash: 8DE1B0B0A08341CFD7A8CF18C490AAAB7E6FF99300F248A6ED1D587655D735D945CBC2
                                                                                                                                          Function 069AEDB0 Relevance: 9.1, APIs: 6, Instructions: 58fileCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • GetVersion.KERNEL32 ref: 069AEDB8
                                                                                                                                          • CreateFileW.KERNEL32(00000000,C0000000,00000000,00000000,00000003,00000080,00000000), ref: 069AEDE0
                                                                                                                                          • CreateFileA.KERNEL32(00000000,C0000000,00000000,00000000,00000003,00000080,00000000), ref: 069AEE05
                                                                                                                                          • SetFilePointer.KERNEL32(00000000,?,00000000,00000000), ref: 069AEE25
                                                                                                                                          • SetEndOfFile.KERNEL32(00000000), ref: 069AEE2C
                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 069AEE33
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: File$Create$CloseHandlePointerVersion
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1502769585-0
                                                                                                                                          • Opcode ID: 0214c069a96fba4dc1110841af907044ee57345feaef8363ed75b71e98da9e50
                                                                                                                                          • Instruction ID: 3d0840081d0a17d6d0a1cc71cbac14c39ecc5ebc5bd6d1ba1e563aa505455088
                                                                                                                                          • Opcode Fuzzy Hash: 0214c069a96fba4dc1110841af907044ee57345feaef8363ed75b71e98da9e50
                                                                                                                                          • Instruction Fuzzy Hash: 0001A7B27812117BF37036BC6C0AFBA25599B82B75F250275FB11EA1C0D7506D0643F6
                                                                                                                                          Function 0B53FFF0 Relevance: 7.6, APIs: 5, Instructions: 111encryptionCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • CryptCreateHash.ADVAPI32(?,00008003,00000000,00000000,?,00000000,0B54018E,?,?,00000000,00000000,00000001,F0000000,00000000,0B54019F), ref: 0B54009E
                                                                                                                                          • CryptHashData.ADVAPI32(?,?,00000000,00000000,00000000,0B54016E,?,?,00008003,00000000,00000000,?,00000000,0B54018E,?,?), ref: 0B5400DE
                                                                                                                                          • CryptGetHashParam.ADVAPI32(?,00000002,00000000,0B55EFDA,00000000,?,?,00000000,00000000,00000000,0B54016E,?,?,00008003,00000000,00000000), ref: 0B5400F5
                                                                                                                                          • CryptGetHashParam.ADVAPI32(?,00000002,00000000,0B55EFDA,00000000), ref: 0B540128
                                                                                                                                          • CryptDestroyHash.ADVAPI32(?,0B540175,00000000,00000000,0B54016E,?,?,00008003,00000000,00000000,?,00000000,0B54018E,?,?,00000000), ref: 0B540168
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3379869403.000000000B089000.00000040.00001000.00020000.00000000.sdmp, Offset: 0B070000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B070000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5AF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5B1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5BB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5F7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_b070000_CPPlayer.jbxd
                                                                                                                                          Yara matches
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CryptHash$Param$CreateDataDestroy
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2828272217-0
                                                                                                                                          • Opcode ID: 70e680a3c103c1788a1245929f5693c710173e92a1739efa0ba4fd598d2989a1
                                                                                                                                          • Instruction ID: ce67c20c5131af7b7dfcca58b481465502e556c612a3a982b7b51520c5da96eb
                                                                                                                                          • Opcode Fuzzy Hash: 70e680a3c103c1788a1245929f5693c710173e92a1739efa0ba4fd598d2989a1
                                                                                                                                          • Instruction Fuzzy Hash: 66416171A043499FEB02DBA8DD55FBEBBB8FF0A704F180495E651EB291D774A900CB21
                                                                                                                                          Function 07313E6A Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • IsDebuggerPresent.KERNEL32 ref: 073169B9
                                                                                                                                          • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 073169CE
                                                                                                                                          • UnhandledExceptionFilter.KERNEL32(07321778), ref: 073169D9
                                                                                                                                          • GetCurrentProcess.KERNEL32(C0000409), ref: 073169F5
                                                                                                                                          • TerminateProcess.KERNEL32(00000000), ref: 073169FC
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3364461439.0000000007311000.00000020.00000001.01000000.00000012.sdmp, Offset: 07310000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3364405182.0000000007310000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364564894.0000000007320000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364633835.0000000007324000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364663478.0000000007327000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_7310000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2579439406-0
                                                                                                                                          • Opcode ID: 5eb0ed29258f7c8dc51fd009b22a89a0c2b7da2c54f12b95bb77da0719233ed8
                                                                                                                                          • Instruction ID: e8a677c971c20b8aaf22bc65fcee0fc9ab9b167d6b9862456dc72608f63928ba
                                                                                                                                          • Opcode Fuzzy Hash: 5eb0ed29258f7c8dc51fd009b22a89a0c2b7da2c54f12b95bb77da0719233ed8
                                                                                                                                          • Instruction Fuzzy Hash: C521C0B8582304DFF724EF18F046A547BACFB08311F90509EE50987642E7BC5BA68F45
                                                                                                                                          Function 069C2B05 Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • IsDebuggerPresent.KERNEL32 ref: 069CAAE7
                                                                                                                                          • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 069CAAFC
                                                                                                                                          • UnhandledExceptionFilter.KERNEL32(06A00C04), ref: 069CAB07
                                                                                                                                          • GetCurrentProcess.KERNEL32(C0000409), ref: 069CAB23
                                                                                                                                          • TerminateProcess.KERNEL32(00000000), ref: 069CAB2A
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2579439406-0
                                                                                                                                          • Opcode ID: 1dfae4666f10b2d39bed36c13bb5f6f7cfe97536c94305f6d34f33586241cb1a
                                                                                                                                          • Instruction ID: c9b1370e4a64c925948d1ec8652bc8ab5df0ac7b8f35645618ce6b871c1aa7d2
                                                                                                                                          • Opcode Fuzzy Hash: 1dfae4666f10b2d39bed36c13bb5f6f7cfe97536c94305f6d34f33586241cb1a
                                                                                                                                          • Instruction Fuzzy Hash: CF21DFB98502599FD754FF28F544A647BA6BF08360F11406AFF298F280E7B05D82CF0A
                                                                                                                                          Function 0B07D878 Relevance: 4.6, APIs: 3, Instructions: 99COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • IsValidLocale.KERNEL32(?,00000002,00000000,0B07D9DD,?,0B27530C,?,00000000), ref: 0B07D922
                                                                                                                                          • GetLocaleInfoW.KERNEL32(00000000,00000059,?,00000055,?,00000002,00000000,0B07D9DD,?,0B27530C,?,00000000), ref: 0B07D93E
                                                                                                                                          • GetLocaleInfoW.KERNEL32(00000000,0000005A,?,00000055,00000000,00000059,?,00000055,?,00000002,00000000,0B07D9DD,?,0B27530C,?,00000000), ref: 0B07D94F
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3379869403.000000000B070000.00000040.00001000.00020000.00000000.sdmp, Offset: 0B070000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5AF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5B1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5BB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5F7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_b070000_CPPlayer.jbxd
                                                                                                                                          Yara matches
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Locale$Info$Valid
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1826331170-0
                                                                                                                                          • Opcode ID: 7ddac2280afea467a1ea3f81090d3e181cfd51d43affddb92a5741c6c11c19d5
                                                                                                                                          • Instruction ID: 1b80950d75c809b2253deb61e8059e5951db234ef639d7c36e9bbcbaefa38671
                                                                                                                                          • Opcode Fuzzy Hash: 7ddac2280afea467a1ea3f81090d3e181cfd51d43affddb92a5741c6c11c19d5
                                                                                                                                          • Instruction Fuzzy Hash: 94318DB0E8060CAEDB28EF54DC91BDEF7B6EF44700F1002E5D509A7290DA319E84CE68
                                                                                                                                          Function 0B2DCE20 Relevance: 1.6, APIs: 1, Instructions: 50comCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 0B2DCC60: CLSIDFromProgID.COMBASE(00000000,0B55EFDA), ref: 0B2DCC8D
                                                                                                                                          • CoCreateInstance.COMBASE(0B55EFDA,00000000,00000005,0B2DCF3C,00000000), ref: 0B2DCE8E
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3379869403.000000000B089000.00000040.00001000.00020000.00000000.sdmp, Offset: 0B070000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B070000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5AF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5B1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5BB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5F7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_b070000_CPPlayer.jbxd
                                                                                                                                          Yara matches
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CreateFromInstanceProg
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2151042543-0
                                                                                                                                          • Opcode ID: daafa5121eaab774c877f694806ea5c07dc23a3185bdc1d6484429524b07dd3a
                                                                                                                                          • Instruction ID: 29ea81e77cd5bd0f5e9e064a123eba1327a84b2e2c6863f3efed51932919ed56
                                                                                                                                          • Opcode Fuzzy Hash: daafa5121eaab774c877f694806ea5c07dc23a3185bdc1d6484429524b07dd3a
                                                                                                                                          • Instruction Fuzzy Hash: 7001F170664704AFEB05EF64CCA3CABBBECEB0EA00B4244B9F900E2650E6745D10D974
                                                                                                                                          Function 0B404934 Relevance: 1.5, APIs: 1, Instructions: 36COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • GetSystemInfo.KERNEL32(0B5B1AA0,00000000,0B4049A7,?,?,?,?,?,0B5528AA), ref: 0B40496C
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3379869403.000000000B089000.00000040.00001000.00020000.00000000.sdmp, Offset: 0B070000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B070000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5AF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5B1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5BB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5F7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_b070000_CPPlayer.jbxd
                                                                                                                                          Yara matches
                                                                                                                                          Similarity
                                                                                                                                          • API ID: InfoSystem
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 31276548-0
                                                                                                                                          • Opcode ID: 760d3a315774fd7c0003d50fb6630064d4cbe54e1425e5c4cd30c98906f46c0f
                                                                                                                                          • Instruction ID: b287174d2ba519f0fece5eb2b0fea3c6d5baf1175efd993699a7e130898ee136
                                                                                                                                          • Opcode Fuzzy Hash: 760d3a315774fd7c0003d50fb6630064d4cbe54e1425e5c4cd30c98906f46c0f
                                                                                                                                          • Instruction Fuzzy Hash: 56F022301283815DE7016775E4527193FF8EB13724F5010F6E944A1780CABC920AEBA5
                                                                                                                                          Function 069D4D49 Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • EnumSystemLocalesA.KERNEL32(Function_000449A8,00000001), ref: 069D4D62
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: EnumLocalesSystem
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2099609381-0
                                                                                                                                          • Opcode ID: 307295de4a19e18083816981188cfea3cb69792ea27ac51efe3adf4d8e056986
                                                                                                                                          • Instruction ID: 19cb022abca77ae6881324f430cca6d3da472b88f1d8cd8ce4d1d7132e48d73a
                                                                                                                                          • Opcode Fuzzy Hash: 307295de4a19e18083816981188cfea3cb69792ea27ac51efe3adf4d8e056986
                                                                                                                                          • Instruction Fuzzy Hash: FDD0A734A207414BE7209F35C94972577D0FB51F04F50C928DA93959C0C7749845C700
                                                                                                                                          Function 0B53EA79 Relevance: 1.5, APIs: 1, Instructions: 11encryptionCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • CryptReleaseContext.ADVAPI32(?,00000000,0B53EA99,00000000,?,00000000,0B53EA92,?,?,00000000,00000000,00000018,F0000000,00000000,0B53EAA3), ref: 0B53EA8C
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3379869403.000000000B089000.00000040.00001000.00020000.00000000.sdmp, Offset: 0B070000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B070000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5AF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5B1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5BB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5F7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_b070000_CPPlayer.jbxd
                                                                                                                                          Yara matches
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ContextCryptRelease
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 829835001-0
                                                                                                                                          • Opcode ID: 38546414470cb10544751c089a0f25b1b054af095807a97e4c310f9651917b43
                                                                                                                                          • Instruction ID: d83445542d24c6c435c920426f383436bf623a017e270e1f802db53cb443137f
                                                                                                                                          • Opcode Fuzzy Hash: 38546414470cb10544751c089a0f25b1b054af095807a97e4c310f9651917b43
                                                                                                                                          • Instruction Fuzzy Hash: 89C09B7674C3456DF705E6E46927B2D67D4F7C4F10FA144A5F104D6780D56558004574
                                                                                                                                          Function 0B53EA19 Relevance: 1.5, APIs: 1, Instructions: 11encryptionCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • CryptReleaseContext.ADVAPI32(?,00000000,0B53EA3D,00000000,?,00000000,0B53EA32,?,?,00000000,00000000,00000001,F0000000,?,?,00006610), ref: 0B53EA2C
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3379869403.000000000B089000.00000040.00001000.00020000.00000000.sdmp, Offset: 0B070000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B070000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5AF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5B1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5BB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5F7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_b070000_CPPlayer.jbxd
                                                                                                                                          Yara matches
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ContextCryptRelease
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 829835001-0
                                                                                                                                          • Opcode ID: 2f8b49d3a369b2f488dd9c9f1d88562a22a220e89aae8610f09c4edfdaa287d0
                                                                                                                                          • Instruction ID: 5ed391c269c85182a5e4fa368de36554929690c0fb01bbee6d6ca6dac5ba18db
                                                                                                                                          • Opcode Fuzzy Hash: 2f8b49d3a369b2f488dd9c9f1d88562a22a220e89aae8610f09c4edfdaa287d0
                                                                                                                                          • Instruction Fuzzy Hash: B5C09B7674C344DDFB05E6E46C27F6D63D4F7C8F10F9544A5F100D6680D56998004534
                                                                                                                                          Function 0B53EE2D Relevance: 1.5, APIs: 1, Instructions: 11encryptionCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • CryptReleaseContext.ADVAPI32(00000000,00000000,0B53EE4D,?,00000000,00000000,00000000,00000001,F0000000,00000000,0B53EE64,?,?,00006610,?,00000000), ref: 0B53EE40
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3379869403.000000000B089000.00000040.00001000.00020000.00000000.sdmp, Offset: 0B070000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B070000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5AF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5B1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5BB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5F7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_b070000_CPPlayer.jbxd
                                                                                                                                          Yara matches
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ContextCryptRelease
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 829835001-0
                                                                                                                                          • Opcode ID: 1045d1fbedb633ba075b7f15044e9987114adb691d590b89bdb7de796ae1002f
                                                                                                                                          • Instruction ID: a41879fb4d0b165f20db4c25a65c0a53dae54099e05c73dd6cf9fd3ee70b1588
                                                                                                                                          • Opcode Fuzzy Hash: 1045d1fbedb633ba075b7f15044e9987114adb691d590b89bdb7de796ae1002f
                                                                                                                                          • Instruction Fuzzy Hash: 40C09B7674C3449DFB05A6E46C23F6D63D4F7CCF10F9548A5F100D6680D56994105534
                                                                                                                                          Function 0B53EE89 Relevance: 1.5, APIs: 1, Instructions: 11encryptionCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • CryptReleaseContext.ADVAPI32(?,00000000,0B53EEA9,00000000,?,00000000,0B53EEA2,?,?,00000000,00000000,00000018,F0000000,00000000,0B53EEB3), ref: 0B53EE9C
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3379869403.000000000B089000.00000040.00001000.00020000.00000000.sdmp, Offset: 0B070000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B070000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5AF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5B1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5BB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5F7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_b070000_CPPlayer.jbxd
                                                                                                                                          Yara matches
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ContextCryptRelease
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 829835001-0
                                                                                                                                          • Opcode ID: f62cd3423c8530d2bdd828c9dffdb2f46d70173c43049a1aecdd6bf3361c2956
                                                                                                                                          • Instruction ID: 2e457129f07abed7164cc5264d2afb353fc4298e9c4e7e22b1f485836fe51288
                                                                                                                                          • Opcode Fuzzy Hash: f62cd3423c8530d2bdd828c9dffdb2f46d70173c43049a1aecdd6bf3361c2956
                                                                                                                                          • Instruction Fuzzy Hash: 32C09B7674C3455DF705E6E4B923B2E63D4F7C8F10FA144A5F100D6780D56598005574
                                                                                                                                          Function 0B540951 Relevance: 1.5, APIs: 1, Instructions: 11encryptionCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • CryptReleaseContext.ADVAPI32(?,00000000,0B540971,00000000,?,00000000,0B54096A,?,?,00000000,00000000,00000018,F0000000,00000000,0B54097B), ref: 0B540964
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3379869403.000000000B089000.00000040.00001000.00020000.00000000.sdmp, Offset: 0B070000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B070000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5AF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5B1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5BB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5F7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_b070000_CPPlayer.jbxd
                                                                                                                                          Yara matches
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ContextCryptRelease
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 829835001-0
                                                                                                                                          • Opcode ID: f6eb93beef284348f4262a6a2c2ccf69c6626f007747953a34fa66dd4de29477
                                                                                                                                          • Instruction ID: e63af49a298628d97b4e1c0d81c7da972b0664882905cb04804dbd7c362e11e7
                                                                                                                                          • Opcode Fuzzy Hash: f6eb93beef284348f4262a6a2c2ccf69c6626f007747953a34fa66dd4de29477
                                                                                                                                          • Instruction Fuzzy Hash: 14C09B7B74C3446EFB05A6F86872B2D63D4F7C4B10FA584E5F100D75C0D57554004524
                                                                                                                                          Function 0B53EA5B Relevance: 1.5, APIs: 1, Instructions: 10encryptionCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • CryptDestroyHash.ADVAPI32(?,0B53EA79,00000000,00000000,0B53EA72,?,?,00008003,00000000,00000000,?,00000000,0B53EA92,?,?,00000000), ref: 0B53EA6C
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3379869403.000000000B089000.00000040.00001000.00020000.00000000.sdmp, Offset: 0B070000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B070000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5AF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5B1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5BB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5F7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_b070000_CPPlayer.jbxd
                                                                                                                                          Yara matches
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CryptDestroyHash
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 174375392-0
                                                                                                                                          • Opcode ID: fed868c3ca853b410ef12d1444c0d9403af473fa2d878dcfbd731faed633264d
                                                                                                                                          • Instruction ID: c4c5ced440296cadbc4143142818682ade6772e839ab19bb529e3d71c36ecbf5
                                                                                                                                          • Opcode Fuzzy Hash: fed868c3ca853b410ef12d1444c0d9403af473fa2d878dcfbd731faed633264d
                                                                                                                                          • Instruction Fuzzy Hash: 53B09B7660C2019E7705D7D5741646D63D4F7C5B1039284A7E000C2740D52954014534
                                                                                                                                          Function 0B53EE4D Relevance: 1.5, APIs: 1, Instructions: 10encryptionCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • CryptDestroyKey.ADVAPI32(?,0B53EE6B,00000001,F0000000,00000000,0B53EE64,?,?,00006610,?,00000000,?,?,?,00000000,00000000), ref: 0B53EE5E
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3379869403.000000000B089000.00000040.00001000.00020000.00000000.sdmp, Offset: 0B070000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B070000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5AF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5B1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5BB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5F7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_b070000_CPPlayer.jbxd
                                                                                                                                          Yara matches
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CryptDestroy
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1712904745-0
                                                                                                                                          • Opcode ID: ce38d47efcdd6c74c83aa35d2845779d2f165eb6d93c02d53031c44cfe96f1df
                                                                                                                                          • Instruction ID: 6f6ebb4b996ee5e4d39737a9224c8ff76697aca8cfb94d493f24ca8648702ade
                                                                                                                                          • Opcode Fuzzy Hash: ce38d47efcdd6c74c83aa35d2845779d2f165eb6d93c02d53031c44cfe96f1df
                                                                                                                                          • Instruction Fuzzy Hash: C4B09B7660C6015EB71597D4645346D67D4F7C9F1079144A5E100C3640D52594014674
                                                                                                                                          Function 0B53EE6B Relevance: 1.5, APIs: 1, Instructions: 10encryptionCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • CryptDestroyHash.ADVAPI32(?,0B53EE89,00000000,00000000,0B53EE82,?,?,00008003,00000000,00000000,?,00000000,0B53EEA2,?,?,00000000), ref: 0B53EE7C
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3379869403.000000000B089000.00000040.00001000.00020000.00000000.sdmp, Offset: 0B070000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B070000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5AF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5B1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5BB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5F7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_b070000_CPPlayer.jbxd
                                                                                                                                          Yara matches
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CryptDestroyHash
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 174375392-0
                                                                                                                                          • Opcode ID: bdaa3b7ba6a6b17edeb4249b01a3abe987c7bde60b37394c8268898684daf8b7
                                                                                                                                          • Instruction ID: 5c4707ca6471b0acbf379c2ae5b3ae14cd0f270cdea7cef6e3b7971bb9f67e8a
                                                                                                                                          • Opcode Fuzzy Hash: bdaa3b7ba6a6b17edeb4249b01a3abe987c7bde60b37394c8268898684daf8b7
                                                                                                                                          • Instruction Fuzzy Hash: 38B09B76A0C2015E770597D5741246D63D4F7C9F1039184A6E004C2740D52954014534
                                                                                                                                          Function 0B53EE0F Relevance: 1.5, APIs: 1, Instructions: 10encryptionCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • CryptDestroyKey.ADVAPI32(?,0B53EE2D), ref: 0B53EE20
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3379869403.000000000B089000.00000040.00001000.00020000.00000000.sdmp, Offset: 0B070000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B070000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5AF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5B1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5BB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5F7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_b070000_CPPlayer.jbxd
                                                                                                                                          Yara matches
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CryptDestroy
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1712904745-0
                                                                                                                                          • Opcode ID: 7c58ae52b0fbd45913be686f14465c53092a2ffddf3728a7664a4163b4253eff
                                                                                                                                          • Instruction ID: 04491771cb241435bc53269a7ffc5747515b0aa32642ba68875a3597f189cb08
                                                                                                                                          • Opcode Fuzzy Hash: 7c58ae52b0fbd45913be686f14465c53092a2ffddf3728a7664a4163b4253eff
                                                                                                                                          • Instruction Fuzzy Hash: EBB09B7660C2005EB705DBD4751245C63D4F7CDB103A148E5E100D3640D525EC004634
                                                                                                                                          Function 0B53EA3D Relevance: 1.5, APIs: 1, Instructions: 10encryptionCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • CryptDestroyKey.ADVAPI32(0B46A0E6,0B53EA5B,00000000,00000000,?,00000000,?,?,00006610,?,00000000,0B46A0E6,?,0B46A186,00000000,00000000), ref: 0B53EA4E
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3379869403.000000000B089000.00000040.00001000.00020000.00000000.sdmp, Offset: 0B070000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B070000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5AF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5B1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5BB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5F7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_b070000_CPPlayer.jbxd
                                                                                                                                          Yara matches
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CryptDestroy
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1712904745-0
                                                                                                                                          • Opcode ID: 15cdda67cedccb5a7c562efce91601576ca79ad372c1c2d3938113c43aa28eb9
                                                                                                                                          • Instruction ID: cb0155f9760d2113ab7ead311e65a11b2fb9618ff4317dc1c5cce8e088577129
                                                                                                                                          • Opcode Fuzzy Hash: 15cdda67cedccb5a7c562efce91601576ca79ad372c1c2d3938113c43aa28eb9
                                                                                                                                          • Instruction Fuzzy Hash: 96B09B7660C601DE770597D4645746D67D4F7C5B1079184A5E144C3640D52594024574
                                                                                                                                          Function 0B540933 Relevance: 1.5, APIs: 1, Instructions: 10encryptionCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • CryptDestroyHash.ADVAPI32(?,0B540951,00000000,00000000,?,00000000,0B54096A,?,?,00000000,00000000,00000018,F0000000,00000000,0B54097B), ref: 0B540944
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3379869403.000000000B089000.00000040.00001000.00020000.00000000.sdmp, Offset: 0B070000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B070000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5AF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5B1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5BB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5F7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_b070000_CPPlayer.jbxd
                                                                                                                                          Yara matches
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CryptDestroyHash
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 174375392-0
                                                                                                                                          • Opcode ID: 2149952e8f0354abfa074ac3900319f5bea00ffeb290e9bcfdb62816c2968263
                                                                                                                                          • Instruction ID: 864a0f5c0c2d10e9b4c23c50b5d8e631f329c388b2e67d083b095fc5bb092077
                                                                                                                                          • Opcode Fuzzy Hash: 2149952e8f0354abfa074ac3900319f5bea00ffeb290e9bcfdb62816c2968263
                                                                                                                                          • Instruction Fuzzy Hash: 63B09B7760C2015EB705D7D5682547D63D4F7C57143A548A5E554C3540D57594004524
                                                                                                                                          Function 0B53E9DD Relevance: 1.5, APIs: 1, Instructions: 10encryptionCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • CryptDestroyKey.ADVAPI32(?,0B53E9FB,00000000,00000000,?,00000000,0B53E9F4,?,?,?,00000000,?,?,00008003,00000000,00000000), ref: 0B53E9EE
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3379869403.000000000B089000.00000040.00001000.00020000.00000000.sdmp, Offset: 0B070000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B070000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5AF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5B1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5BB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5F7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_b070000_CPPlayer.jbxd
                                                                                                                                          Yara matches
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CryptDestroy
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1712904745-0
                                                                                                                                          • Opcode ID: 6a9ce747800eadb53bd837d19dd345f686aea1fd6bbcf06ae0d5d7b6b3f44005
                                                                                                                                          • Instruction ID: 5d2dcfed9df3f8972ef01bc911d6011d8ddd7cd9c426d142b796bd3dbdd90c17
                                                                                                                                          • Opcode Fuzzy Hash: 6a9ce747800eadb53bd837d19dd345f686aea1fd6bbcf06ae0d5d7b6b3f44005
                                                                                                                                          • Instruction Fuzzy Hash: 27B09B7760C6405E7705DBD5A56245C73D4F7C9B103A144E5E040D3640D525DC014634
                                                                                                                                          Function 0B53E9FB Relevance: 1.5, APIs: 1, Instructions: 10encryptionCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • CryptDestroyHash.ADVAPI32(?,0B53EA19,00000000,00000000,0B53EA12,?,?,00008003,00000000,00000000,?,00000000,0B53EA32,?,?,00000000), ref: 0B53EA0C
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3379869403.000000000B089000.00000040.00001000.00020000.00000000.sdmp, Offset: 0B070000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B070000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5AF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5B1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5BB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5F7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_b070000_CPPlayer.jbxd
                                                                                                                                          Yara matches
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CryptDestroyHash
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 174375392-0
                                                                                                                                          • Opcode ID: 6a8ee4b93a470e03204634b6dd60e62dc9d9b62f3c871f0b762ada506bde5f4b
                                                                                                                                          • Instruction ID: 49485d62bf6ad4f38bc5e610949545f6f1cdcfefc6a2ccf6fc3ac70f647911f4
                                                                                                                                          • Opcode Fuzzy Hash: 6a8ee4b93a470e03204634b6dd60e62dc9d9b62f3c871f0b762ada506bde5f4b
                                                                                                                                          • Instruction Fuzzy Hash: 8EB09B7660C2009E770597D5781649C67D4F7C9B207D544A6E000D3740D52594108534
                                                                                                                                          Function 069DD750 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • GetLocaleInfoW.KERNEL32(?,?,?,?), ref: 069DD761
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: InfoLocale
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2299586839-0
                                                                                                                                          • Opcode ID: 0e20253e0ea323c4a2b5508a292b095881c0b894e971e7ce8d6bc15dc8c5268f
                                                                                                                                          • Instruction ID: b30f3460de5635f224dde3c91470930a7f6f829e61a89d14e28636bfe2e1e55c
                                                                                                                                          • Opcode Fuzzy Hash: 0e20253e0ea323c4a2b5508a292b095881c0b894e971e7ce8d6bc15dc8c5268f
                                                                                                                                          • Instruction Fuzzy Hash: FCC0023604024DBB8F125F85EC0489A7F2BFB88661B054050FA180542087329971AB51
                                                                                                                                          Function 069BF940 Relevance: .8, Instructions: 837COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: a63d3c466d3e42b85c86520cd87c58e68f737ae20daf262b56b23d60a3bd7e5b
                                                                                                                                          • Instruction ID: 5f39eeb1ad0129b57bd9a991bca13261e9cc0b1b526de65af473d137fdab2eab
                                                                                                                                          • Opcode Fuzzy Hash: a63d3c466d3e42b85c86520cd87c58e68f737ae20daf262b56b23d60a3bd7e5b
                                                                                                                                          • Instruction Fuzzy Hash: 09624AB5A047018FC758CF18C990A6ABBF5FFC9310F108A2EE99A87B55D731E845CB52
                                                                                                                                          Function 06DD65E0 Relevance: .6, Instructions: 617COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361849390.0000000006DD1000.00000020.00000001.01000000.00000011.sdmp, Offset: 06DD0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361827332.0000000006DD0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361960118.0000000006DE2000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361980942.0000000006DE5000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3362017883.0000000006DE8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6dd0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 07396eee454c85584817cf15b8c0d006d29891ab31e0bab80244d1fd90dbd4d6
                                                                                                                                          • Instruction ID: 3f0925030ef1b8fab9d4c64b532ce9cd5bba6991596075ab3099bf3835ba5a8d
                                                                                                                                          • Opcode Fuzzy Hash: 07396eee454c85584817cf15b8c0d006d29891ab31e0bab80244d1fd90dbd4d6
                                                                                                                                          • Instruction Fuzzy Hash: 7B121832B082554FD758DE2CC49026EBBE2EBC8354F154A3EE99AD7744DA30E949CBC4
                                                                                                                                          Function 069D657D Relevance: .5, Instructions: 528COMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: e7dbbe3ed15fd1a9dcdeb91ddc743f9ab1c55de9b3bbe1750642caa81e574c68
                                                                                                                                          • Instruction ID: a06879069375c15a28e063a4240e3edd75ad6ea0f3d63bd24cde16f12b4d1f10
                                                                                                                                          • Opcode Fuzzy Hash: e7dbbe3ed15fd1a9dcdeb91ddc743f9ab1c55de9b3bbe1750642caa81e574c68
                                                                                                                                          • Instruction Fuzzy Hash: 9A02CE33C59BB34B8BB14EF944E05267AA45E015A072FC7F9DCC03FA96C216DD0996E0
                                                                                                                                          Function 06DD80E0 Relevance: .5, Instructions: 488COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361849390.0000000006DD1000.00000020.00000001.01000000.00000011.sdmp, Offset: 06DD0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361827332.0000000006DD0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361960118.0000000006DE2000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361980942.0000000006DE5000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3362017883.0000000006DE8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6dd0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: dbde455599399142b8875d737f99a10fa0ecd13e6869853dbde671cd5688fe57
                                                                                                                                          • Instruction ID: 02401529fe41ecbcf56ca74860cac6abacd822f5401d1855fcc2a6baba454a6b
                                                                                                                                          • Opcode Fuzzy Hash: dbde455599399142b8875d737f99a10fa0ecd13e6869853dbde671cd5688fe57
                                                                                                                                          • Instruction Fuzzy Hash: 9C027B71600B019FD3A6EF28D981A6BB3E9FF88704F44492CE5A787741E631F905DBA1
                                                                                                                                          Function 069BF9C8 Relevance: .4, Instructions: 444COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 78c3bd4b7ce4372ed06d0526e6c0f7b4931d73bffba7d16b03e917df2252ed31
                                                                                                                                          • Instruction ID: 61b0eb6a8b326b07f5dd34a0063f0fd1d3be6fbfbc7cebac33865aaf24d211bf
                                                                                                                                          • Opcode Fuzzy Hash: 78c3bd4b7ce4372ed06d0526e6c0f7b4931d73bffba7d16b03e917df2252ed31
                                                                                                                                          • Instruction Fuzzy Hash: 61027CB1A18702CFD768CF28C99066BB7F6FBC4304F10892DE59A87A45E775E844CB52
                                                                                                                                          Function 069BF9C6 Relevance: .4, Instructions: 443COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 160dab48dc1e9e1807614b927ff38bf3b8d00ebe97a286a09f023a202ac6b709
                                                                                                                                          • Instruction ID: e601658ec364f228621d198af87a0b127aa20f37789c59f6c9fa4d28c5e0ad8e
                                                                                                                                          • Opcode Fuzzy Hash: 160dab48dc1e9e1807614b927ff38bf3b8d00ebe97a286a09f023a202ac6b709
                                                                                                                                          • Instruction Fuzzy Hash: F7027CB1A187028FD768CF28C99066BB7F6FBC4304F10892DE59A87A45E775E844CB52
                                                                                                                                          Function 069D654A Relevance: .4, Instructions: 424COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: c8cd200f21f87efd526556b0c96519648e5ab96378e2796d871fbd8ad7985856
                                                                                                                                          • Instruction ID: 84aeddce1cb11c3f514c5c23008b4d374167343e62ab5e0273edef581aff5518
                                                                                                                                          • Opcode Fuzzy Hash: c8cd200f21f87efd526556b0c96519648e5ab96378e2796d871fbd8ad7985856
                                                                                                                                          • Instruction Fuzzy Hash: 9EE18233C59BB34B4BB24EE944E05267AA45E025A072FC7F9DDC43FA97C212DD0996E0
                                                                                                                                          Function 069D7652 Relevance: .4, Instructions: 384COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 0666e2c6603716d584354562bcf590181c980fb8da26174d951f804026303a75
                                                                                                                                          • Instruction ID: 52921a288afec9cbd0ee6194badf7d06980d264be5e1ed6d197c9d71ea70cf00
                                                                                                                                          • Opcode Fuzzy Hash: 0666e2c6603716d584354562bcf590181c980fb8da26174d951f804026303a75
                                                                                                                                          • Instruction Fuzzy Hash: 70D1A073C1A9B30A87B5856D44A823EEE626FC255032FC7F1DCD43FA8AD2269D11C5D0
                                                                                                                                          Function 069D7232 Relevance: .4, Instructions: 378COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: c40bcf876c129f9393d32ca3cb7471e4bcf7a4352579634fb414d11934eaa4f2
                                                                                                                                          • Instruction ID: 3ddaaff6d26aa9efc7dea3d40549b1865d16e290a75dd927f5d49c08d007c022
                                                                                                                                          • Opcode Fuzzy Hash: c40bcf876c129f9393d32ca3cb7471e4bcf7a4352579634fb414d11934eaa4f2
                                                                                                                                          • Instruction Fuzzy Hash: 59D18F73C1A9B30A87B6856D449823FEE626FD165132FC7F1DCD42FA8AD2266D01C6D0
                                                                                                                                          Function 069D6E26 Relevance: .4, Instructions: 361COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 8709e21481f65d4d57cc4b3952fb3adbcebd3cc8b64ff3d20fdf858c0bfd14a0
                                                                                                                                          • Instruction ID: f56065f612600901ba5cb48504ac0d20f79bb34438bdaed4e5edb8e11095c271
                                                                                                                                          • Opcode Fuzzy Hash: 8709e21481f65d4d57cc4b3952fb3adbcebd3cc8b64ff3d20fdf858c0bfd14a0
                                                                                                                                          • Instruction Fuzzy Hash: 57C1A173C1A9B30A87B6856D44A813AEE626FD255032FC7F1CCD43FA8AD2376D1585D0
                                                                                                                                          Function 069D6A52 Relevance: .4, Instructions: 351COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: a6a9d25a147ba64f4d06249d12fe21364a5b6889ab238d0ba2e949acfc497403
                                                                                                                                          • Instruction ID: 248c9ae33c50f0cc572a3e46f09e5a311cb8e414c8ecc628c3451d0f1912e0e2
                                                                                                                                          • Opcode Fuzzy Hash: a6a9d25a147ba64f4d06249d12fe21364a5b6889ab238d0ba2e949acfc497403
                                                                                                                                          • Instruction Fuzzy Hash: 87C1C173D1A9B30A87B5852D449813AEE626FD265073FC3F2DCD43FA89D2366D1581D0
                                                                                                                                          Function 06DC1EB0 Relevance: .3, Instructions: 337COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361628266.0000000006DC1000.00000020.00000001.01000000.00000010.sdmp, Offset: 06DC0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361583894.0000000006DC0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361695467.0000000006DC8000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361730827.0000000006DCB000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361760959.0000000006DCD000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361801698.0000000006DCF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6dc0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 500eec3a2b8b1e52a422d09a2ec252e9df9449cfbcd92161407ec3a7e7d4f845
                                                                                                                                          • Instruction ID: 01c3314e668d071fde3ee2cdaaf4fd885bd93b53670e4f6c290e8e120d8126e5
                                                                                                                                          • Opcode Fuzzy Hash: 500eec3a2b8b1e52a422d09a2ec252e9df9449cfbcd92161407ec3a7e7d4f845
                                                                                                                                          • Instruction Fuzzy Hash: E8E13B316983874FC314CF69E8E056BFBE3ABCD210B4A8A7DA789C7312C674E5058B40
                                                                                                                                          Function 06DC1940 Relevance: .3, Instructions: 333COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361628266.0000000006DC1000.00000020.00000001.01000000.00000010.sdmp, Offset: 06DC0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361583894.0000000006DC0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361695467.0000000006DC8000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361730827.0000000006DCB000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361760959.0000000006DCD000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361801698.0000000006DCF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6dc0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 6ca19510662a14601693196536f1ef289a4a486fca9ebba11816d8b0062e9372
                                                                                                                                          • Instruction ID: 8d0ba74fba93fa3e303e2c6cde1010a33bee1634f74b3b2b9f3c8de28f310786
                                                                                                                                          • Opcode Fuzzy Hash: 6ca19510662a14601693196536f1ef289a4a486fca9ebba11816d8b0062e9372
                                                                                                                                          • Instruction Fuzzy Hash: 16E13E356582874FC314CF29E8A056BFBE3BBCE220F4E4A7DA69997342C634E515DB40
                                                                                                                                          Function 0B3F88BC Relevance: .2, Instructions: 230COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3379869403.000000000B089000.00000040.00001000.00020000.00000000.sdmp, Offset: 0B070000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B070000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5AF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5B1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5BB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5F7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_b070000_CPPlayer.jbxd
                                                                                                                                          Yara matches
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: e37207356ef14b0ae6e8a5c493cd6e2b4a2375993ce450d52b9bc849093b2c65
                                                                                                                                          • Instruction ID: c17e56f95b1bed1c18a44883987484517c6864363194d748901a06f3a3786546
                                                                                                                                          • Opcode Fuzzy Hash: e37207356ef14b0ae6e8a5c493cd6e2b4a2375993ce450d52b9bc849093b2c65
                                                                                                                                          • Instruction Fuzzy Hash: B6813D77D105774BE7628E29D8043A17392AFCC3DDF6B42B4ED04ABA42D935BD538680
                                                                                                                                          Function 06DC1520 Relevance: .1, Instructions: 145COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361628266.0000000006DC1000.00000020.00000001.01000000.00000010.sdmp, Offset: 06DC0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361583894.0000000006DC0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361695467.0000000006DC8000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361730827.0000000006DCB000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361760959.0000000006DCD000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361801698.0000000006DCF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6dc0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: a77072a49f8cd2e47e8b7552994e152db14fa8c2a0e4ee3bc2703f570904c64e
                                                                                                                                          • Instruction ID: d58d9e28383c1c4174f7faf7fdf4fd083a9f4722c66f36377b74745794273f95
                                                                                                                                          • Opcode Fuzzy Hash: a77072a49f8cd2e47e8b7552994e152db14fa8c2a0e4ee3bc2703f570904c64e
                                                                                                                                          • Instruction Fuzzy Hash: F741F972B60A2B0AB30C8E699CD5196ABC7D7D93A1748833CD7A9C3785C8FCC403D254
                                                                                                                                          Function 06DC16E0 Relevance: .1, Instructions: 107COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361628266.0000000006DC1000.00000020.00000001.01000000.00000010.sdmp, Offset: 06DC0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361583894.0000000006DC0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361695467.0000000006DC8000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361730827.0000000006DCB000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361760959.0000000006DCD000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361801698.0000000006DCF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6dc0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 8adb291bcee28059d079dcb952bebbcdf89163e20ba3cf40e22ab2e2bd513859
                                                                                                                                          • Instruction ID: b94e3e7cf74c96e4b63f68a6815cba9c15b83a95ffac8677557eca6cbe5f04ea
                                                                                                                                          • Opcode Fuzzy Hash: 8adb291bcee28059d079dcb952bebbcdf89163e20ba3cf40e22ab2e2bd513859
                                                                                                                                          • Instruction Fuzzy Hash: AE31B371B042674BD348CF2A8C906ABBBE2BFCD120F4D867DD589DB346D6349419A790
                                                                                                                                          Function 0B4F9804 Relevance: .1, Instructions: 76COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3379869403.000000000B089000.00000040.00001000.00020000.00000000.sdmp, Offset: 0B070000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B070000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5AF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5B1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5BB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5F7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_b070000_CPPlayer.jbxd
                                                                                                                                          Yara matches
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 2570fe53766e5b16e8c3802f068a27b85afbc6a1081955d22cc84a0aab1b5220
                                                                                                                                          • Instruction ID: 656d40fa1e544a20f79cbc129afa656a0972b22afac72f4abec861fd63e8f4a0
                                                                                                                                          • Opcode Fuzzy Hash: 2570fe53766e5b16e8c3802f068a27b85afbc6a1081955d22cc84a0aab1b5220
                                                                                                                                          • Instruction Fuzzy Hash: 2331C270E00648EFDB04DF6AD585B99F7F2AF98200F6981F5D44C9B361E7319E01AB45
                                                                                                                                          Function 06DD9E50 Relevance: .1, Instructions: 60COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361849390.0000000006DD1000.00000020.00000001.01000000.00000011.sdmp, Offset: 06DD0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361827332.0000000006DD0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361960118.0000000006DE2000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361980942.0000000006DE5000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3362017883.0000000006DE8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6dd0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: baddef56dac9ef20e7a99c3c6dbad97a93b931562fd711be35f32ef35676a501
                                                                                                                                          • Instruction ID: 3f385991fe3160a7822c6a411ebadee095a331c250eb04ebe93c8efec3405443
                                                                                                                                          • Opcode Fuzzy Hash: baddef56dac9ef20e7a99c3c6dbad97a93b931562fd711be35f32ef35676a501
                                                                                                                                          • Instruction Fuzzy Hash: B6117F3BA1A5314BD3228F19E840586739AFBD872CF5641B8D815ABB05C232FC53C7C0
                                                                                                                                          Function 06991E24 Relevance: .0, Instructions: 44COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: a99b5e73a69ccda19f01f751944a2b68a188fe431d13cb7cea71f80829aa74ed
                                                                                                                                          • Instruction ID: e45111571e04ab94d9c174598fa5ebb4179925c96b7c79e998dca471466c64fc
                                                                                                                                          • Opcode Fuzzy Hash: a99b5e73a69ccda19f01f751944a2b68a188fe431d13cb7cea71f80829aa74ed
                                                                                                                                          • Instruction Fuzzy Hash: 4B114F74A00109EFCB48CF88D591ABDBBB5BF48358F204089E906AB751C735AE51CBA4
                                                                                                                                          Function 06DC2420 Relevance: .0, Instructions: 29COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361628266.0000000006DC1000.00000020.00000001.01000000.00000010.sdmp, Offset: 06DC0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361583894.0000000006DC0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361695467.0000000006DC8000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361730827.0000000006DCB000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361760959.0000000006DCD000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361801698.0000000006DCF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6dc0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 53511f50f7c82b27f90a1494e38eec0442d102f6c8d2f5ae459a6146a687727f
                                                                                                                                          • Instruction ID: 8166d1bc2c0ac38dc7487e53934f63121a5422d7dd24c2f2efca163f99991236
                                                                                                                                          • Opcode Fuzzy Hash: 53511f50f7c82b27f90a1494e38eec0442d102f6c8d2f5ae459a6146a687727f
                                                                                                                                          • Instruction Fuzzy Hash: 99F067B5A04209DF8B09CF99D48189EFBF5FF49310B1081A9EC1997350D731AA51CF95
                                                                                                                                          Function 069923DD Relevance: .0, Instructions: 8COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 0ed8ce5f724a8f3b740806af0d0d4883c38120e5d8466a9795e6ed993ba1db4c
                                                                                                                                          • Instruction ID: f5f73a38b46317669512eb939862a68cbed65a74e4d17674f1d17abd1a09005a
                                                                                                                                          • Opcode Fuzzy Hash: 0ed8ce5f724a8f3b740806af0d0d4883c38120e5d8466a9795e6ed993ba1db4c
                                                                                                                                          • Instruction Fuzzy Hash: DFC04C70821218FACF55AF65850469D77A59B06310F108455942417451D2768745EA50
                                                                                                                                          Function 07312D40 Relevance: 135.0, APIs: 50, Strings: 27, Instructions: 252sleepthreadCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • _memset.LIBCMT ref: 07312D74
                                                                                                                                          • _sprintf.LIBCMT ref: 07312D8B
                                                                                                                                          • OutputDebugStringA.KERNEL32(?,?,?,00000000,000003FF), ref: 07312D9E
                                                                                                                                          • EnterCriticalSection.KERNEL32(?,?,?,?,00000000,000003FF), ref: 07312DC9
                                                                                                                                          • OutputDebugStringA.KERNEL32(NdfPlayer_Close OUT 1 ,?,?,?,00000000,000003FF), ref: 07312DD4
                                                                                                                                          • SDL_PushEvent.SDL2 ref: 07312DFE
                                                                                                                                          • SDL_PushEvent.SDL2(?,?,?,?,00000000,000003FF), ref: 07312E15
                                                                                                                                          • Sleep.KERNEL32(0000000A,?,?,?,?,00000000,000003FF), ref: 07312E1F
                                                                                                                                          • SDL_WaitThread.SDL2(?,00000000,?,?,?,00000000,000003FF), ref: 07312E2E
                                                                                                                                          • OutputDebugStringA.KERNEL32(NdfPlayer_Close OUT 1.3 ,?,?,?,?,?,00000000,000003FF), ref: 07312E3B
                                                                                                                                          • OutputDebugStringA.KERNEL32(NdfPlayer_Close OUT 2 ,?,?,?,00000000,000003FF), ref: 07312E42
                                                                                                                                          • OutputDebugStringA.KERNEL32 ref: 07312E56
                                                                                                                                          • Sleep.KERNEL32(0000000A), ref: 07312E6A
                                                                                                                                          • OutputDebugStringA.KERNEL32(NdfPlayer_Close OUT 2.2 ), ref: 07312E8C
                                                                                                                                          • SDL_WaitThread.SDL2(?,00000000), ref: 07312E9B
                                                                                                                                          • OutputDebugStringA.KERNEL32(NdfPlayer_Close OUT 3 ,?,?,?,00000000,000003FF), ref: 07312EA8
                                                                                                                                          • OutputDebugStringA.KERNEL32(NdfPlayer_Close OUT 4 ,?,?,?,00000000,000003FF), ref: 07312EB8
                                                                                                                                          • OutputDebugStringA.KERNEL32(NdfPlayer_Close OUT 5 ,?,?,?,00000000,000003FF), ref: 07312ED5
                                                                                                                                          • OutputDebugStringA.KERNEL32(NdfPlayer_Close OUT 6 ,?,?,?,00000000,000003FF), ref: 07312EF5
                                                                                                                                          • OutputDebugStringA.KERNEL32(NdfPlayer_Close OUT 7 ,?,?,?,00000000,000003FF), ref: 07312EFC
                                                                                                                                          • OutputDebugStringA.KERNEL32(NdfPlayer_Close OUT 7.1 ,?,?,?,00000000,000003FF), ref: 07312F08
                                                                                                                                          • #207.CPKERNEL(?,?,?,?,00000000,000003FF), ref: 07312F0D
                                                                                                                                          • OutputDebugStringA.KERNEL32(NdfPlayer_Close OUT 7.2 ,?,?,?,00000000,000003FF), ref: 07312F1A
                                                                                                                                          • #208.CPKERNEL(?,?,?,?,00000000,000003FF), ref: 07312F1F
                                                                                                                                          Strings
                                                                                                                                          • NdfPlayer_Close OUT 11 , xrefs: 07312F77
                                                                                                                                          • NdfPlayer_Close OUT 7.1 , xrefs: 07312F03
                                                                                                                                          • NdfPlayer_Close OUT 17 , xrefs: 07313064
                                                                                                                                          • NdfPlayer_Close OUT 12 , xrefs: 07312FE8
                                                                                                                                          • NdfPlayer_Close OUT , xrefs: 0731307D
                                                                                                                                          • NdfPlayer_Close IN pPlayerCtx:%d g_nObjCount:%d, xrefs: 07312D85
                                                                                                                                          • NdfPlayer_Close OUT 1 , xrefs: 07312DCF
                                                                                                                                          • NdfPlayer_Close OUT 4 , xrefs: 07312EB3
                                                                                                                                          • NdfPlayer_Close OUT 15 , xrefs: 07313022
                                                                                                                                          • NdfPlayer_Close OUT 1.3 , xrefs: 07312E36
                                                                                                                                          • NdfPlayer_Close OUT 7.3 , xrefs: 07312F27
                                                                                                                                          • NdfPlayer_Close OUT 7 , xrefs: 07312EF7
                                                                                                                                          • NdfPlayer_Close OUT 9 , xrefs: 07312F49
                                                                                                                                          • NdfPlayer_Close OUT 10 , xrefs: 07312F60
                                                                                                                                          • NdfPlayer_Close OUT 8 , xrefs: 07312F32
                                                                                                                                          • NdfPlayer_Close OUT 2.1 , xrefs: 07312E49
                                                                                                                                          • NdfPlayer_Close OUT 5 , xrefs: 07312ED0
                                                                                                                                          • NdfPlayer_Close OUT 2.2 , xrefs: 07312E87
                                                                                                                                          • NdfPlayer_Close OUT 16 , xrefs: 0731303D
                                                                                                                                          • NdfPlayer_Close OUT 13 , xrefs: 07312FF5
                                                                                                                                          • NdfPlayer_Close OUT 3 , xrefs: 07312EA3
                                                                                                                                          • NdfPlayer_Close OUT 7.2 , xrefs: 07312F15
                                                                                                                                          • SDL_AUDIO_STOPPED != SDL_GetAudioStatus , xrefs: 07313016
                                                                                                                                          • NdfPlayer_Close OUT 2 , xrefs: 07312E3D
                                                                                                                                          • NdfPlayer_Close OUT 2.1 try 300 , xrefs: 07312E78
                                                                                                                                          • NdfPlayer_Close OUT 14 , xrefs: 07313006
                                                                                                                                          • NdfPlayer_Close OUT 6 , xrefs: 07312EE6
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3364461439.0000000007311000.00000020.00000001.01000000.00000012.sdmp, Offset: 07310000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3364405182.0000000007310000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364564894.0000000007320000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364633835.0000000007324000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364663478.0000000007327000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_7310000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: DebugOutputString$EventPushSleepThreadWait$#207#208CriticalEnterSection_memset_sprintf
                                                                                                                                          • String ID: NdfPlayer_Close IN pPlayerCtx:%d g_nObjCount:%d$NdfPlayer_Close OUT $NdfPlayer_Close OUT 1 $NdfPlayer_Close OUT 1.3 $NdfPlayer_Close OUT 10 $NdfPlayer_Close OUT 11 $NdfPlayer_Close OUT 12 $NdfPlayer_Close OUT 13 $NdfPlayer_Close OUT 14 $NdfPlayer_Close OUT 15 $NdfPlayer_Close OUT 16 $NdfPlayer_Close OUT 17 $NdfPlayer_Close OUT 2 $NdfPlayer_Close OUT 2.1 $NdfPlayer_Close OUT 2.1 try 300 $NdfPlayer_Close OUT 2.2 $NdfPlayer_Close OUT 3 $NdfPlayer_Close OUT 4 $NdfPlayer_Close OUT 5 $NdfPlayer_Close OUT 6 $NdfPlayer_Close OUT 7 $NdfPlayer_Close OUT 7.1 $NdfPlayer_Close OUT 7.2 $NdfPlayer_Close OUT 7.3 $NdfPlayer_Close OUT 8 $NdfPlayer_Close OUT 9 $SDL_AUDIO_STOPPED != SDL_GetAudioStatus
                                                                                                                                          • API String ID: 1247021295-132910896
                                                                                                                                          • Opcode ID: e72e1c9f8a9016dfd10474d67dbd805af99877789d42de0a5d6159bf93219f73
                                                                                                                                          • Instruction ID: cfdd01c1b9f357e7aad3a932b77ae2a6e220c6b7ede0d913854579a0bd72d985
                                                                                                                                          • Opcode Fuzzy Hash: e72e1c9f8a9016dfd10474d67dbd805af99877789d42de0a5d6159bf93219f73
                                                                                                                                          • Instruction Fuzzy Hash: FA8191F1A403059BF628FBB5DC45B6BB3D8BF90714F05482DE48E92150EAB4E049DB63
                                                                                                                                          Function 07313440 Relevance: 70.3, APIs: 28, Strings: 12, Instructions: 320COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • _memset.LIBCMT ref: 07313477
                                                                                                                                          • _sprintf.LIBCMT ref: 0731385C
                                                                                                                                            • Part of subcall function 073133E0: GetProcessHeap.KERNEL32(00000008,?,00000000,?,073134CA,00002000,0000000A,00000000), ref: 073133F3
                                                                                                                                            • Part of subcall function 073133E0: HeapAlloc.KERNEL32(00000000), ref: 073133FA
                                                                                                                                            • Part of subcall function 073133E0: ExitProcess.KERNEL32 ref: 07313406
                                                                                                                                          • _memset.LIBCMT ref: 07313549
                                                                                                                                          • _memset.LIBCMT ref: 07313565
                                                                                                                                          • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,?,00000400,000003FF,?,00000000,000007FE,75919350,?), ref: 07313584
                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,00000400,00000000,00000000), ref: 073135AF
                                                                                                                                          • _sprintf.LIBCMT ref: 073135C6
                                                                                                                                          • waveOutGetNumDevs.WINMM ref: 073135CE
                                                                                                                                          • _sprintf.LIBCMT ref: 073135E4
                                                                                                                                          • _memset.LIBCMT ref: 07313605
                                                                                                                                          • _memset.LIBCMT ref: 07313621
                                                                                                                                          • waveOutGetDevCapsW.WINMM(00000000,?,00000054,?,00000000,000003FF,?,00000000,00000052), ref: 07313631
                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,00000400,00000000,00000000), ref: 07313653
                                                                                                                                          • _sprintf.LIBCMT ref: 0731366B
                                                                                                                                          • __wcsicoll.LIBCMT ref: 0731367D
                                                                                                                                          • _sprintf.LIBCMT ref: 073136CB
                                                                                                                                          • waveOutOpen.WINMM(?,?,?,07313380,0000000A,00030000,75919350,?), ref: 073136EF
                                                                                                                                          • _sprintf.LIBCMT ref: 07313710
                                                                                                                                          • waveOutGetNumDevs.WINMM ref: 07313736
                                                                                                                                          • waveOutGetErrorTextA.WINMM(00000000,?,00000800), ref: 0731374C
                                                                                                                                          • _sprintf.LIBCMT ref: 07313761
                                                                                                                                          • _memset.LIBCMT ref: 0731377F
                                                                                                                                          • waveOutGetDevCapsA.WINMM(00000000,?,00000034), ref: 0731378F
                                                                                                                                          • _sprintf.LIBCMT ref: 073137B3
                                                                                                                                          • waveOutOpen.WINMM(?,00000000,?,07313380,0000000A,00030000), ref: 073137DA
                                                                                                                                          • waveOutGetErrorTextA.WINMM(00000000,?,00000800), ref: 073137F9
                                                                                                                                          • _sprintf.LIBCMT ref: 0731380D
                                                                                                                                          • _sprintf.LIBCMT ref: 07313835
                                                                                                                                          Strings
                                                                                                                                          • apiOpenAudioDecive wcsstr finded index:%d, xrefs: 073136BE
                                                                                                                                          • apiOpenAudioDecive wcsicmp finded index:%d, xrefs: 073136AE
                                                                                                                                          • apiOpenAudioDecive device:%d szPname:%s dwFormats:%d wChannels:%d, xrefs: 073137AD
                                                                                                                                          • apiOpenAudioDecive szAudioDevName:%s, xrefs: 073135C0
                                                                                                                                          • .\waveout.c, xrefs: 07313847
                                                                                                                                          • apiOpenAudioDecive AudioDevList index:%d Name:%s, xrefs: 07313665
                                                                                                                                          • apiOpenAudioDecive invalid params! Frequency:%d BitsPerSample:%d Channel:%d file:%s line :%d , xrefs: 07313856
                                                                                                                                          • apiOpenAudioDecive nWaveOutDevs:%d, xrefs: 073135DE
                                                                                                                                          • apiOpenAudioDecive unable to open WAVE_MAPPER device. hr:%d, xrefs: 07313807
                                                                                                                                          • apiOpenAudioDecive open suc! channels:%d samples:%d , xrefs: 0731370A
                                                                                                                                          • apiOpenAudioDecive open suc! device:%d channels:%d samples:%d , xrefs: 0731382F
                                                                                                                                          • apiOpenAudioDecive unable to open WAVE_MAPPER device. hr:%d nWaveOutDevs:%d, xrefs: 0731375B
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3364461439.0000000007311000.00000020.00000001.01000000.00000012.sdmp, Offset: 07310000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3364405182.0000000007310000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364564894.0000000007320000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364633835.0000000007324000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364663478.0000000007327000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_7310000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: _sprintf$wave$_memset$ByteCharMultiWide$CapsDevsErrorHeapOpenProcessText$AllocExit__wcsicoll
                                                                                                                                          • String ID: .\waveout.c$apiOpenAudioDecive AudioDevList index:%d Name:%s$apiOpenAudioDecive device:%d szPname:%s dwFormats:%d wChannels:%d$apiOpenAudioDecive invalid params! Frequency:%d BitsPerSample:%d Channel:%d file:%s line :%d $apiOpenAudioDecive nWaveOutDevs:%d$apiOpenAudioDecive open suc! channels:%d samples:%d $apiOpenAudioDecive open suc! device:%d channels:%d samples:%d $apiOpenAudioDecive szAudioDevName:%s$apiOpenAudioDecive unable to open WAVE_MAPPER device. hr:%d$apiOpenAudioDecive unable to open WAVE_MAPPER device. hr:%d nWaveOutDevs:%d$apiOpenAudioDecive wcsicmp finded index:%d$apiOpenAudioDecive wcsstr finded index:%d
                                                                                                                                          • API String ID: 3220406319-4218649348
                                                                                                                                          • Opcode ID: 94c56ea15231fe98efa2f458e8dfffa9b87e6b8c141eeeb7f8eb73064fbad144
                                                                                                                                          • Instruction ID: 4587723199ff5f8b60b02f51be7384733571087743cb69e4d421dddea2db0daa
                                                                                                                                          • Opcode Fuzzy Hash: 94c56ea15231fe98efa2f458e8dfffa9b87e6b8c141eeeb7f8eb73064fbad144
                                                                                                                                          • Instruction Fuzzy Hash: E8B153F5248345AEF3389B54CC81FA773EDAFC9700F044A1DFA8D86581EAB4A5098767
                                                                                                                                          Function 07312510 Relevance: 70.3, APIs: 28, Strings: 12, Instructions: 265COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • _memset.LIBCMT ref: 0731254C
                                                                                                                                          • _memset.LIBCMT ref: 07312562
                                                                                                                                          • OutputDebugStringA.KERNEL32(NdfPlayer_OpenFile IN NULL PATH,?,00000000,000003FF), ref: 07312596
                                                                                                                                          • _sprintf.LIBCMT ref: 073125AB
                                                                                                                                          • OutputDebugStringA.KERNEL32(?), ref: 073125BB
                                                                                                                                            • Part of subcall function 073121F0: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,?,?,75919350,?,0731258C), ref: 0731220C
                                                                                                                                            • Part of subcall function 073121F0: _malloc.LIBCMT ref: 07312214
                                                                                                                                            • Part of subcall function 073121F0: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,?,?,00000000,000003FF), ref: 0731222A
                                                                                                                                            • Part of subcall function 073121F0: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000), ref: 07312241
                                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 0731260B
                                                                                                                                          • OutputDebugStringA.KERNEL32(NdfPlayer_OpenFile 4 ), ref: 07312616
                                                                                                                                          • #202.CPKERNEL(?,?), ref: 0731261C
                                                                                                                                          • OutputDebugStringA.KERNEL32(NdfPlayer_OpenFile 5 ), ref: 07312633
                                                                                                                                          • #203.CPKERNEL(?,?,?), ref: 07312640
                                                                                                                                          • OutputDebugStringA.KERNEL32(NdfPlayer_OpenFile 6 ), ref: 07312657
                                                                                                                                          • #201.CPKERNEL(00000000,00000000,07311270,000003EB,?), ref: 07312668
                                                                                                                                          • OutputDebugStringA.KERNEL32(NdfPlayer_OpenFile 7 ), ref: 0731267F
                                                                                                                                          • #222.CPKERNEL ref: 073126A5
                                                                                                                                          • OutputDebugStringA.KERNEL32(NdfPlayer_OpenFile 8 ), ref: 073126CC
                                                                                                                                          • GetClientRect.USER32(?,?), ref: 073126F2
                                                                                                                                          • SDL_GetCurrentAudioDriver.SDL2 ref: 0731273C
                                                                                                                                          • SDL_AudioInit.SDL2(00000000), ref: 07312746
                                                                                                                                          • OutputDebugStringA.KERNEL32 ref: 07312785
                                                                                                                                          • SDL_OpenAudio.SDL2(0000AC44,?), ref: 07312791
                                                                                                                                          • OutputDebugStringA.KERNEL32(NdfPlayer_OpenFile 13 ,?,?,?,?,?,?,NdfPlayer_OpenFile 12 ), ref: 073127A9
                                                                                                                                          • OutputDebugStringA.KERNEL32(NdfPlayer_OpenFile OUT ), ref: 073127B0
                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 073127B7
                                                                                                                                          • OutputDebugStringA.KERNEL32(SDL_OpenAudio Failed ,?,NdfPlayer_OpenFile 12 ), ref: 073127DD
                                                                                                                                          • #201.CPKERNEL(00000000,07311240,07311270,000003EB,?,?,NdfPlayer_OpenFile 12 ), ref: 07312824
                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 0731283B
                                                                                                                                          • _sprintf.LIBCMT ref: 0731284F
                                                                                                                                          • OutputDebugStringA.KERNEL32(?), ref: 0731285F
                                                                                                                                          Strings
                                                                                                                                          • NdfPlayer_OpenFile IN pPlayerCtx:%d szFile:%s, xrefs: 073125A5
                                                                                                                                          • NdfPlayer_OpenFile 5 , xrefs: 0731262E
                                                                                                                                          • NdfPlayer_OpenFile 4 , xrefs: 07312611
                                                                                                                                          • NdfPlayer_OpenFile IN NULL PATH, xrefs: 07312591
                                                                                                                                          • NdfPlayer_OpenFile 12 , xrefs: 07312758
                                                                                                                                          • NdfPlayer_OpenFile OUT Failed: 0x%.8x , xrefs: 07312849
                                                                                                                                          • NdfPlayer_OpenFile OUT , xrefs: 073127AB
                                                                                                                                          • NdfPlayer_OpenFile 8 , xrefs: 073126B7
                                                                                                                                          • NdfPlayer_OpenFile 6 , xrefs: 07312652
                                                                                                                                          • SDL_OpenAudio Failed , xrefs: 073127D8
                                                                                                                                          • NdfPlayer_OpenFile 7 , xrefs: 0731267A
                                                                                                                                          • NdfPlayer_OpenFile 13 , xrefs: 073127A4
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3364461439.0000000007311000.00000020.00000001.01000000.00000012.sdmp, Offset: 07310000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3364405182.0000000007310000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364564894.0000000007320000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364633835.0000000007324000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364663478.0000000007327000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_7310000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: DebugOutputString$AudioByteCharCriticalMultiSectionWide$#201Leave_memset_sprintf$#202#203#222ClientCurrentDriverEnterInitOpenRect_malloc
                                                                                                                                          • String ID: NdfPlayer_OpenFile 12 $NdfPlayer_OpenFile 13 $NdfPlayer_OpenFile 4 $NdfPlayer_OpenFile 5 $NdfPlayer_OpenFile 6 $NdfPlayer_OpenFile 7 $NdfPlayer_OpenFile 8 $NdfPlayer_OpenFile IN NULL PATH$NdfPlayer_OpenFile IN pPlayerCtx:%d szFile:%s$NdfPlayer_OpenFile OUT $NdfPlayer_OpenFile OUT Failed: 0x%.8x $SDL_OpenAudio Failed
                                                                                                                                          • API String ID: 3429913720-3463787495
                                                                                                                                          • Opcode ID: cd55869f6989b27d06085b5229e341a98326e22dc5b0be4f3332724098a33b06
                                                                                                                                          • Instruction ID: ed5d67a7ad5ad9a7c52847179b0a0bfc953e97c466373a93d1c246b7cc357d45
                                                                                                                                          • Opcode Fuzzy Hash: cd55869f6989b27d06085b5229e341a98326e22dc5b0be4f3332724098a33b06
                                                                                                                                          • Instruction Fuzzy Hash: 9591FEF16047459BF328DB69DC42BABB7E8FF84710F004D1DE58D82241EA78E1498B97
                                                                                                                                          Function 07311F90 Relevance: 63.2, APIs: 29, Strings: 7, Instructions: 160COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • _memset.LIBCMT ref: 07311FD2
                                                                                                                                          • _memset.LIBCMT ref: 07311FE8
                                                                                                                                          • _sprintf.LIBCMT ref: 07312001
                                                                                                                                          • OutputDebugStringA.KERNEL32(?,?,?,?,00000000,000003FF), ref: 07312014
                                                                                                                                          • OutputDebugStringA.KERNEL32(NdfPlayer_Create OUT! More than one object!,?,?,?,00000000,000003FF), ref: 07312024
                                                                                                                                          • IsWindow.USER32(?), ref: 0731202E
                                                                                                                                          • #200.CPKERNEL(?,?,?,?,?,?,00000000,000003FF), ref: 07312042
                                                                                                                                          • #221.CPKERNEL(00000000,?,?,?,?,?,?,?,?,00000000,000003FF), ref: 07312061
                                                                                                                                          • SDL_LogSetAllPriority.SDL2(00000001,00000000,?,?,?,?,?,?,?,?,00000000,000003FF), ref: 07312068
                                                                                                                                          • SDL_LogSetOutputFunction.SDL2(07311000,00000000,00000001,00000000,?,?,?,?,?,?,?,?,00000000,000003FF), ref: 07312074
                                                                                                                                          • OutputDebugStringA.KERNEL32(NdfPlayer_Create 1 ,?,?,?,?,?,?,?,?,?,?,?,?,00000000,000003FF), ref: 07312081
                                                                                                                                          • SDL_Init.SDL2(00000030,?,?,?,?,?,?,?,?,?,?,?,?,00000000,000003FF), ref: 07312085
                                                                                                                                          • #208.CPKERNEL(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,000003FF), ref: 07312092
                                                                                                                                          Strings
                                                                                                                                          • NdfPlayer_Create OUT g_nObjCount:%d pPlayerCtx%d, xrefs: 07312186
                                                                                                                                          • NdfPlayer_Create OUT! More than one object!, xrefs: 0731201F
                                                                                                                                          • best, xrefs: 073120D2
                                                                                                                                          • NdfPlayer_Create IN g_nObjCount:%d, xrefs: 07311FFB
                                                                                                                                          • NdfPlayer_Create 1 , xrefs: 0731207C
                                                                                                                                          • SDL_RENDER_SCALE_QUALITY, xrefs: 073120D7
                                                                                                                                          • SDL_RENDER_VSYNC, xrefs: 073120C8
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3364461439.0000000007311000.00000020.00000001.01000000.00000012.sdmp, Offset: 07310000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3364405182.0000000007310000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364564894.0000000007320000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364633835.0000000007324000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364663478.0000000007327000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_7310000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Output$DebugString$_memset$#200#208#221FunctionInitPriorityWindow_sprintf
                                                                                                                                          • String ID: NdfPlayer_Create 1 $NdfPlayer_Create IN g_nObjCount:%d$NdfPlayer_Create OUT g_nObjCount:%d pPlayerCtx%d$NdfPlayer_Create OUT! More than one object!$SDL_RENDER_SCALE_QUALITY$SDL_RENDER_VSYNC$best
                                                                                                                                          • API String ID: 1584787649-2552883227
                                                                                                                                          • Opcode ID: 667d47b117e0738715f2cb1896ed64fc186701d95fa1494b16bee3e0eb536e76
                                                                                                                                          • Instruction ID: 43a8a0263091cfcebef9950c81466688ff3862baf36434472d48056fa6484c81
                                                                                                                                          • Opcode Fuzzy Hash: 667d47b117e0738715f2cb1896ed64fc186701d95fa1494b16bee3e0eb536e76
                                                                                                                                          • Instruction Fuzzy Hash: 035198F1644340EBF238FB649C42F6BB398BF94B01F14451CF64DA7181EAB5A5058BAB
                                                                                                                                          Function 069DC39A Relevance: 48.3, APIs: 32, Instructions: 311COMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: operator+$NameName::$Decorator::getName::operator+$ThisType$Name::operator|=Scope
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 398566123-0
                                                                                                                                          • Opcode ID: 2d5bf7b84ed8af2a0cf5ff79e0942b1d4427faedea3f07523eaa70a6b4610a4a
                                                                                                                                          • Instruction ID: 4d21f2fb45f2c9129a157f9dc70abe9f8da85cc9c3ab0cb0ab486c00e8d0e608
                                                                                                                                          • Opcode Fuzzy Hash: 2d5bf7b84ed8af2a0cf5ff79e0942b1d4427faedea3f07523eaa70a6b4610a4a
                                                                                                                                          • Instruction Fuzzy Hash: 4DB17EB6D00208EFDB90EFA4DC85AED77BCAB48310F54C47AE515EB690EA30DA45CB50
                                                                                                                                          Function 07312F89 Relevance: 45.6, APIs: 18, Strings: 8, Instructions: 81COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • SDL_DestroyTexture.SDL2(?,?,?,?,00000000,000003FF), ref: 07312FA1
                                                                                                                                          • #306.CPKERNEL(?,?,?,?,00000000,000003FF), ref: 07312FBA
                                                                                                                                          • SDL_DestroyWindow.SDL2(?,?,?,?,00000000,000003FF), ref: 07312FE0
                                                                                                                                          • OutputDebugStringA.KERNEL32(NdfPlayer_Close OUT 12 ,?,?,?,00000000,000003FF), ref: 07312FED
                                                                                                                                          • OutputDebugStringA.KERNEL32(NdfPlayer_Close OUT 13 ,?,?,?,00000000,000003FF), ref: 07312FFA
                                                                                                                                          • SDL_PauseAudio.SDL2(00000001,?,?,?,00000000,000003FF), ref: 07312FFE
                                                                                                                                          • OutputDebugStringA.KERNEL32(NdfPlayer_Close OUT 14 ,?,?,?,00000000,000003FF), ref: 0731300B
                                                                                                                                          • SDL_GetAudioStatus.SDL2(?,?,?,00000000,000003FF), ref: 0731300D
                                                                                                                                          • OutputDebugStringA.KERNEL32(SDL_AUDIO_STOPPED != SDL_GetAudioStatus ,?,?,?,00000000,000003FF), ref: 0731301B
                                                                                                                                          • SDL_CloseAudio.SDL2(?,?,?,00000000,000003FF), ref: 0731301D
                                                                                                                                          • OutputDebugStringA.KERNEL32(NdfPlayer_Close OUT 15 ,?,?,?,00000000,000003FF), ref: 07313027
                                                                                                                                          • DeleteCriticalSection.KERNEL32(?,?,?,?,00000000,000003FF), ref: 07313036
                                                                                                                                          • SDL_Quit.SDL2(?,?,?,00000000,000003FF), ref: 07313038
                                                                                                                                          • OutputDebugStringA.KERNEL32(NdfPlayer_Close OUT 16 ,?,?,?,00000000,000003FF), ref: 07313042
                                                                                                                                          • LeaveCriticalSection.KERNEL32(?,?,?,?,00000000,000003FF), ref: 0731305E
                                                                                                                                          • OutputDebugStringA.KERNEL32(NdfPlayer_Close OUT 17 ,?,?,?,00000000,000003FF), ref: 07313069
                                                                                                                                          • DeleteCriticalSection.KERNEL32(?,?,?,?,00000000,000003FF), ref: 0731306C
                                                                                                                                          • OutputDebugStringA.KERNEL32(NdfPlayer_Close OUT ,?,?,?,00000000,000003FF), ref: 07313082
                                                                                                                                          Strings
                                                                                                                                          • SDL_AUDIO_STOPPED != SDL_GetAudioStatus , xrefs: 07313016
                                                                                                                                          • NdfPlayer_Close OUT 17 , xrefs: 07313064
                                                                                                                                          • NdfPlayer_Close OUT 12 , xrefs: 07312FE8
                                                                                                                                          • NdfPlayer_Close OUT 14 , xrefs: 07313006
                                                                                                                                          • NdfPlayer_Close OUT , xrefs: 0731307D
                                                                                                                                          • NdfPlayer_Close OUT 16 , xrefs: 0731303D
                                                                                                                                          • NdfPlayer_Close OUT 13 , xrefs: 07312FF5
                                                                                                                                          • NdfPlayer_Close OUT 15 , xrefs: 07313022
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3364461439.0000000007311000.00000020.00000001.01000000.00000012.sdmp, Offset: 07310000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3364405182.0000000007310000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364564894.0000000007320000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364633835.0000000007324000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364663478.0000000007327000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_7310000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: DebugOutputString$AudioCriticalSection$DeleteDestroy$#306CloseLeavePauseQuitStatusTextureWindow
                                                                                                                                          • String ID: NdfPlayer_Close OUT $NdfPlayer_Close OUT 12 $NdfPlayer_Close OUT 13 $NdfPlayer_Close OUT 14 $NdfPlayer_Close OUT 15 $NdfPlayer_Close OUT 16 $NdfPlayer_Close OUT 17 $SDL_AUDIO_STOPPED != SDL_GetAudioStatus
                                                                                                                                          • API String ID: 3909804728-2029495034
                                                                                                                                          • Opcode ID: 277a3b18b9f954e79d56f7a54e7c51360b7b9d6123e38d7431a2463e5a801ff0
                                                                                                                                          • Instruction ID: 2a6aa4760aa685b48b98ed142113e8b890f2d83e3c7e9bf15d58bc58ab3dbe9d
                                                                                                                                          • Opcode Fuzzy Hash: 277a3b18b9f954e79d56f7a54e7c51360b7b9d6123e38d7431a2463e5a801ff0
                                                                                                                                          • Instruction Fuzzy Hash: 862190F57403059BF638FB75DC42F6BB398AF50214F048829E54E92241EA65E009DB63
                                                                                                                                          Function 069927DE Relevance: 37.0, APIs: 6, Strings: 15, Instructions: 247COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,85557334), ref: 069929E7
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,F23B576D), ref: 069929F9
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,C0104754), ref: 06992A91
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,5B40A19F), ref: 06992AA6
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,6AE4AB71), ref: 06992AB8
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ?getCharEnd@Reader@io@dami@@
                                                                                                                                          • String ID: 2$8$8$>$>$@$@$F$H$O$O$OleAut32$h$mscoree$ntdll
                                                                                                                                          • API String ID: 495049384-4024472785
                                                                                                                                          • Opcode ID: 9049a0c65c640084520a11de9da6d67af619997d3cb0149c4c25897f9305908b
                                                                                                                                          • Instruction ID: 4e4b58605a53d75b91ce3f52a789416630c4465d80d056925472ed8a32577115
                                                                                                                                          • Opcode Fuzzy Hash: 9049a0c65c640084520a11de9da6d67af619997d3cb0149c4c25897f9305908b
                                                                                                                                          • Instruction Fuzzy Hash: 68D11A20D183D8DDEB21CBA8D8447DDBFB1AF16314F1442DAD198BB2D2C7B50A85CB66
                                                                                                                                          Function 06992815 Relevance: 37.0, APIs: 6, Strings: 15, Instructions: 237COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,85557334), ref: 069929E7
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,F23B576D), ref: 069929F9
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,C0104754), ref: 06992A91
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,5B40A19F), ref: 06992AA6
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,6AE4AB71), ref: 06992AB8
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ?getCharEnd@Reader@io@dami@@
                                                                                                                                          • String ID: 2$8$8$>$>$@$@$F$H$O$O$OleAut32$h$mscoree$ntdll
                                                                                                                                          • API String ID: 495049384-4024472785
                                                                                                                                          • Opcode ID: 78f624f2278afd033045ce1e8d93e01839d269ddae6590af36fa13219b6a60f8
                                                                                                                                          • Instruction ID: 7640461e52d57fbda78f4be30c54bf7ed7f729539e0294703a31cdd3a30d6dda
                                                                                                                                          • Opcode Fuzzy Hash: 78f624f2278afd033045ce1e8d93e01839d269ddae6590af36fa13219b6a60f8
                                                                                                                                          • Instruction Fuzzy Hash: 00C10A20D183D8DDEB21CBA8D8447DDBFB1AF16314F1442DAE198BB2D2D7750A85CB26
                                                                                                                                          Function 06992860 Relevance: 35.2, APIs: 6, Strings: 14, Instructions: 225COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,85557334), ref: 069929E7
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,F23B576D), ref: 069929F9
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,C0104754), ref: 06992A91
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,5B40A19F), ref: 06992AA6
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,6AE4AB71), ref: 06992AB8
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ?getCharEnd@Reader@io@dami@@
                                                                                                                                          • String ID: 2$8$>$>$@$@$F$H$O$O$OleAut32$h$mscoree$ntdll
                                                                                                                                          • API String ID: 495049384-3062723559
                                                                                                                                          • Opcode ID: b447629e7b32db5ec18955f06617108c680273c3dea9a3660af25d4fdf98dae1
                                                                                                                                          • Instruction ID: 02451725e2f7318bcd73c41dafe96c94ff94a1d4979f69aab5a25c04f1a5a7ce
                                                                                                                                          • Opcode Fuzzy Hash: b447629e7b32db5ec18955f06617108c680273c3dea9a3660af25d4fdf98dae1
                                                                                                                                          • Instruction Fuzzy Hash: C4B12920D183D8DDEF21CBA8D8447DDBBB1AF16314F1442DAE198AB2D1D7B50A85CB26
                                                                                                                                          Function 07312C00 Relevance: 35.1, APIs: 14, Strings: 6, Instructions: 92COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • _memset.LIBCMT ref: 07312C2E
                                                                                                                                          • _sprintf.LIBCMT ref: 07312C45
                                                                                                                                          • OutputDebugStringA.KERNEL32(?,?,?,?,?,000003FF), ref: 07312C58
                                                                                                                                          • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,000003FF), ref: 07312C89
                                                                                                                                          • OutputDebugStringA.KERNEL32(NdfPlayer_Stop 1,?,?,?,?,?,?,000003FF), ref: 07312C90
                                                                                                                                          • OutputDebugStringA.KERNEL32(NdfPlayer_Stop 2,?,?,?,?,?,?,000003FF), ref: 07312C9D
                                                                                                                                          • SDL_PauseAudio.SDL2(00000001,?,?,?,?,?,?,000003FF), ref: 07312CA1
                                                                                                                                          • OutputDebugStringA.KERNEL32(NdfPlayer_Stop 3,?,?,?,?,?,000003FF), ref: 07312CAE
                                                                                                                                          • OutputDebugStringA.KERNEL32(NdfPlayer_Stop 4,?,?,?,?,?,?,000003FF), ref: 07312CB5
                                                                                                                                          • #207.CPKERNEL(?,?,?,?,?,?,?,000003FF), ref: 07312CBA
                                                                                                                                          • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,000003FF), ref: 07312CC7
                                                                                                                                          • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,000003FF), ref: 07312CD4
                                                                                                                                          • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,000003FF), ref: 07312D04
                                                                                                                                          • OutputDebugStringA.KERNEL32(NdfPlayer_Stop OUT ,?,?,?,?,?,000003FF), ref: 07312D19
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3364461439.0000000007311000.00000020.00000001.01000000.00000012.sdmp, Offset: 07310000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3364405182.0000000007310000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364564894.0000000007320000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364633835.0000000007324000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364663478.0000000007327000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_7310000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: DebugOutputString$CriticalSection$EnterLeave$#207AudioPause_memset_sprintf
                                                                                                                                          • String ID: NdfPlayer_Stop 1$NdfPlayer_Stop 2$NdfPlayer_Stop 3$NdfPlayer_Stop 4$NdfPlayer_Stop IN pPlayerCtx:%d g_nObjCount:%d$NdfPlayer_Stop OUT
                                                                                                                                          • API String ID: 872862842-177534522
                                                                                                                                          • Opcode ID: aa35a41773142783f3e4e3f0776f7b986b9503cddbb755af2cdd68a3cb83380a
                                                                                                                                          • Instruction ID: 00129985c093d265025f886b876c6ebe95fd37c71f6fc35721c937f792d48609
                                                                                                                                          • Opcode Fuzzy Hash: aa35a41773142783f3e4e3f0776f7b986b9503cddbb755af2cdd68a3cb83380a
                                                                                                                                          • Instruction Fuzzy Hash: 8831C5F26003449BF368EB68DC46F9BB39CBF84710F40481DEA8D52141EA74A549CBB3
                                                                                                                                          Function 069928A1 Relevance: 33.5, APIs: 6, Strings: 13, Instructions: 216COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,85557334), ref: 069929E7
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,F23B576D), ref: 069929F9
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,C0104754), ref: 06992A91
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,5B40A19F), ref: 06992AA6
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,6AE4AB71), ref: 06992AB8
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ?getCharEnd@Reader@io@dami@@
                                                                                                                                          • String ID: 2$8$>$>$@$@$F$O$O$OleAut32$h$mscoree$ntdll
                                                                                                                                          • API String ID: 495049384-134581137
                                                                                                                                          • Opcode ID: f624f4168626b3811244e32235c6cdc8c6a504e1fff01d8bfd6ec5c7fe785e63
                                                                                                                                          • Instruction ID: a69dc713bd30e21a183fafed911a530cca7a16001abcf40aede8f8b7230b6671
                                                                                                                                          • Opcode Fuzzy Hash: f624f4168626b3811244e32235c6cdc8c6a504e1fff01d8bfd6ec5c7fe785e63
                                                                                                                                          • Instruction Fuzzy Hash: 8CB13920D183D8DDEF21CBA8D844BDDBFB5AF16314F1441DAE198BB291D3B50A85CB26
                                                                                                                                          Function 069B5626 Relevance: 31.9, APIs: 12, Strings: 6, Instructions: 391COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • _strncmp.LIBCMT ref: 069B56D7
                                                                                                                                          • _strncmp.LIBCMT ref: 069B56F3
                                                                                                                                          • _strncmp.LIBCMT ref: 069B570F
                                                                                                                                          • ?setCur@WindowedReader@io@dami@@UAEII@Z.ID3LIB(00000001), ref: 069B5725
                                                                                                                                          • ?peekChar@WindowedReader@io@dami@@UAEFXZ.ID3LIB ref: 069B574E
                                                                                                                                          • ?readChars@WindowedReader@io@dami@@UAEIQAEI@Z.ID3LIB(?,00000800), ref: 069B576E
                                                                                                                                          • ?setEnd@WindowedReader@io@dami@@QAEII@Z.ID3LIB(00000000), ref: 069B584D
                                                                                                                                          • ?setEnd@WindowedReader@io@dami@@QAEII@Z.ID3LIB(00000000), ref: 069B588D
                                                                                                                                          • ?setEnd@WindowedReader@io@dami@@QAEII@Z.ID3LIB(00000000), ref: 069B599C
                                                                                                                                          • ?setEnd@WindowedReader@io@dami@@QAEII@Z.ID3LIB(00000000), ref: 069B59CB
                                                                                                                                          • ?setBeg@WindowedReader@io@dami@@QAEII@Z.ID3LIB(?), ref: 069B5A19
                                                                                                                                          • ?setEnd@WindowedReader@io@dami@@QAEII@Z.ID3LIB(?), ref: 069B5A79
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Reader@io@dami@@Windowed$?set$End@$_strncmp$?peek?readBeg@Char@Chars@Cur@
                                                                                                                                          • String ID: RIFF$RIFX$fLaC$ftyp$mdat$moov
                                                                                                                                          • API String ID: 2892828872-2512944971
                                                                                                                                          • Opcode ID: a965b3440daeba39a426473dc41e04e3ae9ad17ae503df87e58ca89b20a44514
                                                                                                                                          • Instruction ID: d41c22f5db1d8ca62461f233152dc40061858a67b5a79668bf0d780feeebc000
                                                                                                                                          • Opcode Fuzzy Hash: a965b3440daeba39a426473dc41e04e3ae9ad17ae503df87e58ca89b20a44514
                                                                                                                                          • Instruction Fuzzy Hash: CAE183716043029FC794EF64C9809ABB3E5BFC8604F148A1DE59A97751EB30ED49CBA2
                                                                                                                                          Function 069928BF Relevance: 31.7, APIs: 6, Strings: 12, Instructions: 212COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,85557334), ref: 069929E7
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,F23B576D), ref: 069929F9
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,C0104754), ref: 06992A91
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,5B40A19F), ref: 06992AA6
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,6AE4AB71), ref: 06992AB8
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ?getCharEnd@Reader@io@dami@@
                                                                                                                                          • String ID: 8$>$>$@$@$F$O$O$OleAut32$h$mscoree$ntdll
                                                                                                                                          • API String ID: 495049384-176166082
                                                                                                                                          • Opcode ID: 3401490be6c503f6a80ddcc8a7232d4ef16dc3fc36a050970ffd65e8db4827c1
                                                                                                                                          • Instruction ID: ad4dbe33b77fa89937abc2d802b9d3b10acdf2e4588980502fced6eded86271d
                                                                                                                                          • Opcode Fuzzy Hash: 3401490be6c503f6a80ddcc8a7232d4ef16dc3fc36a050970ffd65e8db4827c1
                                                                                                                                          • Instruction Fuzzy Hash: 43A12920D183D8DDEF21CBA8D844BDDBBB5AF16314F14419AE198BB2D1D3B50A85CB26
                                                                                                                                          Function 069928C9 Relevance: 31.7, APIs: 6, Strings: 12, Instructions: 209COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,85557334), ref: 069929E7
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,F23B576D), ref: 069929F9
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,C0104754), ref: 06992A91
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,5B40A19F), ref: 06992AA6
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,6AE4AB71), ref: 06992AB8
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ?getCharEnd@Reader@io@dami@@
                                                                                                                                          • String ID: 8$>$>$@$@$F$O$O$OleAut32$h$mscoree$ntdll
                                                                                                                                          • API String ID: 495049384-176166082
                                                                                                                                          • Opcode ID: 011b881d9b091901e86fe5a7d19384d2b7289b02f830a1bbcc3e9166d1473055
                                                                                                                                          • Instruction ID: 230809814bb97361abf5934461bb53e444c66371c34630b6e3a7550ec7132505
                                                                                                                                          • Opcode Fuzzy Hash: 011b881d9b091901e86fe5a7d19384d2b7289b02f830a1bbcc3e9166d1473055
                                                                                                                                          • Instruction Fuzzy Hash: 59A12A20D183D8DDEF21CBA8D8447DDBBB5AF16314F1441DAE198BB2D1D3B50A85CB26
                                                                                                                                          Function 06DB2240 Relevance: 28.7, APIs: 19, Instructions: 157COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • EnterCriticalSection.KERNEL32(06DB8180), ref: 06DB2273
                                                                                                                                            • Part of subcall function 06DB15F0: _errno.MSVCRT ref: 06DB1604
                                                                                                                                          • _errno.MSVCRT ref: 06DB228B
                                                                                                                                          • pthread_mutex_trylock.PTHREADVC2(00000014), ref: 06DB2299
                                                                                                                                          • sem_post.PTHREADVC2(00000010), ref: 06DB22A8
                                                                                                                                          • LeaveCriticalSection.KERNEL32(06DB8180), ref: 06DB22B9
                                                                                                                                          • sem_post.PTHREADVC2(00000010), ref: 06DB22D1
                                                                                                                                            • Part of subcall function 06DB4A00: _errno.MSVCRT ref: 06DB4A14
                                                                                                                                          • _errno.MSVCRT ref: 06DB22DD
                                                                                                                                          • pthread_mutex_unlock.PTHREADVC2(-00000014), ref: 06DB22E9
                                                                                                                                          • LeaveCriticalSection.KERNEL32(06DB8180), ref: 06DB22FF
                                                                                                                                          • sem_destroy.PTHREADVC2(00000010), ref: 06DB2315
                                                                                                                                          • _errno.MSVCRT ref: 06DB2321
                                                                                                                                          • sem_destroy.PTHREADVC2(0000000C), ref: 06DB232D
                                                                                                                                          • _errno.MSVCRT ref: 06DB2339
                                                                                                                                          • pthread_mutex_unlock.PTHREADVC2(00000014), ref: 06DB2349
                                                                                                                                          • pthread_mutex_destroy.PTHREADVC2(00000014), ref: 06DB2358
                                                                                                                                          • free.MSVCRT ref: 06DB239B
                                                                                                                                          • LeaveCriticalSection.KERNEL32(06DB8180), ref: 06DB23A9
                                                                                                                                          • EnterCriticalSection.KERNEL32(06DB8100), ref: 06DB23BA
                                                                                                                                          • LeaveCriticalSection.KERNEL32(06DB8100), ref: 06DB23D7
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361426622.0000000006DB1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 06DB0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361402305.0000000006DB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361483658.0000000006DB6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361523421.0000000006DB8000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361556198.0000000006DB9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6db0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CriticalSection_errno$Leave$Enterpthread_mutex_unlocksem_destroysem_post$freepthread_mutex_destroypthread_mutex_trylock
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 723134438-0
                                                                                                                                          • Opcode ID: fd6eaabda2b6081affc5b3b15c7bc40380f0c061f21988d2f97750502e7b4378
                                                                                                                                          • Instruction ID: cb81f092d310f55e72d4befbebe221c093060d9b0600fa8d45f79d25feb57fbc
                                                                                                                                          • Opcode Fuzzy Hash: fd6eaabda2b6081affc5b3b15c7bc40380f0c061f21988d2f97750502e7b4378
                                                                                                                                          • Instruction Fuzzy Hash: E141D6B2A05344DFD3A09F56AC446BBB3A9FF04361B04252DE95383349DB71E514DAA2
                                                                                                                                          Function 069B13D0 Relevance: 28.4, APIs: 15, Strings: 1, Instructions: 362fileCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 0699273E: ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(85557334,85557334), ref: 06992754
                                                                                                                                          • ?createFile@dami@@YA?AW4ID3_Err@@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV?$basic_fstream@DU?$char_traits@D@std@@@4@@Z.ID3LIB ref: 069B15F8
                                                                                                                                          • _malloc.LIBCMT ref: 069B1625
                                                                                                                                          • GetVersion.KERNEL32(?,?,00000000,00000002,-00000004,00000000,?,?), ref: 069B16FE
                                                                                                                                          • DeleteFileW.KERNEL32(00000000,?,?,?,?), ref: 069B1741
                                                                                                                                          • MoveFileW.KERNEL32(00000000,00000000), ref: 069B1745
                                                                                                                                          • CopyFileW.KERNEL32(00000000,00000000,00000000,?,?,?,?), ref: 069B1752
                                                                                                                                          • DeleteFileA.KERNEL32(00000000,?,?,?,?), ref: 069B178C
                                                                                                                                          • MoveFileA.KERNEL32(00000000,00000000), ref: 069B1790
                                                                                                                                          • CopyFileA.KERNEL32(00000000,00000000,00000000), ref: 069B179D
                                                                                                                                          • DeleteFileA.KERNEL32(00000000,?,?,?,?), ref: 069B17A8
                                                                                                                                          • GetVersion.KERNEL32(?,?,00000000,00000002,-00000004,00000000,?,?), ref: 069B17BB
                                                                                                                                          • DeleteFileW.KERNEL32(00000000,?,?,?), ref: 069B17D8
                                                                                                                                          • DeleteFileA.KERNEL32(00000000,?,?,?), ref: 069B17F3
                                                                                                                                          • ?openWritableFile@dami@@YA?AW4ID3_Err@@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV?$basic_fstream@DU?$char_traits@D@std@@@4@@Z.ID3LIB(?), ref: 069B184D
                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 069B187C
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: File$Delete$U?$char_traits@$CopyD@2@@std@@D@std@@D@std@@@4@@Err@@File@dami@@MoveV?$allocator@V?$basic_fstream@V?$basic_string@Version$?create?get?openCharEnd@Ios_base_dtorReader@io@dami@@Writable_mallocstd::ios_base::_
                                                                                                                                          • String ID: .XXXXXX
                                                                                                                                          • API String ID: 3554606433-2442446320
                                                                                                                                          • Opcode ID: fb5ec424a802a813e11b7fa831b58e50db22e330e72bb68b6905eca473c3a75f
                                                                                                                                          • Instruction ID: 61ce46aac5399459d894e06a1044c1853a6599673c79ab1c6f22f82ba2b36fd5
                                                                                                                                          • Opcode Fuzzy Hash: fb5ec424a802a813e11b7fa831b58e50db22e330e72bb68b6905eca473c3a75f
                                                                                                                                          • Instruction Fuzzy Hash: 45D1E3706183419BD7B4EF28CC90BEFB7E9AFD5314F00491CE99A87680DB709945CBA2
                                                                                                                                          Function 069928DD Relevance: 28.2, APIs: 6, Strings: 10, Instructions: 204COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,85557334), ref: 069929E7
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,F23B576D), ref: 069929F9
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,C0104754), ref: 06992A91
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,5B40A19F), ref: 06992AA6
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,6AE4AB71), ref: 06992AB8
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ?getCharEnd@Reader@io@dami@@
                                                                                                                                          • String ID: 8$>$>$@$F$O$OleAut32$h$mscoree$ntdll
                                                                                                                                          • API String ID: 495049384-1490341465
                                                                                                                                          • Opcode ID: 415a2e1c6cdcd3b39c70e2fad2fb8f127f1738e2c80a764f86654e657114c526
                                                                                                                                          • Instruction ID: e96ab7ac28dcbf1025e61cdda233c5c8c6cd0f0ad7746c4d1b4983a5c854ef1e
                                                                                                                                          • Opcode Fuzzy Hash: 415a2e1c6cdcd3b39c70e2fad2fb8f127f1738e2c80a764f86654e657114c526
                                                                                                                                          • Instruction Fuzzy Hash: 87A15C20D183D8DDEF21CBA8D844BDDBBB5AF16314F1441DAE198BB2D1D3B50A85CB26
                                                                                                                                          Function 07312A50 Relevance: 28.1, APIs: 10, Strings: 6, Instructions: 67threadCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • OutputDebugStringA.KERNEL32(NdfPlayer_Play Failed ), ref: 07312A69
                                                                                                                                          • OutputDebugStringA.KERNEL32(NdfPlayer_Play IN ), ref: 07312A8F
                                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 07312A98
                                                                                                                                          • OutputDebugStringA.KERNEL32(NdfPlayer_Play 1 ), ref: 07312AA3
                                                                                                                                          • #206.CPKERNEL ref: 07312AB2
                                                                                                                                          • SDL_PauseAudio.SDL2(00000000), ref: 07312AC4
                                                                                                                                          • SDL_CreateThread.SDL2(073114F0,video_refresh_thread,?,0731449C,0731439B), ref: 07312AED
                                                                                                                                          • OutputDebugStringA.KERNEL32(NdfPlayer_Play 3 ), ref: 07312AFD
                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 07312B00
                                                                                                                                          • OutputDebugStringA.KERNEL32(NdfPlayer_Play OUT ), ref: 07312B0B
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3364461439.0000000007311000.00000020.00000001.01000000.00000012.sdmp, Offset: 07310000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3364405182.0000000007310000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364564894.0000000007320000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364633835.0000000007324000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364663478.0000000007327000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_7310000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: DebugOutputString$CriticalSection$#206AudioCreateEnterLeavePauseThread
                                                                                                                                          • String ID: NdfPlayer_Play 1 $NdfPlayer_Play 3 $NdfPlayer_Play Failed $NdfPlayer_Play IN $NdfPlayer_Play OUT $video_refresh_thread
                                                                                                                                          • API String ID: 1263004309-214936100
                                                                                                                                          • Opcode ID: 402bff944ae31364d7ba01d088bb3de4075b2e5c872155a85aa784b8dbc19ecd
                                                                                                                                          • Instruction ID: e116727697322725954187952a6f9534a39cb5b0fb274755bb63d51b4c2a1280
                                                                                                                                          • Opcode Fuzzy Hash: 402bff944ae31364d7ba01d088bb3de4075b2e5c872155a85aa784b8dbc19ecd
                                                                                                                                          • Instruction Fuzzy Hash: DF1181F1640314AFF76CAB68DC46B6BB7D8BF44B21F01451DE44E82241DAB4A4458B62
                                                                                                                                          Function 069928E7 Relevance: 26.5, APIs: 6, Strings: 9, Instructions: 202COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,85557334), ref: 069929E7
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,F23B576D), ref: 069929F9
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,C0104754), ref: 06992A91
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,5B40A19F), ref: 06992AA6
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,6AE4AB71), ref: 06992AB8
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ?getCharEnd@Reader@io@dami@@
                                                                                                                                          • String ID: 8$>$@$F$O$OleAut32$h$mscoree$ntdll
                                                                                                                                          • API String ID: 495049384-929184941
                                                                                                                                          • Opcode ID: e0e68eebfd6069f433b4b839ed15282203b457df62e819f6a56ce571ebd21f2a
                                                                                                                                          • Instruction ID: 8ea95fb7a70afacd34c7e3bed2a984f5a452eff05ab5ece4f7b65abce3e4d3ae
                                                                                                                                          • Opcode Fuzzy Hash: e0e68eebfd6069f433b4b839ed15282203b457df62e819f6a56ce571ebd21f2a
                                                                                                                                          • Instruction Fuzzy Hash: 79A15C20D183D8DDEF21CBA8DC44BDDBBB5AF16314F1441DAE198BB2A1D7750A84CB26
                                                                                                                                          Function 06992900 Relevance: 26.4, APIs: 6, Strings: 9, Instructions: 196COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,85557334), ref: 069929E7
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,F23B576D), ref: 069929F9
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,C0104754), ref: 06992A91
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,5B40A19F), ref: 06992AA6
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,6AE4AB71), ref: 06992AB8
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ?getCharEnd@Reader@io@dami@@
                                                                                                                                          • String ID: 8$>$@$F$O$OleAut32$h$mscoree$ntdll
                                                                                                                                          • API String ID: 495049384-929184941
                                                                                                                                          • Opcode ID: f6ebf3a1ece10d34e1c98484b2463a4b0e89e8a0b146262a522bd6be18e2e732
                                                                                                                                          • Instruction ID: 1785f19dcc1ce156b0af707ee6178049fc3e51234c8fc5db9d0a738376df46dd
                                                                                                                                          • Opcode Fuzzy Hash: f6ebf3a1ece10d34e1c98484b2463a4b0e89e8a0b146262a522bd6be18e2e732
                                                                                                                                          • Instruction Fuzzy Hash: 62915D20D18398DDEF21CBA8DC44BDDBBB5AF16314F1441DAE198BB2D1D7750A84CB26
                                                                                                                                          Function 069B9890 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 147COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • ?getTitle@v2@id3@dami@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABVID3_TagImpl@@@Z.ID3LIB(?,?), ref: 069B98E7
                                                                                                                                          • ?writeTrailingSpaces@io@dami@@YAIAAVID3_Writer@@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@I@Z.ID3LIB(?), ref: 069B98F0
                                                                                                                                          • ?getArtist@v2@id3@dami@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABVID3_TagImpl@@@Z.ID3LIB(?,?), ref: 069B9905
                                                                                                                                          • ?writeTrailingSpaces@io@dami@@YAIAAVID3_Writer@@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@I@Z.ID3LIB(?), ref: 069B990E
                                                                                                                                          • ?getAlbum@v2@id3@dami@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABVID3_TagImpl@@@Z.ID3LIB(?,?), ref: 069B9923
                                                                                                                                          • ?writeTrailingSpaces@io@dami@@YAIAAVID3_Writer@@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@I@Z.ID3LIB(?), ref: 069B992C
                                                                                                                                          • ?getYear@v2@id3@dami@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABVID3_TagImpl@@@Z.ID3LIB(?,?), ref: 069B9941
                                                                                                                                          • ?writeTrailingSpaces@io@dami@@YAIAAVID3_Writer@@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@I@Z.ID3LIB(?), ref: 069B994A
                                                                                                                                          • ?getTrackNum@v2@id3@dami@@YAIABVID3_TagImpl@@@Z.ID3LIB(?,?), ref: 069B9950
                                                                                                                                          • ?getV1Comment@v2@id3@dami@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABVID3_TagImpl@@@Z.ID3LIB(?,?,?,?), ref: 069B995D
                                                                                                                                          • ?writeTrailingSpaces@io@dami@@YAIAAVID3_Writer@@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@I@Z.ID3LIB(?,?), ref: 069B9995
                                                                                                                                          • ?writeTrailingSpaces@io@dami@@YAIAAVID3_Writer@@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@I@Z.ID3LIB(?,?), ref: 069B99D9
                                                                                                                                          • ?getGenreNum@v2@id3@dami@@YAIABVID3_TagImpl@@@Z.ID3LIB(?), ref: 069B99E4
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@V?$basic_string@$?getImpl@@@$?writeSpaces@io@dami@@TrailingWriter@@$Num@v2@id3@dami@@$Album@v2@id3@dami@@Artist@v2@id3@dami@@Comment@v2@id3@dami@@GenreTitle@v2@id3@dami@@TrackYear@v2@id3@dami@@
                                                                                                                                          • String ID: TAG
                                                                                                                                          • API String ID: 2293740190-2502882569
                                                                                                                                          • Opcode ID: 67066a29a1ecd8568988dc3978d1052bb2f44831b23043f200219fdbb48be213
                                                                                                                                          • Instruction ID: a054db0579723c0aa3fe5748d208b3ac26291bc21449a1771e569613acbe5e1f
                                                                                                                                          • Opcode Fuzzy Hash: 67066a29a1ecd8568988dc3978d1052bb2f44831b23043f200219fdbb48be213
                                                                                                                                          • Instruction Fuzzy Hash: 9541BEB1A04240ABCA84FF2CCC82A1F7BE8EBDA654F54052CF55557681E636DA0587E3
                                                                                                                                          Function 069B65E0 Relevance: 23.0, APIs: 8, Strings: 5, Instructions: 261COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • ?readText@io@dami@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAVID3_Reader@@IH@Z.ID3LIB(?,?,00000009,00000000), ref: 069B66AE
                                                                                                                                          • ?readText@io@dami@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAVID3_Reader@@IH@Z.ID3LIB(?,?,00000003,00000000), ref: 069B66E8
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ?readD@2@@std@@D@std@@Reader@@Text@io@dami@@U?$char_traits@V?$allocator@V?$basic_string@
                                                                                                                                          • String ID: Converted from Lyrics3 v1.00$LYRICSBEGIN$LYRICSEND$TAG$XXX
                                                                                                                                          • API String ID: 323913279-2010274123
                                                                                                                                          • Opcode ID: 576fcfca5b105a0739cc6c09d7ba7cba623313aebba6359fa01c285c5c4ba121
                                                                                                                                          • Instruction ID: 0fc5640b96033f35bc5731bdce9710d1945e1c393bac1ab5bb89484ee406a97b
                                                                                                                                          • Opcode Fuzzy Hash: 576fcfca5b105a0739cc6c09d7ba7cba623313aebba6359fa01c285c5c4ba121
                                                                                                                                          • Instruction Fuzzy Hash: 3FA1CF712183409FD7A4EF28C980B9BB7E5BFC9700F104A1CE59987791DB75A944CBA3
                                                                                                                                          Function 0699291E Relevance: 21.2, APIs: 6, Strings: 6, Instructions: 190COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,85557334), ref: 069929E7
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,F23B576D), ref: 069929F9
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,C0104754), ref: 06992A91
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,5B40A19F), ref: 06992AA6
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,6AE4AB71), ref: 06992AB8
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ?getCharEnd@Reader@io@dami@@
                                                                                                                                          • String ID: 8$F$OleAut32$h$mscoree$ntdll
                                                                                                                                          • API String ID: 495049384-111361928
                                                                                                                                          • Opcode ID: c0818af1658dd9c0bc578045fda6616fa40019ab7029ad3b9807e8fc484515bb
                                                                                                                                          • Instruction ID: 4e8e3e960bb470f24777f8a1b6966196f8ad4d60c958fe0d53fd31dc34a58227
                                                                                                                                          • Opcode Fuzzy Hash: c0818af1658dd9c0bc578045fda6616fa40019ab7029ad3b9807e8fc484515bb
                                                                                                                                          • Instruction Fuzzy Hash: 99918F20D18398DEEF21CBA8DC44BDDBBB5AF16314F1441DAE058BB2A1D7750A84CF26
                                                                                                                                          Function 069B7710 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 189COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • ?readLENumber@io@dami@@YAIAAVID3_Reader@@I@Z.ID3LIB(?,00000002,6E79B076), ref: 069B774F
                                                                                                                                            • Part of subcall function 069928BF: ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,85557334), ref: 069929E7
                                                                                                                                            • Part of subcall function 069928BF: ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,F23B576D), ref: 069929F9
                                                                                                                                          • ?readText@io@dami@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAVID3_Reader@@IH@Z.ID3LIB(?,?,?,?,?,?,00000000,00000000), ref: 069B77B6
                                                                                                                                          • ?toString@dami@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@I@Z.ID3LIB(?,00000000,?,00000000), ref: 069B7801
                                                                                                                                          • ??0ID3_Frame@@QAE@W4ID3_FrameID@@@Z.ID3LIB(?), ref: 069B7851
                                                                                                                                          • ?Contains@ID3_Frame@@QBE_NW4ID3_FieldID@@@Z.ID3LIB(00000002), ref: 069B786C
                                                                                                                                          • ?Contains@ID3_Frame@@QBE_NW4ID3_FieldID@@@Z.ID3LIB(00000003,00000002), ref: 069B787D
                                                                                                                                          • ?GetField@ID3_Frame@@QBEPAVID3_Field@@W4ID3_FieldID@@@Z.ID3LIB(00000003,00000003,00000002), ref: 069B788A
                                                                                                                                          • ?Contains@ID3_Frame@@QBE_NW4ID3_FieldID@@@Z.ID3LIB(0000000A,00000003,00000002), ref: 069B78AB
                                                                                                                                          • ?GetField@ID3_Frame@@QBEPAVID3_Field@@W4ID3_FieldID@@@Z.ID3LIB(0000000A,0000000A,00000003,00000002), ref: 069B78B8
                                                                                                                                          • ?Contains@ID3_Frame@@QBE_NW4ID3_FieldID@@@Z.ID3LIB(00000005,0000000A,00000003,00000002), ref: 069B78CF
                                                                                                                                          • ?GetField@ID3_Frame@@QBEPAVID3_Field@@W4ID3_FieldID@@@Z.ID3LIB(00000005,00000005,0000000A,00000003,00000002), ref: 069B78DC
                                                                                                                                            • Part of subcall function 06991163: ??0WindowedReader@io@dami@@QAE@AAVID3_Reader@@I@Z.ID3LIB ref: 06991174
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: D@@@Frame@@$Field$Contains@$Field@Field@@Reader@@Reader@io@dami@@$?get?readCharD@2@@std@@D@std@@End@U?$char_traits@V?$allocator@V?$basic_string@$FrameNumber@io@dami@@String@dami@@Text@io@dami@@Windowed
                                                                                                                                          • String ID: XXX
                                                                                                                                          • API String ID: 451973105-2319231104
                                                                                                                                          • Opcode ID: c1dc0c00a7333d4df5123698b24c393f03d99ad96b0d78c927fee69f131e8a6a
                                                                                                                                          • Instruction ID: 0f4984a56f2733e9c68ccba8eef8e2c27807666c1c2cfbe3b3b152b230e9f732
                                                                                                                                          • Opcode Fuzzy Hash: c1dc0c00a7333d4df5123698b24c393f03d99ad96b0d78c927fee69f131e8a6a
                                                                                                                                          • Instruction Fuzzy Hash: 8061B3B1608341ABD790EB64C990B6FB7E9ABC5710F000A1DF5A58B7C0DB75D905CBA3
                                                                                                                                          Function 0699292D Relevance: 21.2, APIs: 6, Strings: 6, Instructions: 186COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: F$h
                                                                                                                                          • API String ID: 0-970399916
                                                                                                                                          • Opcode ID: 07a99f360fcdf4bc82f112531639e4a67204dc6d7232756944a7562a00ca3299
                                                                                                                                          • Instruction ID: 511c2f907a2f3a9687805f0f2c9c2ec066bd55c836d6459738d09acc0e4d5386
                                                                                                                                          • Opcode Fuzzy Hash: 07a99f360fcdf4bc82f112531639e4a67204dc6d7232756944a7562a00ca3299
                                                                                                                                          • Instruction Fuzzy Hash: A8918E20D18398DEEF21CBA8DC44BDDBBB5AF16314F1441DAE158BB2A1D7750A84CF26
                                                                                                                                          Function 06992932 Relevance: 21.2, APIs: 6, Strings: 6, Instructions: 185COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: F$h
                                                                                                                                          • API String ID: 0-970399916
                                                                                                                                          • Opcode ID: d429b7c66de8ad9d8ed3f27fb2b6ed2d01cb0aeffd58b0fb45a5836ae37bcda6
                                                                                                                                          • Instruction ID: ef9f02b50da16d8dfbae09e7ede30dd88fcf691f7f5709bbd57cd435447a4b64
                                                                                                                                          • Opcode Fuzzy Hash: d429b7c66de8ad9d8ed3f27fb2b6ed2d01cb0aeffd58b0fb45a5836ae37bcda6
                                                                                                                                          • Instruction Fuzzy Hash: 98918E20D18398DEEF21CBA8DC44BDDBBB4AF16314F1441DAE158BB2A1D7750A84CF26
                                                                                                                                          Function 0699295A Relevance: 21.2, APIs: 6, Strings: 6, Instructions: 179COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: F$h
                                                                                                                                          • API String ID: 0-970399916
                                                                                                                                          • Opcode ID: ca6ee3f1493aff0941bdc78f5c2e29d9058ee15378d95ed89a859840066fae75
                                                                                                                                          • Instruction ID: 51cda11bb43725a1779c88630029cff326564985364d33e9fc913cf6d30f3ec3
                                                                                                                                          • Opcode Fuzzy Hash: ca6ee3f1493aff0941bdc78f5c2e29d9058ee15378d95ed89a859840066fae75
                                                                                                                                          • Instruction Fuzzy Hash: 46818E20C18398DEEF61CBA8DC44BDDBBB5AF15314F1441DAE158BB2A1D7B50A84CF26
                                                                                                                                          Function 06DB3A60 Relevance: 21.1, APIs: 14, Instructions: 123COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • pthread_mutex_lock.PTHREADVC2 ref: 06DB3A97
                                                                                                                                          • pthread_mutex_lock.PTHREADVC2(?), ref: 06DB3AAB
                                                                                                                                          • pthread_mutex_unlock.PTHREADVC2 ref: 06DB3ABA
                                                                                                                                            • Part of subcall function 06DB3360: InterlockedExchange.KERNEL32(?,00000000), ref: 06DB3376
                                                                                                                                          • pthread_mutex_unlock.PTHREADVC2 ref: 06DB3AE2
                                                                                                                                          • pthread_mutex_unlock.PTHREADVC2(?,?), ref: 06DB3AF1
                                                                                                                                          • EnterCriticalSection.KERNEL32(06DB8160), ref: 06DB3B5C
                                                                                                                                          • LeaveCriticalSection.KERNEL32(06DB8160), ref: 06DB3B7D
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361426622.0000000006DB1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 06DB0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361402305.0000000006DB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361483658.0000000006DB6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361523421.0000000006DB8000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361556198.0000000006DB9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6db0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: pthread_mutex_unlock$CriticalSectionpthread_mutex_lock$EnterExchangeInterlockedLeave
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2874323662-0
                                                                                                                                          • Opcode ID: e2fc8b1e0eb395df9f29a734b60ceaf36475d76f41a8b82119521101e9cabc5e
                                                                                                                                          • Instruction ID: 10ba89678fffcf653d970dd1bdd6566cb8e6105b82a3558a8ce0e7bbc720e0c5
                                                                                                                                          • Opcode Fuzzy Hash: e2fc8b1e0eb395df9f29a734b60ceaf36475d76f41a8b82119521101e9cabc5e
                                                                                                                                          • Instruction Fuzzy Hash: 3931DB73B05B04DBD7A05FA9EC80AEBB398EF41121F061539E557D324CEB71E808A2A5
                                                                                                                                          Function 06DB14C0 Relevance: 21.1, APIs: 14, Instructions: 94sleepCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • pthread_mutex_lock.PTHREADVC2 ref: 06DB14F0
                                                                                                                                          • pthread_mutex_unlock.PTHREADVC2(?), ref: 06DB1502
                                                                                                                                            • Part of subcall function 06DB3360: InterlockedExchange.KERNEL32(?,00000000), ref: 06DB3376
                                                                                                                                          • pthread_mutex_lock.PTHREADVC2(?,?), ref: 06DB1508
                                                                                                                                          • pthread_mutex_trylock.PTHREADVC2(?,?,?,00000000,?,?), ref: 06DB1525
                                                                                                                                            • Part of subcall function 06DB33E0: InterlockedCompareExchange.KERNEL32(5604C483,00000001,00000000), ref: 06DB3403
                                                                                                                                            • Part of subcall function 06DB33E0: pthread_self.PTHREADVC2 ref: 06DB341B
                                                                                                                                          • pthread_mutex_unlock.PTHREADVC2(?,?,?,?,00000000,?,?), ref: 06DB1533
                                                                                                                                            • Part of subcall function 06DB3360: pthread_self.PTHREADVC2(?,?,06DB52BC,?,?,?,06DB2AE2,01BF0578,00000000), ref: 06DB338A
                                                                                                                                            • Part of subcall function 06DB3360: pthread_equal.PTHREADVC2(?,?,00000000,?,?,?,06DB52BC,?,?,?,06DB2AE2,01BF0578,00000000), ref: 06DB3399
                                                                                                                                            • Part of subcall function 06DB3360: InterlockedExchange.KERNEL32(?,00000000), ref: 06DB33B9
                                                                                                                                            • Part of subcall function 06DB3360: SetEvent.KERNEL32(?,?,?,06DB2AE2,01BF0578,00000000), ref: 06DB33C7
                                                                                                                                          • Sleep.KERNEL32(00000001,?,?,?,?,00000000,?,?), ref: 06DB153D
                                                                                                                                          • TlsGetValue.KERNEL32(?,?,?,?,00000000,?,?), ref: 06DB155B
                                                                                                                                          • TlsSetValue.KERNEL32(?,00000000,?,?,?,?,00000000,?,?), ref: 06DB1568
                                                                                                                                          • pthread_mutex_unlock.PTHREADVC2(?), ref: 06DB157A
                                                                                                                                          • pthread_mutex_unlock.PTHREADVC2(?,?), ref: 06DB1583
                                                                                                                                          • pthread_mutex_lock.PTHREADVC2(?,?,00000000,?,?,?,?,00000000,?,?), ref: 06DB15B5
                                                                                                                                          • pthread_mutex_unlock.PTHREADVC2(?,?,?,00000000,?,?), ref: 06DB15CC
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361426622.0000000006DB1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 06DB0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361402305.0000000006DB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361483658.0000000006DB6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361523421.0000000006DB8000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361556198.0000000006DB9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6db0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: pthread_mutex_unlock$ExchangeInterlockedpthread_mutex_lock$Valuepthread_self$CompareEventSleeppthread_equalpthread_mutex_trylock
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1205495886-0
                                                                                                                                          • Opcode ID: f5a20cb0d0e27dcfe791c0d47a25076217ab56cf0bd59d7399287609ec956dbf
                                                                                                                                          • Instruction ID: 6422ba6d64225c23267434858b6c5ea4caacfd3090e26a896da33d4f530dff82
                                                                                                                                          • Opcode Fuzzy Hash: f5a20cb0d0e27dcfe791c0d47a25076217ab56cf0bd59d7399287609ec956dbf
                                                                                                                                          • Instruction Fuzzy Hash: 4F314C75908704DFC290EF299C40BABB7E8FF84604F055918E99B63309DB35F9198BE6
                                                                                                                                          Function 069B4BF0 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 211COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 069C2621: _malloc.LIBCMT ref: 069C263B
                                                                                                                                          • ??0ID3_Frame@@QAE@W4ID3_FrameID@@@Z.ID3LIB(00000000), ref: 069B4C85
                                                                                                                                          • ?SetSpec@ID3_Frame@@QAE_NW4ID3_V2Spec@@@Z.ID3LIB(00000000), ref: 069B4CA3
                                                                                                                                          • ?Parse@ID3_Frame@@QAE_NAAVID3_TagImpl@@AAVID3_Reader@@@Z.ID3LIB(?,?,00000000), ref: 069B4CAC
                                                                                                                                          • ?GetID@ID3_Frame@@QBE?AW4ID3_FrameID@@XZ.ID3LIB ref: 069B4CE6
                                                                                                                                          • ?GetField@ID3_Frame@@QBEPAVID3_Field@@W4ID3_FieldID@@@Z.ID3LIB(00000004), ref: 069B4D01
                                                                                                                                          • ?atEnd@ID3_Reader@@UAE_NXZ.ID3LIB ref: 069B4D45
                                                                                                                                          • ?readBENumber@io@dami@@YAIAAVID3_Reader@@I@Z.ID3LIB(069FDF68,00000004), ref: 069B4D8B
                                                                                                                                          • ?GetDataSize@ID3_Frame@@QBEIXZ.ID3LIB ref: 069B4D97
                                                                                                                                          • ??0CompressedReader@io@dami@@QAE@AAVID3_Reader@@I@Z.ID3LIB(?,00000000), ref: 069B4DA6
                                                                                                                                          • ??1CompressedReader@io@dami@@UAE@XZ.ID3LIB ref: 069B4DE5
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Frame@@$Reader@@$CompressedD@@@FrameReader@io@dami@@$?readDataEnd@FieldField@Field@@Impl@@Number@io@dami@@Parse@Reader@@@Size@Spec@Spec@@@_malloc
                                                                                                                                          • String ID: z
                                                                                                                                          • API String ID: 2319148918-1657960367
                                                                                                                                          • Opcode ID: 514bd50dc5b0548ce13cda19279bd25acf8ad6ccd196495ffa3640c4f0e7a544
                                                                                                                                          • Instruction ID: e6f0194fd634dd03d2fc5a97e50397aa394f97b06b6e2c6ffccbb0232e0de01a
                                                                                                                                          • Opcode Fuzzy Hash: 514bd50dc5b0548ce13cda19279bd25acf8ad6ccd196495ffa3640c4f0e7a544
                                                                                                                                          • Instruction Fuzzy Hash: 0171AB706083419FCB85DF68C880B6EB7E5BFC8B04F144A1DE99587786DB74EA05CB92
                                                                                                                                          Function 06DB30B0 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 147COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361426622.0000000006DB1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 06DB0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361402305.0000000006DB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361483658.0000000006DB6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361523421.0000000006DB8000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361556198.0000000006DB9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6db0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: $
                                                                                                                                          • API String ID: 0-3993045852
                                                                                                                                          • Opcode ID: 71cb0e169d5547ce90de0b2a3db29d25e036a9cf7c5a0fc669053e951e128208
                                                                                                                                          • Instruction ID: 97781fbb9f5cddaa07ca4ab7317d89aa603c529aac74492e9a7758b1f67ceebb
                                                                                                                                          • Opcode Fuzzy Hash: 71cb0e169d5547ce90de0b2a3db29d25e036a9cf7c5a0fc669053e951e128208
                                                                                                                                          • Instruction Fuzzy Hash: 8B418172605311DBD660DF1AEC40A97F3E8EF812B5B258A1EF566C3684DB32E400AB60
                                                                                                                                          Function 069CA070 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 57libraryloaderCOMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • GetModuleHandleW.KERNEL32(KERNEL32.DLL,06A09EA0,0000000C,069CA1AB,00000000,00000000,?,069C6A86,00000000,00000001,00000000,?,069CBF6C,00000018,06A09FB0,0000000C), ref: 069CA082
                                                                                                                                          • __crt_waiting_on_module_handle.LIBCMT ref: 069CA08D
                                                                                                                                            • Part of subcall function 069CEE8A: Sleep.KERNEL32(000003E8,00000000,?,069C9F96,KERNEL32.DLL,?,?,069CA367,00000000,?,069C6051,00000000,?,?,?,069C60B4), ref: 069CEE96
                                                                                                                                            • Part of subcall function 069CEE8A: GetModuleHandleW.KERNEL32(00000000,?,069C9F96,KERNEL32.DLL,?,?,069CA367,00000000,?,069C6051,00000000,?,?,?,069C60B4,?), ref: 069CEE9F
                                                                                                                                          • GetProcAddress.KERNEL32(00000000,EncodePointer), ref: 069CA0B6
                                                                                                                                          • GetProcAddress.KERNEL32(00000000,DecodePointer), ref: 069CA0C6
                                                                                                                                          • __lock.LIBCMT ref: 069CA0E8
                                                                                                                                          • InterlockedIncrement.KERNEL32(?), ref: 069CA0F5
                                                                                                                                          • __lock.LIBCMT ref: 069CA109
                                                                                                                                          • ___addlocaleref.LIBCMT ref: 069CA127
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: AddressHandleModuleProc__lock$IncrementInterlockedSleep___addlocaleref__crt_waiting_on_module_handle
                                                                                                                                          • String ID: DecodePointer$EncodePointer$KERNEL32.DLL
                                                                                                                                          • API String ID: 1028249917-2843748187
                                                                                                                                          • Opcode ID: 2eeac7efeea0eb03a130b6af638d353dddc1b4ec35f0e313ac554ad492e01572
                                                                                                                                          • Instruction ID: 4117ad20fcb7b4dfc55745aaca3153ca86fb9f1124e5232b670a325e39bfe57c
                                                                                                                                          • Opcode Fuzzy Hash: 2eeac7efeea0eb03a130b6af638d353dddc1b4ec35f0e313ac554ad492e01572
                                                                                                                                          • Instruction Fuzzy Hash: B0115E71840705AFE7E0FF79EC40B5ABBE0AF46324F20451DE5A996690CB749941DF12
                                                                                                                                          Function 069A9400 Relevance: 18.1, APIs: 12, Instructions: 99COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • ?Find@ID3_Tag@@QBEPAVID3_Frame@@W4ID3_FrameID@@@Z.ID3LIB(0000003E), ref: 069A9415
                                                                                                                                          • ?RemoveFrame@ID3_Tag@@QAEPAVID3_Frame@@PBV2@@Z.ID3LIB(00000000,0000003E), ref: 069A9423
                                                                                                                                          • ?Find@ID3_Tag@@QBEPAVID3_Frame@@W4ID3_FrameID@@@Z.ID3LIB(0000003E,00000000,0000003E), ref: 069A943B
                                                                                                                                          • ?Find@ID3_Tag@@QBEPAVID3_Frame@@W4ID3_FrameID@@@Z.ID3LIB(0000003F,0000003E), ref: 069A9448
                                                                                                                                          • ?RemoveFrame@ID3_Tag@@QAEPAVID3_Frame@@PBV2@@Z.ID3LIB(00000000,0000003F,0000003E), ref: 069A9454
                                                                                                                                          • ?Find@ID3_Tag@@QBEPAVID3_Frame@@W4ID3_FrameID@@@Z.ID3LIB(0000003F,00000000,0000003F,0000003E), ref: 069A946C
                                                                                                                                          • ?Find@ID3_Tag@@QBEPAVID3_Frame@@W4ID3_FrameID@@@Z.ID3LIB(00000040,0000003F,0000003E), ref: 069A9479
                                                                                                                                          • ?RemoveFrame@ID3_Tag@@QAEPAVID3_Frame@@PBV2@@Z.ID3LIB(00000000,00000040,0000003F,0000003E), ref: 069A9485
                                                                                                                                          • ?Find@ID3_Tag@@QBEPAVID3_Frame@@W4ID3_FrameID@@@Z.ID3LIB(00000040,00000000,00000040,0000003F,0000003E), ref: 069A949D
                                                                                                                                          • ?Find@ID3_Tag@@QBEPAVID3_Frame@@W4ID3_FrameID@@@Z.ID3LIB(00000020,00000040,0000003F,0000003E), ref: 069A94AA
                                                                                                                                          • ?RemoveFrame@ID3_Tag@@QAEPAVID3_Frame@@PBV2@@Z.ID3LIB(00000000,00000020,00000040,0000003F,0000003E), ref: 069A94B6
                                                                                                                                          • ?Find@ID3_Tag@@QBEPAVID3_Frame@@W4ID3_FrameID@@@Z.ID3LIB(00000020,00000000,00000020,00000040,0000003F,0000003E), ref: 069A94CE
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Frame@@Tag@@$D@@@Find@Frame$Frame@RemoveV2@@
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3896792218-0
                                                                                                                                          • Opcode ID: e54281c7fcf4fafdbc9a5994bd9fb82260f5da6f1ecf22c3c4e8e0238f7da797
                                                                                                                                          • Instruction ID: d6f53f9ef6ceb9a557338b5e817e214706eeace0446d630bc97827ee11ae9408
                                                                                                                                          • Opcode Fuzzy Hash: e54281c7fcf4fafdbc9a5994bd9fb82260f5da6f1ecf22c3c4e8e0238f7da797
                                                                                                                                          • Instruction Fuzzy Hash: FE2101707203222BEFD9E67E5D60B3E23CE5BC5A50F1040659A26CBAC4EF55CE4282F1
                                                                                                                                          Function 06992987 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 173COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 481150cab8da77ec2d3871cf232a907158c5f4d5261c146dc5c790d288b241b7
                                                                                                                                          • Instruction ID: cac529f27ec9d51087aca9f9bc73dfbd14daead87696c27bf4b8ea0274129c6f
                                                                                                                                          • Opcode Fuzzy Hash: 481150cab8da77ec2d3871cf232a907158c5f4d5261c146dc5c790d288b241b7
                                                                                                                                          • Instruction Fuzzy Hash: AB715D21C18398DEEF61CBA8DC44BDDBBB5AF09314F10419AE058FB2A1D7B50A84CF25
                                                                                                                                          Function 069DD321 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 109COMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • UnDecorator::getBasicDataType.LIBCMT ref: 069DD35D
                                                                                                                                          • DName::operator=.LIBCMT ref: 069DD371
                                                                                                                                          • DName::operator+=.LIBCMT ref: 069DD37F
                                                                                                                                          • UnDecorator::getReferenceType.LIBCMT ref: 069DD3A6
                                                                                                                                          • DName::DName.LIBCMT ref: 069DD3C4
                                                                                                                                          • UnDecorator::getDataIndirectType.LIBCMT ref: 069DD402
                                                                                                                                          • UnDecorator::getBasicDataType.LIBCMT ref: 069DD40B
                                                                                                                                          • operator+.LIBCMT ref: 069DD44A
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Decorator::getType$Data$Basic$IndirectNameName::Name::operator+=Name::operator=Referenceoperator+
                                                                                                                                          • String ID: volatile
                                                                                                                                          • API String ID: 2092030914-4266433718
                                                                                                                                          • Opcode ID: f8b5b1bce34512c7f38c050f956f05eca2f958ac392644431cdddbac72c7c55d
                                                                                                                                          • Instruction ID: 030509a8aad1b128e20ce4dd8cb1f4f798b66b0ec734fd55824d12f9a844bc67
                                                                                                                                          • Opcode Fuzzy Hash: f8b5b1bce34512c7f38c050f956f05eca2f958ac392644431cdddbac72c7c55d
                                                                                                                                          • Instruction Fuzzy Hash: 9131A071800249AFDB94EF58CC808BDBBADFF84354F10C136E9599B990E731AE46CB91
                                                                                                                                          Function 069C8D80 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 106COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: __getptd
                                                                                                                                          • String ID: MOC$csm$csm
                                                                                                                                          • API String ID: 3384420010-2232927589
                                                                                                                                          • Opcode ID: 700c2ca1ed2a3d3dcc5b85a532f0de88545ea4e1c0c3cfd81def15b850b0b367
                                                                                                                                          • Instruction ID: 65942a99121e27f02756adc67d399f13f6aea83a97708bb59fddbbcb6a7df49f
                                                                                                                                          • Opcode Fuzzy Hash: 700c2ca1ed2a3d3dcc5b85a532f0de88545ea4e1c0c3cfd81def15b850b0b367
                                                                                                                                          • Instruction Fuzzy Hash: E8317E32D006049FEBB0AE58CA447BA7BACAF40235F68496ED856C7E51D730E944CB93
                                                                                                                                          Function 06DB2100 Relevance: 16.6, APIs: 11, Instructions: 117COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361426622.0000000006DB1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 06DB0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361402305.0000000006DB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361483658.0000000006DB6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361523421.0000000006DB8000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361556198.0000000006DB9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6db0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: e133543c8a2d719aab4c728f36cacdc0b1f63d01669ca53ef94b3ff0c0760777
                                                                                                                                          • Instruction ID: 31a1c1c51b2b1e5588069ca9e291167026b9ac4714849f9ababe880360a43ac8
                                                                                                                                          • Opcode Fuzzy Hash: e133543c8a2d719aab4c728f36cacdc0b1f63d01669ca53ef94b3ff0c0760777
                                                                                                                                          • Instruction Fuzzy Hash: 2A319176A00700DBD3A08F56FC40BA6B7EAEB84BA1F181025EA56C7348D631E945CAA1
                                                                                                                                          Function 06DB1E30 Relevance: 16.6, APIs: 11, Instructions: 105COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • pthread_kill.PTHREADVC2(?,?,00000000), ref: 06DB1E3E
                                                                                                                                            • Part of subcall function 06DB2960: EnterCriticalSection.KERNEL32(06DB80E0,?,06DB1E43,?,?,00000000), ref: 06DB2968
                                                                                                                                            • Part of subcall function 06DB2960: LeaveCriticalSection.KERNEL32(06DB80E0), ref: 06DB2992
                                                                                                                                          • pthread_self.PTHREADVC2 ref: 06DB1E52
                                                                                                                                            • Part of subcall function 06DB2A40: pthread_getspecific.PTHREADVC2(01BF0578,00000000,5604C483,?,06DB3435), ref: 06DB2A49
                                                                                                                                          • pthread_equal.PTHREADVC2(?,?,00000000), ref: 06DB1E69
                                                                                                                                          • pthread_mutex_lock.PTHREADVC2(?,?,?,00000000), ref: 06DB1E74
                                                                                                                                          • pthread_mutex_unlock.PTHREADVC2 ref: 06DB1EA9
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361426622.0000000006DB1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 06DB0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361402305.0000000006DB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361483658.0000000006DB6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361523421.0000000006DB8000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361556198.0000000006DB9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6db0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CriticalSection$EnterLeavepthread_equalpthread_getspecificpthread_killpthread_mutex_lockpthread_mutex_unlockpthread_self
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3302243346-0
                                                                                                                                          • Opcode ID: d9b85808776a7882afbd0cef6665a724d812a3b647b1b19b54f9aa1002b3051e
                                                                                                                                          • Instruction ID: 75f25d1570fbcea098c3462421a446b13c2c238f4714ba55dbb5fcc952555073
                                                                                                                                          • Opcode Fuzzy Hash: d9b85808776a7882afbd0cef6665a724d812a3b647b1b19b54f9aa1002b3051e
                                                                                                                                          • Instruction Fuzzy Hash: FC318D72605600DBD2A0AF1AFD84BABB7E9EF84B14F40285DF557C6608D731E9058BB2
                                                                                                                                          Function 06DB11F0 Relevance: 16.6, APIs: 11, Instructions: 51COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • pthread_key_delete.PTHREADVC2(01BF0578,06DB11B3), ref: 06DB1207
                                                                                                                                            • Part of subcall function 06DB5110: pthread_mutex_lock.PTHREADVC2(01BF0598,?,?,?,?,06DB1228,01BF0590,06DB11B3), ref: 06DB5132
                                                                                                                                            • Part of subcall function 06DB5110: pthread_mutex_lock.PTHREADVC2(00000028,06DB11B3), ref: 06DB514F
                                                                                                                                            • Part of subcall function 06DB5110: pthread_mutex_unlock.PTHREADVC2(00000028,00000000,?,06DB11B3), ref: 06DB5162
                                                                                                                                            • Part of subcall function 06DB5110: pthread_mutex_unlock.PTHREADVC2(01BF0598,06DB11B3), ref: 06DB517C
                                                                                                                                            • Part of subcall function 06DB5110: TlsFree.KERNEL32(00000000,?,?,?,?,06DB1228,01BF0590,06DB11B3), ref: 06DB5187
                                                                                                                                            • Part of subcall function 06DB5110: pthread_mutex_destroy.PTHREADVC2(01BF0598,?,?,?,?,06DB1228,01BF0590,06DB11B3), ref: 06DB5198
                                                                                                                                            • Part of subcall function 06DB5110: Sleep.KERNEL32(00000000,06DB11B3), ref: 06DB51AD
                                                                                                                                            • Part of subcall function 06DB5110: pthread_mutex_destroy.PTHREADVC2(01BF0598), ref: 06DB51B0
                                                                                                                                            • Part of subcall function 06DB5110: free.MSVCRT ref: 06DB51BE
                                                                                                                                          • pthread_key_delete.PTHREADVC2(01BF0590,06DB11B3), ref: 06DB1223
                                                                                                                                          • EnterCriticalSection.KERNEL32(06DB80E0,?,06DB11B3), ref: 06DB123B
                                                                                                                                          • free.MSVCRT ref: 06DB1256
                                                                                                                                          • LeaveCriticalSection.KERNEL32(06DB80E0,?,06DB11B3), ref: 06DB1268
                                                                                                                                          • DeleteCriticalSection.KERNEL32(06DB8140,?,06DB11B3), ref: 06DB1279
                                                                                                                                          • DeleteCriticalSection.KERNEL32(06DB8160,?,06DB11B3), ref: 06DB1280
                                                                                                                                          • DeleteCriticalSection.KERNEL32(06DB8100,?,06DB11B3), ref: 06DB1287
                                                                                                                                          • DeleteCriticalSection.KERNEL32(06DB8180,?,06DB11B3), ref: 06DB128E
                                                                                                                                          • DeleteCriticalSection.KERNEL32(06DB8120,?,06DB11B3), ref: 06DB1295
                                                                                                                                          • DeleteCriticalSection.KERNEL32(06DB80E0,?,06DB11B3), ref: 06DB129C
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361426622.0000000006DB1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 06DB0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361402305.0000000006DB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361483658.0000000006DB6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361523421.0000000006DB8000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361556198.0000000006DB9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6db0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CriticalSection$Delete$freepthread_key_deletepthread_mutex_destroypthread_mutex_lockpthread_mutex_unlock$EnterFreeLeaveSleep
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1094913851-0
                                                                                                                                          • Opcode ID: 81c7ae87c9877ebbf3e40315644abd4da507c58ac9db538e674c463c5ff0b88f
                                                                                                                                          • Instruction ID: 57453fd810d2c0cfdc36c708576499681e5d44706182b7ee2775a7480115dbce
                                                                                                                                          • Opcode Fuzzy Hash: 81c7ae87c9877ebbf3e40315644abd4da507c58ac9db538e674c463c5ff0b88f
                                                                                                                                          • Instruction Fuzzy Hash: 37014071E41214E7C7E0AF67BC4AB8A3E5EEB046D5B083015E5169334CC670D408EEA2
                                                                                                                                          Function 069929C8 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 163COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,85557334), ref: 069929E7
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,F23B576D), ref: 069929F9
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,C0104754), ref: 06992A91
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,5B40A19F), ref: 06992AA6
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,6AE4AB71), ref: 06992AB8
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ?getCharEnd@Reader@io@dami@@
                                                                                                                                          • String ID: OleAut32$mscoree$ntdll
                                                                                                                                          • API String ID: 495049384-3596425917
                                                                                                                                          • Opcode ID: 2f2497a71ee25463e74f873847ea249b384f7255ad37a3ebe75d0839f10f6358
                                                                                                                                          • Instruction ID: 6313f4e0d5b508cedf7ab78d73c3ff3798ba74db2bdd25c33374e7f4f374e6aa
                                                                                                                                          • Opcode Fuzzy Hash: 2f2497a71ee25463e74f873847ea249b384f7255ad37a3ebe75d0839f10f6358
                                                                                                                                          • Instruction Fuzzy Hash: BB614E31C18298EEEF51CBE8D844BEDBBB5AF09314F10409AE558FB291D7B50A84CF25
                                                                                                                                          Function 069929D7 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 161COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,85557334), ref: 069929E7
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,F23B576D), ref: 069929F9
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ?getCharEnd@Reader@io@dami@@
                                                                                                                                          • String ID: 8$OleAut32$mscoree$ntdll
                                                                                                                                          • API String ID: 495049384-2361160079
                                                                                                                                          • Opcode ID: a1e91a65fee7c6b84096199860800605a76ae16582cf47abace6c1cfbf3a944e
                                                                                                                                          • Instruction ID: e4f9aac5e5d8f23b21c10b1684b1aaf972add2b72dbbee06daae5cb0a3e2ef4a
                                                                                                                                          • Opcode Fuzzy Hash: a1e91a65fee7c6b84096199860800605a76ae16582cf47abace6c1cfbf3a944e
                                                                                                                                          • Instruction Fuzzy Hash: FD614E31D18298EEEF51CBE8D844BEDBBB5AF09314F10409AE558FB291D7B50A84CF25
                                                                                                                                          Function 069AA980 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 104COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • ?ID3_RemoveTracks@@YAIPAVID3_Tag@@@Z.ID3LIB(?,?,?,?,?,?,6E79B076,?,?,?,?,?,069F733B,000000FF), ref: 069AA9C5
                                                                                                                                          • ?Find@ID3_Tag@@QBEPAVID3_Frame@@W4ID3_FrameID@@@Z.ID3LIB(00000045,?,?,?,?,?,6E79B076,?,?,?,?,?,069F733B,000000FF), ref: 069AA9D3
                                                                                                                                          • ??0ID3_Frame@@QAE@W4ID3_FrameID@@@Z.ID3LIB(00000045), ref: 069AA9FA
                                                                                                                                          • _sprintf.LIBCMT ref: 069AAA2E
                                                                                                                                          • _sprintf.LIBCMT ref: 069AAA51
                                                                                                                                          • ?GetField@ID3_Frame@@QBEPAVID3_Field@@W4ID3_FieldID@@@Z.ID3LIB(00000002), ref: 069AAA5D
                                                                                                                                          • ?AttachFrame@ID3_Tag@@QAE_NPAVID3_Frame@@@Z.ID3LIB(00000000), ref: 069AAA6F
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: D@@@Frame@@$FrameTag@@_sprintf$AttachFieldField@Field@@Find@Frame@Frame@@@RemoveTag@@@Tracks@@
                                                                                                                                          • String ID: %lu$%lu/%lu
                                                                                                                                          • API String ID: 2671021512-1827582063
                                                                                                                                          • Opcode ID: 11e4558131dc4cae34f1744b1c26910938cec2d9895a1ebef7c0b59f7cf6fdd9
                                                                                                                                          • Instruction ID: be471b896ce99c109ea9e2f2524eb6644bddd61b95d59c2fb89e38a49c0ba78d
                                                                                                                                          • Opcode Fuzzy Hash: 11e4558131dc4cae34f1744b1c26910938cec2d9895a1ebef7c0b59f7cf6fdd9
                                                                                                                                          • Instruction Fuzzy Hash: F7314BB1B487506FD6D1D7299C01B3FB3D99BC5A30F04052EF96596B80E6258A05C3F3
                                                                                                                                          Function 069DB2DF Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 55COMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • UnDecorator::UScore.LIBCMT ref: 069DB2E9
                                                                                                                                          • DName::DName.LIBCMT ref: 069DB2F5
                                                                                                                                            • Part of subcall function 069D9214: DName::doPchar.LIBCMT ref: 069D9241
                                                                                                                                          • DName::DName.LIBCMT ref: 069DB322
                                                                                                                                            • Part of subcall function 069D8E48: DNameStatusNode::make.LIBCMT ref: 069D8E76
                                                                                                                                          • UnDecorator::getScopedName.LIBCMT ref: 069DB330
                                                                                                                                          • DName::operator+=.LIBCMT ref: 069DB33A
                                                                                                                                          • DName::operator+=.LIBCMT ref: 069DB349
                                                                                                                                          • DName::operator+=.LIBCMT ref: 069DB355
                                                                                                                                          • DName::operator+=.LIBCMT ref: 069DB362
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: NameName::operator+=$Name::$Decorator::Decorator::getName::doNode::makePcharScopedScoreStatus
                                                                                                                                          • String ID: void
                                                                                                                                          • API String ID: 2229739886-3531332078
                                                                                                                                          • Opcode ID: b91eb35ee2ee5fad24d8257a7ea1e9fcaee7286aa274e70314f54ba83956c999
                                                                                                                                          • Instruction ID: e407d9a33cab1f8f50b67edf19d8df42db1462dccf809f707b6f2f9deaf08371
                                                                                                                                          • Opcode Fuzzy Hash: b91eb35ee2ee5fad24d8257a7ea1e9fcaee7286aa274e70314f54ba83956c999
                                                                                                                                          • Instruction Fuzzy Hash: C911A5B1900148AFDBC8FFA8DC55AADBBA4EF50304F448079E52A975D4DB709A41C750
                                                                                                                                          Function 069A3060 Relevance: 15.4, APIs: 10, Instructions: 430COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • ??0WindowedReader@io@dami@@QAE@AAVID3_Reader@@I@Z.ID3LIB(?,?), ref: 069A313F
                                                                                                                                          • ?readBENumber@io@dami@@YAIAAVID3_Reader@@I@Z.ID3LIB(?,00000004,?,?), ref: 069A316A
                                                                                                                                            • Part of subcall function 06992AA4: ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,5B40A19F), ref: 06992AA6
                                                                                                                                            • Part of subcall function 06992AA4: ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,6AE4AB71), ref: 06992AB8
                                                                                                                                          • ?readChar@WindowedReader@io@dami@@UAEFXZ.ID3LIB(?,?), ref: 069A3185
                                                                                                                                          • ?readChar@WindowedReader@io@dami@@UAEFXZ.ID3LIB(?,?), ref: 069A31AD
                                                                                                                                          • ?readChar@WindowedReader@io@dami@@UAEFXZ.ID3LIB(?,?), ref: 069A31D1
                                                                                                                                          • ?readBENumber@io@dami@@YAIAAVID3_Reader@@I@Z.ID3LIB(?,00000004,?,?), ref: 069A31FD
                                                                                                                                          • ?readAllBinary@io@dami@@YA?AV?$basic_string@EU?$char_traits@E@std@@V?$allocator@E@2@@std@@AAVID3_Reader@@@Z.ID3LIB(?,?,?,?), ref: 069A32B5
                                                                                                                                          • ?readAllBinary@io@dami@@YA?AV?$basic_string@EU?$char_traits@E@std@@V?$allocator@E@2@@std@@AAVID3_Reader@@@Z.ID3LIB(?,069FE240,?,?,?,?), ref: 069A32F6
                                                                                                                                          • ?setWindow@WindowedReader@io@dami@@QAEXII@Z.ID3LIB(?,-00000004,?,?), ref: 069A3394
                                                                                                                                          • ??0CompressedReader@io@dami@@QAE@AAVID3_Reader@@I@Z.ID3LIB(?,?), ref: 069A33DA
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Reader@io@dami@@$?read$Windowed$Reader@@$Char@$?getBinary@io@dami@@CharE@2@@std@@E@std@@End@Number@io@dami@@Reader@@@U?$char_traits@V?$allocator@V?$basic_string@$?setCompressedWindow@
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 366671746-0
                                                                                                                                          • Opcode ID: d60863f282b5c66e40eadc869ffc506f8c939f71de4f54903340aa9cc2d4e646
                                                                                                                                          • Instruction ID: edf5e5bdc61ba69d2b0b41f81088e19e28acd5a6a054a643388fe28924fe24f8
                                                                                                                                          • Opcode Fuzzy Hash: d60863f282b5c66e40eadc869ffc506f8c939f71de4f54903340aa9cc2d4e646
                                                                                                                                          • Instruction Fuzzy Hash: F7F1D1716183819FDBA0DF28C84076BB7E5BFC9300F544A2DE49AC7A81DB35D949CB92
                                                                                                                                          Function 069AA090 Relevance: 15.1, APIs: 10, Instructions: 125COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • ?Find@ID3_Tag@@QBEPAVID3_Frame@@W4ID3_FrameID@@W4ID3_FieldID@@PBD@Z.ID3LIB(0000001C,0000000A,?,6E79B076,?,?,?,?,?,069F721B,000000FF), ref: 069AA0D7
                                                                                                                                          • ?Find@ID3_Tag@@QBEPAVID3_Frame@@W4ID3_FrameID@@W4ID3_FieldID@@PBD@Z.ID3LIB(0000001C,00000005,?,0000001C,0000000A,?,6E79B076,?,?,?,?,?,069F721B,000000FF), ref: 069AA0E7
                                                                                                                                          • ?RemoveFrame@ID3_Tag@@QAEPAVID3_Frame@@PBV2@@Z.ID3LIB(00000000,?,?,?,?,?,?,0000001C,0000000A,?,6E79B076), ref: 069AA110
                                                                                                                                          • ??0ID3_Frame@@QAE@W4ID3_FrameID@@@Z.ID3LIB(0000001C), ref: 069AA147
                                                                                                                                          • ?GetField@ID3_Frame@@QBEPAVID3_Field@@W4ID3_FieldID@@@Z.ID3LIB(?,?,?,?,?,?,?,?,?,000000FF), ref: 069AA15A
                                                                                                                                          • ?GetField@ID3_Frame@@QBEPAVID3_Field@@W4ID3_FieldID@@@Z.ID3LIB(00000005,?,?,?,?,?,?,?,?,?,000000FF), ref: 069AA16D
                                                                                                                                          • ?GetField@ID3_Frame@@QBEPAVID3_Field@@W4ID3_FieldID@@@Z.ID3LIB(00000016,?,?,?,?,?,?,?,?,?,000000FF), ref: 069AA184
                                                                                                                                          • ?GetField@ID3_Frame@@QBEPAVID3_Field@@W4ID3_FieldID@@@Z.ID3LIB(00000017,?,?,?,?,?,?,?,?,?,000000FF), ref: 069AA19B
                                                                                                                                          • ?GetField@ID3_Frame@@QBEPAVID3_Field@@W4ID3_FieldID@@@Z.ID3LIB(00000004,?,?,?,?,?,?,?,?,?,000000FF), ref: 069AA1B2
                                                                                                                                          • ?AttachFrame@ID3_Tag@@QAE_NPAVID3_Frame@@@Z.ID3LIB(00000000,?,?,?,?,?,?,?,?,?,000000FF), ref: 069AA1C9
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Frame@@$Field$D@@@$Field@Field@@$Tag@@$Frame$Find@Frame@$AttachFrame@@@RemoveV2@@
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 4265548268-0
                                                                                                                                          • Opcode ID: b4d3a064b749c9a60db66266b0bfdbe0781d36903bb274474cc328a7f6b393c3
                                                                                                                                          • Instruction ID: 9a1b2fc5a2edd240eeac816081f639d8bb803dfd2633154f0c9594012c376cf1
                                                                                                                                          • Opcode Fuzzy Hash: b4d3a064b749c9a60db66266b0bfdbe0781d36903bb274474cc328a7f6b393c3
                                                                                                                                          • Instruction Fuzzy Hash: 84416C71754710AFDA95DB64CC80F3EB3DAABC9B10F244619E6168B7C0DA34DD02C7A2
                                                                                                                                          Function 06DB48B0 Relevance: 15.1, APIs: 10, Instructions: 97COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • pthread_testcancel.PTHREADVC2 ref: 06DB48C5
                                                                                                                                            • Part of subcall function 06DB1D60: pthread_self.PTHREADVC2 ref: 06DB1D64
                                                                                                                                            • Part of subcall function 06DB1D60: pthread_mutex_lock.PTHREADVC2(00000030), ref: 06DB1D80
                                                                                                                                            • Part of subcall function 06DB1D60: ResetEvent.KERNEL32(?), ref: 06DB1D94
                                                                                                                                            • Part of subcall function 06DB1D60: pthread_mutex_unlock.PTHREADVC2(00000030), ref: 06DB1DA2
                                                                                                                                            • Part of subcall function 06DB1D60: pthread_mutex_unlock.PTHREADVC2(?,?,?,?,?,?,00000030,00000030), ref: 06DB1DAF
                                                                                                                                            • Part of subcall function 06DB1D60: pthread_mutex_unlock.PTHREADVC2(00000030), ref: 06DB1DBF
                                                                                                                                          • _errno.MSVCRT ref: 06DB48D6
                                                                                                                                          • pthread_mutex_lock.PTHREADVC2(?,?,?,?,?,06DB24F9,?,?), ref: 06DB4909
                                                                                                                                          • pthread_mutex_unlock.PTHREADVC2(?,?,?,?,?,?,06DB24F9,?,?), ref: 06DB491F
                                                                                                                                          • _errno.MSVCRT ref: 06DB4927
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361426622.0000000006DB1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 06DB0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361402305.0000000006DB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361483658.0000000006DB6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361523421.0000000006DB8000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361556198.0000000006DB9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6db0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: pthread_mutex_unlock$_errnopthread_mutex_lock$EventResetpthread_selfpthread_testcancel
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1626616156-0
                                                                                                                                          • Opcode ID: 81d9956cf176144c67052d1be96c9f3f5fb7037d07e84e7e25275e0f7db27ed7
                                                                                                                                          • Instruction ID: 365151b286739338a829d6584410fc8c9f1a6f9d665b4adbe84f4adb35c5f5c6
                                                                                                                                          • Opcode Fuzzy Hash: 81d9956cf176144c67052d1be96c9f3f5fb7037d07e84e7e25275e0f7db27ed7
                                                                                                                                          • Instruction Fuzzy Hash: DC31C876904345CBD740EF69EC8069B73E8FF85234F441A6EE96683249E775E10887B3
                                                                                                                                          Function 069C801A Relevance: 15.1, APIs: 10, Instructions: 95COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • __calloc_crt.LIBCMT ref: 069C8033
                                                                                                                                            • Part of subcall function 069C6ABA: __calloc_impl.LIBCMT ref: 069C6ACB
                                                                                                                                            • Part of subcall function 069C6ABA: Sleep.KERNEL32(00000000), ref: 069C6AE2
                                                                                                                                          • __calloc_crt.LIBCMT ref: 069C8057
                                                                                                                                          • __calloc_crt.LIBCMT ref: 069C8073
                                                                                                                                          • __copytlocinfo_nolock.LIBCMT ref: 069C8098
                                                                                                                                          • __setlocale_nolock.LIBCMT ref: 069C80A5
                                                                                                                                          • ___removelocaleref.LIBCMT ref: 069C80B1
                                                                                                                                          • ___freetlocinfo.LIBCMT ref: 069C80B8
                                                                                                                                          • __setmbcp_nolock.LIBCMT ref: 069C80D0
                                                                                                                                          • ___removelocaleref.LIBCMT ref: 069C80E5
                                                                                                                                          • ___freetlocinfo.LIBCMT ref: 069C80EC
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: __calloc_crt$___freetlocinfo___removelocaleref$Sleep__calloc_impl__copytlocinfo_nolock__setlocale_nolock__setmbcp_nolock
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2969281212-0
                                                                                                                                          • Opcode ID: ba66a5f9da5549fddbaaafe2c2332ba36e106bd6afd870cb7cfe734a19bfa561
                                                                                                                                          • Instruction ID: 6ace29664e886bc631ea0f2d5b714bc653e4904a50b35b223d6c959bc1fbfb53
                                                                                                                                          • Opcode Fuzzy Hash: ba66a5f9da5549fddbaaafe2c2332ba36e106bd6afd870cb7cfe734a19bfa561
                                                                                                                                          • Instruction Fuzzy Hash: 7421B131505601EFE7E1FF68DD1496A7FE5EFC2670F20841DE8A85A990DE319801CBA3
                                                                                                                                          Function 06DB47B0 Relevance: 15.1, APIs: 10, Instructions: 79COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • pthread_testcancel.PTHREADVC2(?,?,?,?,?), ref: 06DB47BE
                                                                                                                                            • Part of subcall function 06DB1D60: pthread_self.PTHREADVC2 ref: 06DB1D64
                                                                                                                                            • Part of subcall function 06DB1D60: pthread_mutex_lock.PTHREADVC2(00000030), ref: 06DB1D80
                                                                                                                                            • Part of subcall function 06DB1D60: ResetEvent.KERNEL32(?), ref: 06DB1D94
                                                                                                                                            • Part of subcall function 06DB1D60: pthread_mutex_unlock.PTHREADVC2(00000030), ref: 06DB1DA2
                                                                                                                                            • Part of subcall function 06DB1D60: pthread_mutex_unlock.PTHREADVC2(?,?,?,?,?,?,00000030,00000030), ref: 06DB1DAF
                                                                                                                                            • Part of subcall function 06DB1D60: pthread_mutex_unlock.PTHREADVC2(00000030), ref: 06DB1DBF
                                                                                                                                          • _errno.MSVCRT ref: 06DB47CC
                                                                                                                                          • pthread_mutex_lock.PTHREADVC2(?,?,?,?,?,?), ref: 06DB47E3
                                                                                                                                          • pthread_mutex_unlock.PTHREADVC2(?,?,?), ref: 06DB47F8
                                                                                                                                          • _errno.MSVCRT ref: 06DB4800
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361426622.0000000006DB1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 06DB0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361402305.0000000006DB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361483658.0000000006DB6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361523421.0000000006DB8000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361556198.0000000006DB9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6db0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: pthread_mutex_unlock$_errnopthread_mutex_lock$EventResetpthread_selfpthread_testcancel
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1626616156-0
                                                                                                                                          • Opcode ID: d8cd8b18c5a657c9c8db52efe347627f874d096be26732cea528416f7dd7cdec
                                                                                                                                          • Instruction ID: fb835bd223e6eebcc9319363752639d36baeedaeafed8f0e396ad89fe0346264
                                                                                                                                          • Opcode Fuzzy Hash: d8cd8b18c5a657c9c8db52efe347627f874d096be26732cea528416f7dd7cdec
                                                                                                                                          • Instruction Fuzzy Hash: 8C11E47B900204CBC290AB29BC402EB7394EFC0630F552536EE2686349EB39E54D92B2
                                                                                                                                          Function 06DB4660 Relevance: 15.1, APIs: 10, Instructions: 70sleepCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • pthread_mutex_lock.PTHREADVC2(?,00000010,00000000,?,?,06DB1AB5,00000010), ref: 06DB4677
                                                                                                                                          • _errno.MSVCRT ref: 06DB4698
                                                                                                                                          • pthread_mutex_unlock.PTHREADVC2(?,00000010), ref: 06DB468B
                                                                                                                                            • Part of subcall function 06DB3360: InterlockedExchange.KERNEL32(?,00000000), ref: 06DB3376
                                                                                                                                          • CloseHandle.KERNEL32(00000000,00000010), ref: 06DB46AC
                                                                                                                                          • pthread_mutex_unlock.PTHREADVC2(?), ref: 06DB46B7
                                                                                                                                          • _errno.MSVCRT ref: 06DB46C4
                                                                                                                                          • pthread_mutex_unlock.PTHREADVC2(?), ref: 06DB46E2
                                                                                                                                          • Sleep.KERNEL32(00000000), ref: 06DB46F2
                                                                                                                                          • pthread_mutex_destroy.PTHREADVC2(?), ref: 06DB46F5
                                                                                                                                          • free.MSVCRT ref: 06DB4703
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361426622.0000000006DB1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 06DB0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361402305.0000000006DB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361483658.0000000006DB6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361523421.0000000006DB8000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361556198.0000000006DB9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6db0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: pthread_mutex_unlock$_errno$CloseExchangeHandleInterlockedSleepfreepthread_mutex_destroypthread_mutex_lock
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3855897748-0
                                                                                                                                          • Opcode ID: 0e67089f3e89b14728a5eef49b995674e9862c459be3f4a392fe3cb398162e46
                                                                                                                                          • Instruction ID: 8f63379d1222513a249412b03befd1e326c5b9d179f9a49cd7ed0b48a492fd12
                                                                                                                                          • Opcode Fuzzy Hash: 0e67089f3e89b14728a5eef49b995674e9862c459be3f4a392fe3cb398162e46
                                                                                                                                          • Instruction Fuzzy Hash: 481104B6A00104DBDB40AB6AAC447CB33D8EF81232F151131E62786389DB31E51586B2
                                                                                                                                          Function 069929DC Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 160COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,85557334), ref: 069929E7
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,F23B576D), ref: 069929F9
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ?getCharEnd@Reader@io@dami@@
                                                                                                                                          • String ID: 8$OleAut32$mscoree$ntdll
                                                                                                                                          • API String ID: 495049384-2361160079
                                                                                                                                          • Opcode ID: d894c955b073b391861f327a5dd4bdc7e69f039c9affffc8a7d10a1cfbf07535
                                                                                                                                          • Instruction ID: a69a1167cd2e384e04d9c28070197e4d2f5cfb38269501a8b269dcc00164270d
                                                                                                                                          • Opcode Fuzzy Hash: d894c955b073b391861f327a5dd4bdc7e69f039c9affffc8a7d10a1cfbf07535
                                                                                                                                          • Instruction Fuzzy Hash: 5C614E31D18298EEEF51CBE8D844BEDBBB5AF09314F10409AE558FB291D7B50A84CF25
                                                                                                                                          Function 0B46A9B4 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 152networkCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • WSAIoctl.WS2_32(?,98000004,?,0000000C,00000000,00000000,?,00000000,00000000), ref: 0B46AA27
                                                                                                                                          • WSAIoctl.WS2_32(?,98000004,?,0000000C,00000000,00000000,?,00000000,00000000), ref: 0B46AA4D
                                                                                                                                          • select.WS2_32(00000000,?,00000000,00000000,0000000F), ref: 0B46AAA7
                                                                                                                                          • GetLastError.KERNEL32(00000000,?,00000000,00000000,0000000F,?,98000004,?,0000000C,00000000,00000000,?,00000000,00000000,?,98000004), ref: 0B46AAAF
                                                                                                                                          • WSAGetLastError.WS2_32(00000000,?,00000000,00000000,0000000F,?,98000004,?,0000000C,00000000,00000000,?,00000000,00000000,?,98000004), ref: 0B46AAB7
                                                                                                                                          • send.WS2_32(?,?,00000000,00000000), ref: 0B46AB22
                                                                                                                                            • Part of subcall function 0B2E20DC: __WSAFDIsSet.WS2_32(?,?), ref: 0B2E20E4
                                                                                                                                          • send.WS2_32(?,?,00000000,00000000), ref: 0B46AB80
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3379869403.000000000B089000.00000040.00001000.00020000.00000000.sdmp, Offset: 0B070000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B070000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5AF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5B1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5BB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5F7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_b070000_CPPlayer.jbxd
                                                                                                                                          Yara matches
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ErrorIoctlLastsend$select
                                                                                                                                          • String ID: 0u
                                                                                                                                          • API String ID: 1168164356-3203441087
                                                                                                                                          • Opcode ID: 0f82f3026a30323082f8a0486a7859aae9c2a3045249e888700e82e3121a80cb
                                                                                                                                          • Instruction ID: 82e13466934a4c4f6d534690bb3fc09cc2a9cff43e3b9bf79f6812f0d8a71fdd
                                                                                                                                          • Opcode Fuzzy Hash: 0f82f3026a30323082f8a0486a7859aae9c2a3045249e888700e82e3121a80cb
                                                                                                                                          • Instruction Fuzzy Hash: 4C51F971E54318AFEB11DBA4CC95BEEB7B8EB09700F5000A6E609F6281D7B49B44CF65
                                                                                                                                          Function 06DC6785 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 50libraryloaderCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • LoadLibraryA.KERNEL32(user32.dll,?,00000000,?,06DC5605,?,Microsoft Visual C++ Runtime Library,00012010,?,06DC85CC,?,06DC861C,?,?,?,Runtime Error!Program: ), ref: 06DC6797
                                                                                                                                          • GetProcAddress.KERNEL32(00000000,MessageBoxA), ref: 06DC67AF
                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetActiveWindow), ref: 06DC67C0
                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetLastActivePopup), ref: 06DC67CD
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361628266.0000000006DC1000.00000020.00000001.01000000.00000010.sdmp, Offset: 06DC0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361583894.0000000006DC0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361695467.0000000006DC8000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361730827.0000000006DCB000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361760959.0000000006DCD000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361801698.0000000006DCF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6dc0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: AddressProc$LibraryLoad
                                                                                                                                          • String ID: GetActiveWindow$GetLastActivePopup$MessageBoxA$user32.dll
                                                                                                                                          • API String ID: 2238633743-4044615076
                                                                                                                                          • Opcode ID: d5c73675a5298c97a77cdfdda698826712074d825e21bf434e82e25a86658ee8
                                                                                                                                          • Instruction ID: 27649fb527d820f10649a5b29e60000b8134baf954be2eefdccf329e76335c6a
                                                                                                                                          • Opcode Fuzzy Hash: d5c73675a5298c97a77cdfdda698826712074d825e21bf434e82e25a86658ee8
                                                                                                                                          • Instruction Fuzzy Hash: 58015E31E0034BAAC7808FB99C80D6A7EAAEF85671314083EB301D3641D678C445EFE2
                                                                                                                                          Function 06DE03FF Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 50libraryloaderCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • LoadLibraryA.KERNEL32(user32.dll,?,00000000,00000000,06DDF2F9,?,Microsoft Visual C++ Runtime Library,00012010,?,06DE24CC,?,06DE251C,?,?,?,Runtime Error!Program: ), ref: 06DE0411
                                                                                                                                          • GetProcAddress.KERNEL32(00000000,MessageBoxA), ref: 06DE0429
                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetActiveWindow), ref: 06DE043A
                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetLastActivePopup), ref: 06DE0447
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361849390.0000000006DD1000.00000020.00000001.01000000.00000011.sdmp, Offset: 06DD0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361827332.0000000006DD0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361960118.0000000006DE2000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361980942.0000000006DE5000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3362017883.0000000006DE8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6dd0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: AddressProc$LibraryLoad
                                                                                                                                          • String ID: GetActiveWindow$GetLastActivePopup$MessageBoxA$user32.dll
                                                                                                                                          • API String ID: 2238633743-4044615076
                                                                                                                                          • Opcode ID: 3d7e64254fd8ee30568a431a65600a42f9965516bf10c71b469e01bd59ad9754
                                                                                                                                          • Instruction ID: 7f6bc96129ff0c81c204976f2b5d5121ae5605366a2ec596d1897aeb519b4c91
                                                                                                                                          • Opcode Fuzzy Hash: 3d7e64254fd8ee30568a431a65600a42f9965516bf10c71b469e01bd59ad9754
                                                                                                                                          • Instruction Fuzzy Hash: 82014831B057056F8BD1BFB57E84A2A7BEED69CADA304042AF305D6201D6F1C555CB60
                                                                                                                                          Function 06DC6AC7 Relevance: 13.7, APIs: 9, Instructions: 177COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • LCMapStringW.KERNEL32(00000000,00000100,06DC86B0,00000001,00000000,00000000,7591E860,06DCDEA0,?,00000003,00000000,00000001,00000000,?,?,06DC6968), ref: 06DC6B09
                                                                                                                                          • LCMapStringA.KERNEL32(00000000,00000100,06DC86AC,00000001,00000000,00000000,?,?,06DC6968,?), ref: 06DC6B25
                                                                                                                                          • LCMapStringA.KERNEL32(?,?,00000000,00000001,00000000,00000003,7591E860,06DCDEA0,?,00000003,00000000,00000001,00000000,?,?,06DC6968), ref: 06DC6B6E
                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,06DCDEA1,00000000,00000001,00000000,00000000,7591E860,06DCDEA0,?,00000003,00000000,00000001,00000000,?,?,06DC6968), ref: 06DC6BA6
                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000001,00000001,00000000,?,?,00000000), ref: 06DC6BFE
                                                                                                                                          • LCMapStringW.KERNEL32(?,?,?,00000000,00000000,00000000), ref: 06DC6C14
                                                                                                                                          • LCMapStringW.KERNEL32(?,?,?,00000000,?,?), ref: 06DC6C47
                                                                                                                                          • LCMapStringW.KERNEL32(?,?,?,?,?,00000000), ref: 06DC6CAF
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361628266.0000000006DC1000.00000020.00000001.01000000.00000010.sdmp, Offset: 06DC0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361583894.0000000006DC0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361695467.0000000006DC8000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361730827.0000000006DCB000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361760959.0000000006DCD000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361801698.0000000006DCF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6dc0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: String$ByteCharMultiWide
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 352835431-0
                                                                                                                                          • Opcode ID: 8c6f7d6f293e69e6b52d24a7e5f046ba355724cf212535d752a3f9d39b5b9b46
                                                                                                                                          • Instruction ID: b47acb35fee5e0307bd0c0f8ea6dc3d44237e757fdec4f8d9ae3adfc815e4bd9
                                                                                                                                          • Opcode Fuzzy Hash: 8c6f7d6f293e69e6b52d24a7e5f046ba355724cf212535d752a3f9d39b5b9b46
                                                                                                                                          • Instruction Fuzzy Hash: F651397190024EAFCF618F95CD45EAE7FBAFB48764F104119FA15A2150D335C960EBA1
                                                                                                                                          Function 06DE0863 Relevance: 13.7, APIs: 9, Instructions: 177COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • LCMapStringW.KERNEL32(00000000,00000100,06DE2598,00000001,00000000,00000000,7591E860,06DE603C,?,00000003,00000000,00000001,00000000,?,?,06DE05DF), ref: 06DE08A5
                                                                                                                                          • LCMapStringA.KERNEL32(00000000,00000100,06DE2594,00000001,00000000,00000000,?,?,06DE05DF,?), ref: 06DE08C1
                                                                                                                                          • LCMapStringA.KERNEL32(?,?,00000000,00000001,00000000,00000003,7591E860,06DE603C,?,00000003,00000000,00000001,00000000,?,?,06DE05DF), ref: 06DE090A
                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,06DE603D,00000000,00000001,00000000,00000000,7591E860,06DE603C,?,00000003,00000000,00000001,00000000,?,?,06DE05DF), ref: 06DE0942
                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000001,00000001,00000000,?,?,00000000), ref: 06DE099A
                                                                                                                                          • LCMapStringW.KERNEL32(?,?,?,00000000,00000000,00000000), ref: 06DE09B0
                                                                                                                                          • LCMapStringW.KERNEL32(?,?,?,00000000,?,?), ref: 06DE09E3
                                                                                                                                          • LCMapStringW.KERNEL32(?,?,?,?,?,00000000), ref: 06DE0A4B
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361849390.0000000006DD1000.00000020.00000001.01000000.00000011.sdmp, Offset: 06DD0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361827332.0000000006DD0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361960118.0000000006DE2000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361980942.0000000006DE5000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3362017883.0000000006DE8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6dd0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: String$ByteCharMultiWide
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 352835431-0
                                                                                                                                          • Opcode ID: 7e5b6aba2848a1c5d549be10f0ce649b861b849e742b653002801de374dd5bfd
                                                                                                                                          • Instruction ID: cd233545465435ccc962715f60532c7f7fa7fb0b3896da48974aef1cce956607
                                                                                                                                          • Opcode Fuzzy Hash: 7e5b6aba2848a1c5d549be10f0ce649b861b849e742b653002801de374dd5bfd
                                                                                                                                          • Instruction Fuzzy Hash: 4D51DF32940209FFDF62AF95CC85EEE7FB9FB48754F144219FA11A5250D3B28960DBA0
                                                                                                                                          Function 069AA760 Relevance: 13.7, APIs: 9, Instructions: 164COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • ?ID3_RemoveComments@@YAIPAVID3_Tag@@PBD@Z.ID3LIB(?,?,6E79B076,?,?,?,?,?,?,069F730B,000000FF), ref: 069AA7C9
                                                                                                                                          • ?CreateIterator@ID3_Tag@@QAEPAVIterator@1@XZ.ID3LIB(6E79B076,?,?,?,?,?,?,069F730B,000000FF), ref: 069AA7D8
                                                                                                                                          • ?GetID@ID3_Frame@@QBE?AW4ID3_FrameID@@XZ.ID3LIB(?,?,?,?,?,?,069F730B,000000FF), ref: 069AA7F2
                                                                                                                                          • ?ID3_GetString@@YAPADPBVID3_Frame@@W4ID3_FieldID@@@Z.ID3LIB(00000000,00000005,?,?,?,?,?,?,069F730B,000000FF), ref: 069AA7FF
                                                                                                                                          • ??0ID3_Frame@@QAE@W4ID3_FrameID@@@Z.ID3LIB(00000004), ref: 069AA887
                                                                                                                                          • ?GetField@ID3_Frame@@QBEPAVID3_Field@@W4ID3_FieldID@@@Z.ID3LIB(0000000A,?,?,?,?,?,?,?,?,?,?,000000FF), ref: 069AA89E
                                                                                                                                          • ?GetField@ID3_Frame@@QBEPAVID3_Field@@W4ID3_FieldID@@@Z.ID3LIB(00000005,?,?,?,?,?,?,?,?,?,?,000000FF), ref: 069AA8B5
                                                                                                                                          • ?GetField@ID3_Frame@@QBEPAVID3_Field@@W4ID3_FieldID@@@Z.ID3LIB(00000002,?,?,?,?,?,?,?,?,?,?,000000FF), ref: 069AA8C8
                                                                                                                                          • ?AttachFrame@ID3_Tag@@QAE_NPAVID3_Frame@@@Z.ID3LIB(00000000,?,?,?,?,?,?,?,?,?,?,000000FF), ref: 069AA8DE
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Frame@@$D@@@$Field$Field@Field@@Tag@@$Frame$AttachComments@@CreateFrame@Frame@@@Iterator@Iterator@1@RemoveString@@
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 399940469-0
                                                                                                                                          • Opcode ID: 4236e373c03875fd2657e8c0feaf5db39344aa021e0488b7b5c1eeb390c86a84
                                                                                                                                          • Instruction ID: 0534730529057e088b95d504a73e4705bb2512314c799f60d6297a688265575f
                                                                                                                                          • Opcode Fuzzy Hash: 4236e373c03875fd2657e8c0feaf5db39344aa021e0488b7b5c1eeb390c86a84
                                                                                                                                          • Instruction Fuzzy Hash: 02412571B547819FC795DB2C8C50A3E73D6AFC9620F280618E8568BB80EB25D903C7D1
                                                                                                                                          Function 06DB34D0 Relevance: 13.6, APIs: 9, Instructions: 93sleepCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361426622.0000000006DB1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 06DB0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361402305.0000000006DB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361483658.0000000006DB6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361523421.0000000006DB8000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361556198.0000000006DB9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6db0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: pthread_testcancel$Sleep
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1596435062-0
                                                                                                                                          • Opcode ID: 68f026938a03daec9f21ef0c7171970b86a7ebfc9c456ddbdea664eebe5808fb
                                                                                                                                          • Instruction ID: 5812192ec70db04f50a0fdffec7aa4d41507f4a92562c4d8ae5c0348e055c5d8
                                                                                                                                          • Opcode Fuzzy Hash: 68f026938a03daec9f21ef0c7171970b86a7ebfc9c456ddbdea664eebe5808fb
                                                                                                                                          • Instruction Fuzzy Hash: AD21A172A00500CBDBA4EB2DED51AFB73E4EF80B15F85143DE847CB348F625E91996A1
                                                                                                                                          Function 06DB2430 Relevance: 13.6, APIs: 9, Instructions: 88COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • sem_wait.PTHREADVC2(?), ref: 06DB2478
                                                                                                                                          • _errno.MSVCRT ref: 06DB2484
                                                                                                                                            • Part of subcall function 06DB1FF0: EnterCriticalSection.KERNEL32(06DB8100,?,06DB245E,?), ref: 06DB1FF8
                                                                                                                                            • Part of subcall function 06DB1FF0: pthread_cond_init.PTHREADVC2(00000000,00000000), ref: 06DB200B
                                                                                                                                            • Part of subcall function 06DB1FF0: LeaveCriticalSection.KERNEL32(06DB8100), ref: 06DB201A
                                                                                                                                          • sem_post.PTHREADVC2(?), ref: 06DB2498
                                                                                                                                          • _errno.MSVCRT ref: 06DB24A4
                                                                                                                                          • ptw32_push_cleanup.PTHREADVC2(?,06DB2530,?), ref: 06DB24D5
                                                                                                                                            • Part of subcall function 06DB1FB0: pthread_getspecific.PTHREADVC2(01BF0590), ref: 06DB1FC9
                                                                                                                                            • Part of subcall function 06DB1FB0: pthread_setspecific.PTHREADVC2(01BF0590,?,01BF0590), ref: 06DB1FD8
                                                                                                                                          • pthread_mutex_unlock.PTHREADVC2(?,?,06DB2530,?), ref: 06DB24DB
                                                                                                                                            • Part of subcall function 06DB3360: InterlockedExchange.KERNEL32(?,00000000), ref: 06DB3376
                                                                                                                                          • sem_timedwait.PTHREADVC2(?,?), ref: 06DB24F4
                                                                                                                                            • Part of subcall function 06DB48B0: pthread_testcancel.PTHREADVC2 ref: 06DB48C5
                                                                                                                                            • Part of subcall function 06DB48B0: _errno.MSVCRT ref: 06DB48D6
                                                                                                                                          • _errno.MSVCRT ref: 06DB2500
                                                                                                                                          • ptw32_pop_cleanup.PTHREADVC2(00000001), ref: 06DB250E
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361426622.0000000006DB1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 06DB0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361402305.0000000006DB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361483658.0000000006DB6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361523421.0000000006DB8000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361556198.0000000006DB9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6db0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: _errno$CriticalSection$EnterExchangeInterlockedLeavepthread_cond_initpthread_getspecificpthread_mutex_unlockpthread_setspecificpthread_testcancelptw32_pop_cleanupptw32_push_cleanupsem_postsem_timedwaitsem_wait
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2196959536-0
                                                                                                                                          • Opcode ID: 7ec40c3af8df99793ea8fc2e91bb3227c04f3b2ad542f68dcf1d525ceee5a25d
                                                                                                                                          • Instruction ID: f9dfe2ffc9eb27f329cf6bfaf243b5432c8ee3033863ca4445189c93e42ea83d
                                                                                                                                          • Opcode Fuzzy Hash: 7ec40c3af8df99793ea8fc2e91bb3227c04f3b2ad542f68dcf1d525ceee5a25d
                                                                                                                                          • Instruction Fuzzy Hash: 7C219E76A04201DBD750EF29EC906AF77E4EF94314F48592DE89A83359E730E604CAA3
                                                                                                                                          Function 06DB5110 Relevance: 13.6, APIs: 9, Instructions: 77sleepCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • pthread_mutex_lock.PTHREADVC2(01BF0598,?,?,?,?,06DB1228,01BF0590,06DB11B3), ref: 06DB5132
                                                                                                                                          • pthread_mutex_unlock.PTHREADVC2(00000028,00000000,?,06DB11B3), ref: 06DB5162
                                                                                                                                            • Part of subcall function 06DB3360: InterlockedExchange.KERNEL32(?,00000000), ref: 06DB3376
                                                                                                                                          • pthread_mutex_lock.PTHREADVC2(00000028,06DB11B3), ref: 06DB514F
                                                                                                                                            • Part of subcall function 06DB1450: free.MSVCRT ref: 06DB14B0
                                                                                                                                          • pthread_mutex_unlock.PTHREADVC2(01BF0598,06DB11B3), ref: 06DB517C
                                                                                                                                          • TlsFree.KERNEL32(00000000,?,?,?,?,06DB1228,01BF0590,06DB11B3), ref: 06DB5187
                                                                                                                                          • pthread_mutex_destroy.PTHREADVC2(01BF0598,?,?,?,?,06DB1228,01BF0590,06DB11B3), ref: 06DB5198
                                                                                                                                          • Sleep.KERNEL32(00000000,06DB11B3), ref: 06DB51AD
                                                                                                                                          • pthread_mutex_destroy.PTHREADVC2(01BF0598), ref: 06DB51B0
                                                                                                                                          • free.MSVCRT ref: 06DB51BE
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361426622.0000000006DB1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 06DB0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361402305.0000000006DB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361483658.0000000006DB6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361523421.0000000006DB8000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361556198.0000000006DB9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6db0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: freepthread_mutex_destroypthread_mutex_lockpthread_mutex_unlock$ExchangeFreeInterlockedSleep
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 266760385-0
                                                                                                                                          • Opcode ID: fb326805ca39ae63b6582d7a103c65f30014cf6b911ce2ca17ac9731303aebbe
                                                                                                                                          • Instruction ID: 429ac3a5f61090920fa44925d28e523581d95491a08e2f5ad2679baacca65d32
                                                                                                                                          • Opcode Fuzzy Hash: fb326805ca39ae63b6582d7a103c65f30014cf6b911ce2ca17ac9731303aebbe
                                                                                                                                          • Instruction Fuzzy Hash: 05118BB6E01110DBEBE0AF65BC80AAB7358DE0559470D6064ED1B9F20DFB21F514C6B2
                                                                                                                                          Function 06DB45A0 Relevance: 13.6, APIs: 9, Instructions: 71COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361426622.0000000006DB1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 06DB0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361402305.0000000006DB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361483658.0000000006DB6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361523421.0000000006DB8000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361556198.0000000006DB9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6db0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: _errno
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2918714741-0
                                                                                                                                          • Opcode ID: ccc96adab06493681ded5871a86f98efdb02ee3cac903c9c64a35a4b605a3d03
                                                                                                                                          • Instruction ID: cad4145fd6ce15f2cfc481d039009cf0b5e462a3117b079359be23d244500cad
                                                                                                                                          • Opcode Fuzzy Hash: ccc96adab06493681ded5871a86f98efdb02ee3cac903c9c64a35a4b605a3d03
                                                                                                                                          • Instruction Fuzzy Hash: 5C118E76A04200DFD7505B2AF8047EA37E6AF81731F161325FA6AC73D9D730D84286A2
                                                                                                                                          Function 069929F0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 155COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,F23B576D), ref: 069929F9
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,C0104754), ref: 06992A91
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,5B40A19F), ref: 06992AA6
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,6AE4AB71), ref: 06992AB8
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ?getCharEnd@Reader@io@dami@@
                                                                                                                                          • String ID: OleAut32$mscoree$ntdll
                                                                                                                                          • API String ID: 495049384-3596425917
                                                                                                                                          • Opcode ID: ee9d614c7726888eb8b607d5d23b3206760c6613558c1b81879d267cfac43769
                                                                                                                                          • Instruction ID: c25f11cca0c55e764e6b0d594ce5c4cee47da8b1d1d36aece36f28f7e310a917
                                                                                                                                          • Opcode Fuzzy Hash: ee9d614c7726888eb8b607d5d23b3206760c6613558c1b81879d267cfac43769
                                                                                                                                          • Instruction Fuzzy Hash: AB615F31D18298EEEF51CBE8D844BEDBBF4AF09314F10409AE558FB291D7B50A84CB25
                                                                                                                                          Function 069929F5 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 152COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,F23B576D), ref: 069929F9
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,C0104754), ref: 06992A91
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,5B40A19F), ref: 06992AA6
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,6AE4AB71), ref: 06992AB8
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ?getCharEnd@Reader@io@dami@@
                                                                                                                                          • String ID: OleAut32$mscoree$ntdll
                                                                                                                                          • API String ID: 495049384-3596425917
                                                                                                                                          • Opcode ID: 812583a8786ee5614b3f25a9005ad2a42e698dd04c59b86ccf7b0288720dad12
                                                                                                                                          • Instruction ID: 153047107ed3a678d41194568a9f614ba929c29c6b1e901e1ec28858fff6d628
                                                                                                                                          • Opcode Fuzzy Hash: 812583a8786ee5614b3f25a9005ad2a42e698dd04c59b86ccf7b0288720dad12
                                                                                                                                          • Instruction Fuzzy Hash: 2D614E31D18298EEEF51CBE8D844BEDBBF5AF09314F10409AE558FB291D7B50A84CB25
                                                                                                                                          Function 06992A1D Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 141COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,C0104754), ref: 06992A91
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,5B40A19F), ref: 06992AA6
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,6AE4AB71), ref: 06992AB8
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ?getCharEnd@Reader@io@dami@@
                                                                                                                                          • String ID: OleAut32$e$mscoree$ntdll
                                                                                                                                          • API String ID: 495049384-2490165647
                                                                                                                                          • Opcode ID: c238d7e943c38f5d87f5508e2d2dd1498ab7aaaf8401f37f1a01317bfed1843d
                                                                                                                                          • Instruction ID: 4be06ce38eaa3965a835b3ee7755065f72a51746f7084266432617ba6bd52c30
                                                                                                                                          • Opcode Fuzzy Hash: c238d7e943c38f5d87f5508e2d2dd1498ab7aaaf8401f37f1a01317bfed1843d
                                                                                                                                          • Instruction Fuzzy Hash: C0514E31D14298EEEF51CBE8D845BEDBBB4AF09314F20409AE518FB291D7B50A84CF25
                                                                                                                                          Function 06DC54E1 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 100fileCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • GetModuleFileNameA.KERNEL32(00000000,?,00000104,00000010), ref: 06DC554E
                                                                                                                                          • GetStdHandle.KERNEL32(000000F4,06DC85CC,00000000,?,00000000,00000010), ref: 06DC5624
                                                                                                                                          • WriteFile.KERNEL32(00000000), ref: 06DC562B
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361628266.0000000006DC1000.00000020.00000001.01000000.00000010.sdmp, Offset: 06DC0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361583894.0000000006DC0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361695467.0000000006DC8000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361730827.0000000006DCB000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361760959.0000000006DCD000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361801698.0000000006DCF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6dc0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: File$HandleModuleNameWrite
                                                                                                                                          • String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program:
                                                                                                                                          • API String ID: 3784150691-4022980321
                                                                                                                                          • Opcode ID: c15771ae29ccf5a56b07b31babdb9420cbf35da2091012f687b7c3efc0e409ea
                                                                                                                                          • Instruction ID: 09a6965b7c0cba0e5caef122cb99eed1d08f854ed23915b9ff4e97ddcae42c06
                                                                                                                                          • Opcode Fuzzy Hash: c15771ae29ccf5a56b07b31babdb9420cbf35da2091012f687b7c3efc0e409ea
                                                                                                                                          • Instruction Fuzzy Hash: D431FC72A4020FAEDBA09AA4AC45FAA776DEB85320F54015EF540A3040EA70E5A0CAA1
                                                                                                                                          Function 06DDF1D5 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 100fileCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?), ref: 06DDF242
                                                                                                                                          • GetStdHandle.KERNEL32(000000F4,06DE24CC,00000000,?,00000000,?), ref: 06DDF318
                                                                                                                                          • WriteFile.KERNEL32(00000000), ref: 06DDF31F
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361849390.0000000006DD1000.00000020.00000001.01000000.00000011.sdmp, Offset: 06DD0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361827332.0000000006DD0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361960118.0000000006DE2000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361980942.0000000006DE5000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3362017883.0000000006DE8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6dd0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: File$HandleModuleNameWrite
                                                                                                                                          • String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program:
                                                                                                                                          • API String ID: 3784150691-4022980321
                                                                                                                                          • Opcode ID: 9b474882e21824cde3f38ae134c3550cdb1e69db3757136e723ef8a1194ab158
                                                                                                                                          • Instruction ID: db037eb1f85ccdb76f7cdc39d2c44db3c8a24057e1fe3cdb76d997efe4d09217
                                                                                                                                          • Opcode Fuzzy Hash: 9b474882e21824cde3f38ae134c3550cdb1e69db3757136e723ef8a1194ab158
                                                                                                                                          • Instruction Fuzzy Hash: 4731E172A00208AFDFB0FB60DD45FAE776EEF45304F540556F656DA040EAB0E784CA62
                                                                                                                                          Function 0699A710 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 99COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 0699A73C
                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 0699A762
                                                                                                                                          • std::bad_exception::bad_exception.LIBCMT ref: 0699A7EA
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 0699A7F9
                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 0699A80E
                                                                                                                                          • std::locale::facet::facet_Register.LIBCPMT ref: 0699A829
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: LockitLockit::_std::_$Exception@8RegisterThrowstd::bad_exception::bad_exceptionstd::locale::facet::facet_
                                                                                                                                          • String ID: bad cast
                                                                                                                                          • API String ID: 2820251361-3145022300
                                                                                                                                          • Opcode ID: 829198a0ecae80962806a2ddef06df859014b305b17f7fa98d27c1b9c3a41644
                                                                                                                                          • Instruction ID: a98852691e572a5d14742852063ad094df3cf101c3c6b671a5c21a5653cf112d
                                                                                                                                          • Opcode Fuzzy Hash: 829198a0ecae80962806a2ddef06df859014b305b17f7fa98d27c1b9c3a41644
                                                                                                                                          • Instruction Fuzzy Hash: EB31AE359043409FDB94EF18D881B6A77F4FB84730F440A1DE96297AD1DB34AD06CBA2
                                                                                                                                          Function 069B0CF0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 99COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 069B0D1C
                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 069B0D42
                                                                                                                                          • std::bad_exception::bad_exception.LIBCMT ref: 069B0DCA
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 069B0DD9
                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 069B0DEE
                                                                                                                                          • std::locale::facet::facet_Register.LIBCPMT ref: 069B0E09
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: LockitLockit::_std::_$Exception@8RegisterThrowstd::bad_exception::bad_exceptionstd::locale::facet::facet_
                                                                                                                                          • String ID: bad cast
                                                                                                                                          • API String ID: 2820251361-3145022300
                                                                                                                                          • Opcode ID: dca77f57befc36d3aa8455f673c69f0dcae30f43a6d45f22dc32932ad2f9de1f
                                                                                                                                          • Instruction ID: a0893ee729cb4d5b08f15f51858f2ee13516e569203bfdb15ef417103fbf8533
                                                                                                                                          • Opcode Fuzzy Hash: dca77f57befc36d3aa8455f673c69f0dcae30f43a6d45f22dc32932ad2f9de1f
                                                                                                                                          • Instruction Fuzzy Hash: 7931A2315043009FD7D4EF14E980B9BB7E4BB84330F581A1EE9A297AD1DB30A845CB92
                                                                                                                                          Function 0699A8B0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 0699A8FF
                                                                                                                                            • Part of subcall function 069C3E33: RaiseException.KERNEL32(?,?,069C2685,?,?,?,?,?,069C2685,?,06A06B84,06A1EB6C), ref: 069C3E75
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 0699A942
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 0699A985
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 0699A9C3
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Exception@8Throw$ExceptionRaise
                                                                                                                                          • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                          • API String ID: 3476068407-1866435925
                                                                                                                                          • Opcode ID: d33896d504342c34a85ea02daa849b772a68d996b5a013d8dff4f75a26227efc
                                                                                                                                          • Instruction ID: 9e68b55e0ecda3520c6374de307cc52de170a707f0bd92937f240ae938a12476
                                                                                                                                          • Opcode Fuzzy Hash: d33896d504342c34a85ea02daa849b772a68d996b5a013d8dff4f75a26227efc
                                                                                                                                          • Instruction Fuzzy Hash: EA218F71058340AFD3D4EB24CC41FABB7E8BFC4750F55890DB2AA82990EB759509CB23
                                                                                                                                          Function 069929B4 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 51COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,85557334), ref: 069929E7
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,F23B576D), ref: 069929F9
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ?getCharEnd@Reader@io@dami@@
                                                                                                                                          • String ID: 8$OleAut32$mscoree$ntdll
                                                                                                                                          • API String ID: 495049384-2361160079
                                                                                                                                          • Opcode ID: 6c41c6856424cd458055f4c2232fd1977ae4340bb7f84f7d4a4431e6fd6542bb
                                                                                                                                          • Instruction ID: ff0a96b2b2cd18c980eacfef084e91165f7bbe3c1de16d96e605b43477b755a0
                                                                                                                                          • Opcode Fuzzy Hash: 6c41c6856424cd458055f4c2232fd1977ae4340bb7f84f7d4a4431e6fd6542bb
                                                                                                                                          • Instruction Fuzzy Hash: 7B219B20C0C3C8D9EF12D7A8D8487CDBFB65F26318F1841D9D5947A292D7BA0658CB7A
                                                                                                                                          Function 069C2160 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 44COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • __EH_prolog3.LIBCMT ref: 069C2167
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 069C2192
                                                                                                                                            • Part of subcall function 069C3E33: RaiseException.KERNEL32(?,?,069C2685,?,?,?,?,?,069C2685,?,06A06B84,06A1EB6C), ref: 069C3E75
                                                                                                                                          • __EH_prolog3.LIBCMT ref: 069C219F
                                                                                                                                          • std::bad_exception::bad_exception.LIBCMT ref: 069C21BC
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 069C21CA
                                                                                                                                          Strings
                                                                                                                                          • invalid string position, xrefs: 069C216C
                                                                                                                                          • invalid string argument, xrefs: 069C21A4
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Exception@8H_prolog3Throw$ExceptionRaisestd::bad_exception::bad_exception
                                                                                                                                          • String ID: invalid string argument$invalid string position
                                                                                                                                          • API String ID: 3613313771-3740083952
                                                                                                                                          • Opcode ID: e1a0a217c1c33dfd89704fd6fec9d22b94286aab02d63f40497fe574a4126a44
                                                                                                                                          • Instruction ID: b47736d384fa859b15988f6ed9b4cb64dc95bbfa80809e044ec023d410844ffd
                                                                                                                                          • Opcode Fuzzy Hash: e1a0a217c1c33dfd89704fd6fec9d22b94286aab02d63f40497fe574a4126a44
                                                                                                                                          • Instruction Fuzzy Hash: 2E012172920248A7CBC0FBD4DC11EEE777CAB94761F050459A215A7980DBB09A04C765
                                                                                                                                          Function 07311010 Relevance: 12.2, APIs: 8, Instructions: 180COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • _malloc.LIBCMT ref: 07311065
                                                                                                                                          • #209.CPKERNEL(86001E03), ref: 07311073
                                                                                                                                          • #204.CPKERNEL(?,?,?), ref: 0731108C
                                                                                                                                          • av_rdft_init.AVCODEC-55(00000009,00000000), ref: 073110D7
                                                                                                                                          • av_mallocz.AVUTIL-52(00002000), ref: 073110F1
                                                                                                                                          • av_rdft_calc.AVCODEC-55(?,?), ref: 073111C0
                                                                                                                                          • av_rdft_end.AVCODEC-55(?), ref: 07311201
                                                                                                                                          • av_free.AVUTIL-52(?), ref: 0731121C
                                                                                                                                            • Part of subcall function 07313D59: __lock.LIBCMT ref: 07313D77
                                                                                                                                            • Part of subcall function 07313D59: ___sbh_find_block.LIBCMT ref: 07313D82
                                                                                                                                            • Part of subcall function 07313D59: ___sbh_free_block.LIBCMT ref: 07313D91
                                                                                                                                            • Part of subcall function 07313D59: HeapFree.KERNEL32(00000000,00000214,07322450,0000000C,07314986,00000000,073224B0,0000000C,073149C0,00000214,-0000000E,?,0731BAE6,00000004,073226C0,0000000C), ref: 07313DC1
                                                                                                                                            • Part of subcall function 07313D59: GetLastError.KERNEL32(?,0731BAE6,00000004,073226C0,0000000C,07318589,00000214,00000001,00000000,00000000,00000000,?,07317EC8,00000001,00000214), ref: 07313DD2
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3364461439.0000000007311000.00000020.00000001.01000000.00000012.sdmp, Offset: 07310000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3364405182.0000000007310000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364564894.0000000007320000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364633835.0000000007324000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364663478.0000000007327000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_7310000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: #204#209ErrorFreeHeapLast___sbh_find_block___sbh_free_block__lock_mallocav_freeav_malloczav_rdft_calcav_rdft_endav_rdft_init
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1759391195-0
                                                                                                                                          • Opcode ID: 8ae381cab051e8ef4b31970286a5fbcf833f68e9786c56af4ede046825b1e0dc
                                                                                                                                          • Instruction ID: 59ccadb1f8b527a6f498fd89fbb84c510bf0ea5b5e7cf119c58202709d2b5e3e
                                                                                                                                          • Opcode Fuzzy Hash: 8ae381cab051e8ef4b31970286a5fbcf833f68e9786c56af4ede046825b1e0dc
                                                                                                                                          • Instruction Fuzzy Hash: 8751ADF1E0434A9BE315EF14D8496AAF7F4FB84340F510D5DE48996261F731E628CAD2
                                                                                                                                          Function 07313880 Relevance: 12.1, APIs: 8, Instructions: 143sleepCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • _malloc.LIBCMT ref: 07313893
                                                                                                                                            • Part of subcall function 07313C8F: __FF_MSGBANNER.LIBCMT ref: 07313CB2
                                                                                                                                            • Part of subcall function 07313C8F: __NMSG_WRITE.LIBCMT ref: 07313CB9
                                                                                                                                            • Part of subcall function 07313C8F: HeapAlloc.KERNEL32(00000000,00000205,00000001,00000000,00000000,?,0731853F,00000214,00000001,00000214,?,0731492F,00000018,073224B0,0000000C,073149C0), ref: 07313D06
                                                                                                                                          • _memset.LIBCMT ref: 073138A9
                                                                                                                                          • waveOutUnprepareHeader.WINMM(00000000,?,00000020), ref: 07313943
                                                                                                                                          • waveOutPrepareHeader.WINMM(00000000,?,00000020), ref: 07313981
                                                                                                                                          • waveOutWrite.WINMM(?,?,00000020), ref: 0731398D
                                                                                                                                          • EnterCriticalSection.KERNEL32(?,?,?,00000020), ref: 07313997
                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 073139A1
                                                                                                                                          • Sleep.KERNEL32(00000005), ref: 073139B2
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3364461439.0000000007311000.00000020.00000001.01000000.00000012.sdmp, Offset: 07310000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3364405182.0000000007310000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364564894.0000000007320000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364633835.0000000007324000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364663478.0000000007327000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_7310000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: wave$CriticalHeaderSection$AllocEnterHeapLeavePrepareSleepUnprepareWrite_malloc_memset
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3549219060-0
                                                                                                                                          • Opcode ID: 887bee45ae0b05979fabb24b3f06958409c1fb95462b38bcaa8df0a894e01db4
                                                                                                                                          • Instruction ID: 59c410efb4c2afb14b3ce31ae07eccded5897f2192385be2e651ca8299d2cc43
                                                                                                                                          • Opcode Fuzzy Hash: 887bee45ae0b05979fabb24b3f06958409c1fb95462b38bcaa8df0a894e01db4
                                                                                                                                          • Instruction Fuzzy Hash: C8417CF16007069BE328DF65D989B1BB7A9FF84714F00492DE98943641D374F809CB92
                                                                                                                                          Function 06DC5370 Relevance: 12.1, APIs: 8, Instructions: 132COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,06DC3693), ref: 06DC538B
                                                                                                                                          • GetEnvironmentStrings.KERNEL32(?,?,?,?,06DC3693), ref: 06DC539F
                                                                                                                                          • GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,06DC3693), ref: 06DC53CB
                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,?,?,?,?,?,?,06DC3693), ref: 06DC5403
                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,?,?,06DC3693), ref: 06DC5425
                                                                                                                                          • FreeEnvironmentStringsW.KERNEL32(00000000,?,?,?,?,06DC3693), ref: 06DC543E
                                                                                                                                          • GetEnvironmentStrings.KERNEL32(?,?,?,?,?,?,06DC3693), ref: 06DC5451
                                                                                                                                          • FreeEnvironmentStringsA.KERNEL32(00000000), ref: 06DC548F
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361628266.0000000006DC1000.00000020.00000001.01000000.00000010.sdmp, Offset: 06DC0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361583894.0000000006DC0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361695467.0000000006DC8000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361730827.0000000006DCB000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361760959.0000000006DCD000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361801698.0000000006DCF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6dc0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: EnvironmentStrings$ByteCharFreeMultiWide
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1823725401-0
                                                                                                                                          • Opcode ID: fc28a68b3d9cfed1142c753026df9dfc23f988b8897046609816064930f20f8d
                                                                                                                                          • Instruction ID: 36bd71f7d9cadd1198a225fff15260b0d0d66af08b601f690d734a154b03e8a7
                                                                                                                                          • Opcode Fuzzy Hash: fc28a68b3d9cfed1142c753026df9dfc23f988b8897046609816064930f20f8d
                                                                                                                                          • Instruction Fuzzy Hash: 6A3128B291C21F5FD7A03F757CC483FBA9DEA49175715052DF642C3200EA61ACB196B1
                                                                                                                                          Function 06DDF064 Relevance: 12.1, APIs: 8, Instructions: 132COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,06DDC210), ref: 06DDF07F
                                                                                                                                          • GetEnvironmentStrings.KERNEL32(?,?,?,?,06DDC210), ref: 06DDF093
                                                                                                                                          • GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,06DDC210), ref: 06DDF0BF
                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,?,?,?,?,?,?,06DDC210), ref: 06DDF0F7
                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,?,?,06DDC210), ref: 06DDF119
                                                                                                                                          • FreeEnvironmentStringsW.KERNEL32(00000000,?,?,?,?,06DDC210), ref: 06DDF132
                                                                                                                                          • GetEnvironmentStrings.KERNEL32(?,?,?,?,?,?,06DDC210), ref: 06DDF145
                                                                                                                                          • FreeEnvironmentStringsA.KERNEL32(00000000), ref: 06DDF183
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361849390.0000000006DD1000.00000020.00000001.01000000.00000011.sdmp, Offset: 06DD0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361827332.0000000006DD0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361960118.0000000006DE2000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361980942.0000000006DE5000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3362017883.0000000006DE8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6dd0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: EnvironmentStrings$ByteCharFreeMultiWide
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1823725401-0
                                                                                                                                          • Opcode ID: c84983ea0c3175d9eccc3819d5c4fe18c716334e02156652426d5146661c339d
                                                                                                                                          • Instruction ID: 0c78f76b1cc7c3ad63ef48313d6ee3e4bbcb2ff94990e1caaf764d6a56ebf349
                                                                                                                                          • Opcode Fuzzy Hash: c84983ea0c3175d9eccc3819d5c4fe18c716334e02156652426d5146661c339d
                                                                                                                                          • Instruction Fuzzy Hash: DE3127F2D142657FD7B03FB5EC8483B76AEEB496987050929F697C3240E6A18C40C2B1
                                                                                                                                          Function 06DB2530 Relevance: 12.1, APIs: 8, Instructions: 117COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • pthread_mutex_lock.PTHREADVC2(?), ref: 06DB2547
                                                                                                                                          • pthread_mutex_unlock.PTHREADVC2(?), ref: 06DB25D8
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361426622.0000000006DB1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 06DB0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361402305.0000000006DB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361483658.0000000006DB6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361523421.0000000006DB8000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361556198.0000000006DB9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6db0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: pthread_mutex_lockpthread_mutex_unlock
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3887897452-0
                                                                                                                                          • Opcode ID: fc4025b6d7fe2db8a59bbbcc3e506846a4454540d9437d5ba296ae3ae5535a1b
                                                                                                                                          • Instruction ID: 7deb28ca17bdb830aec9a60c6263fddd4724b65ab8a0fad235301a830b572881
                                                                                                                                          • Opcode Fuzzy Hash: fc4025b6d7fe2db8a59bbbcc3e506846a4454540d9437d5ba296ae3ae5535a1b
                                                                                                                                          • Instruction Fuzzy Hash: 133190B7A05301CFD754DF16F8809BAB7E4EF84261B14153EE94783749EB31E505CAA1
                                                                                                                                          Function 06DB3200 Relevance: 12.1, APIs: 8, Instructions: 110COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • InterlockedExchange.KERNEL32(?,00000001), ref: 06DB3230
                                                                                                                                          • InterlockedExchange.KERNEL32(?,000000FF), ref: 06DB323D
                                                                                                                                          • InterlockedExchange.KERNEL32(?,000000FF), ref: 06DB3263
                                                                                                                                            • Part of subcall function 06DB2DB0: EnterCriticalSection.KERNEL32(06DB8120,06DB526B,06DB30D7,06DB526B,?,?,06DB526B,?), ref: 06DB2DB8
                                                                                                                                            • Part of subcall function 06DB2DB0: pthread_mutex_init.PTHREADVC2(?,00000000), ref: 06DB2DCB
                                                                                                                                            • Part of subcall function 06DB2DB0: LeaveCriticalSection.KERNEL32(06DB8120), ref: 06DB2DDA
                                                                                                                                          • pthread_self.PTHREADVC2 ref: 06DB326E
                                                                                                                                            • Part of subcall function 06DB2A40: pthread_getspecific.PTHREADVC2(01BF0578,00000000,5604C483,?,06DB3435), ref: 06DB2A49
                                                                                                                                          • InterlockedCompareExchange.KERNEL32(?,00000001,00000000), ref: 06DB3280
                                                                                                                                          • pthread_equal.PTHREADVC2(?,?,00000000), ref: 06DB3294
                                                                                                                                          • InterlockedExchange.KERNEL32(?,000000FF), ref: 06DB32C0
                                                                                                                                          • InterlockedExchange.KERNEL32(?,000000FF), ref: 06DB32E2
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361426622.0000000006DB1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 06DB0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361402305.0000000006DB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361483658.0000000006DB6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361523421.0000000006DB8000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361556198.0000000006DB9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6db0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ExchangeInterlocked$CriticalSection$CompareEnterLeavepthread_equalpthread_getspecificpthread_mutex_initpthread_self
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2763572361-0
                                                                                                                                          • Opcode ID: 92c945f366f7630615c78ec2d74de0a3bacdd2506840ba06c30d2ff9912dcf97
                                                                                                                                          • Instruction ID: a9497df60447d1cfaec283cf0854f3a947e85c7cc5e1433be9cbb7f7f4092db6
                                                                                                                                          • Opcode Fuzzy Hash: 92c945f366f7630615c78ec2d74de0a3bacdd2506840ba06c30d2ff9912dcf97
                                                                                                                                          • Instruction Fuzzy Hash: 9331D772B00711DBD7709F6AAC40EA773DCDF41671B115A29FA62D2688EB31E401ABF1
                                                                                                                                          Function 069A9AE0 Relevance: 12.1, APIs: 8, Instructions: 92COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • ?ID3_RemovePictureType@@YAIPAVID3_Tag@@W4ID3_PictureType@@@Z.ID3LIB(?,?,?,?,?,?,?,?,?,6E79B076,?,?,?,?,069F71EB,000000FF), ref: 069A9B1E
                                                                                                                                          • ?Find@ID3_Tag@@QBEPAVID3_Frame@@W4ID3_FrameID@@@Z.ID3LIB(00000002,?,?,?,?,?,?,?,6E79B076,?,?,?,?,069F71EB,000000FF), ref: 069A9B2C
                                                                                                                                          • ??0ID3_Frame@@QAE@W4ID3_FrameID@@@Z.ID3LIB(00000002,?,?,?,?,?,?,?,000000FF), ref: 069A9B57
                                                                                                                                          • ?GetField@ID3_Frame@@QBEPAVID3_Field@@W4ID3_FieldID@@@Z.ID3LIB(00000004,?,?,?,?,?,?,?,000000FF), ref: 069A9B72
                                                                                                                                          • ?GetField@ID3_Frame@@QBEPAVID3_Field@@W4ID3_FieldID@@@Z.ID3LIB(0000000D,?,?,?,?,?,?,?,000000FF), ref: 069A9B89
                                                                                                                                          • ?GetField@ID3_Frame@@QBEPAVID3_Field@@W4ID3_FieldID@@@Z.ID3LIB(0000000B,?,?,?,?,?,?,?,000000FF), ref: 069A9BA0
                                                                                                                                          • ?GetField@ID3_Frame@@QBEPAVID3_Field@@W4ID3_FieldID@@@Z.ID3LIB(00000005,?,?,?,?,?,?,?,000000FF), ref: 069A9BB3
                                                                                                                                          • ?AttachFrame@ID3_Tag@@QAE_NPAVID3_Frame@@@Z.ID3LIB(00000000,?,?,?,?,?,?,?,000000FF), ref: 069A9BC9
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: D@@@Frame@@$FieldField@Field@@$Tag@@$FramePicture$AttachFind@Frame@Frame@@@RemoveType@@Type@@@
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2222395500-0
                                                                                                                                          • Opcode ID: 0be45de484f400f7448c10c2f2a3e75ddf803ce5d70e4e88f2738754b9c9e069
                                                                                                                                          • Instruction ID: ea59f93b1996d3afe1e4f745ddd4b4b3ac8d91550f9bcfae20e1b094772d6502
                                                                                                                                          • Opcode Fuzzy Hash: 0be45de484f400f7448c10c2f2a3e75ddf803ce5d70e4e88f2738754b9c9e069
                                                                                                                                          • Instruction Fuzzy Hash: 74212F71728710AFDB94DB68DC91B2E73D9BBCDA10F100619E5569B780DB34DD0287E2
                                                                                                                                          Function 069AA2F0 Relevance: 12.1, APIs: 8, Instructions: 89COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • ?ID3_RemoveArtists@@YAIPAVID3_Tag@@@Z.ID3LIB(?,6E79B076,?,?,?,?,069F724B,000000FF), ref: 069AA348
                                                                                                                                          • ?Find@ID3_Tag@@QBEPAVID3_Frame@@W4ID3_FrameID@@@Z.ID3LIB(0000003E,6E79B076,?,?,?,?,069F724B,000000FF), ref: 069AA356
                                                                                                                                            • Part of subcall function 069928C9: ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,85557334), ref: 069929E7
                                                                                                                                            • Part of subcall function 069928C9: ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,F23B576D), ref: 069929F9
                                                                                                                                            • Part of subcall function 069928C9: ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,C0104754), ref: 06992A91
                                                                                                                                          • ?Find@ID3_Tag@@QBEPAVID3_Frame@@W4ID3_FrameID@@@Z.ID3LIB(0000003F,0000003E,6E79B076,?,?,?,?,069F724B,000000FF), ref: 069AA363
                                                                                                                                            • Part of subcall function 069928C9: ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,5B40A19F), ref: 06992AA6
                                                                                                                                            • Part of subcall function 069928C9: ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,6AE4AB71), ref: 06992AB8
                                                                                                                                          • ?Find@ID3_Tag@@QBEPAVID3_Frame@@W4ID3_FrameID@@@Z.ID3LIB(00000040,0000003F,0000003E,6E79B076,?,?,?,?,069F724B,000000FF), ref: 069AA370
                                                                                                                                          • ?Find@ID3_Tag@@QBEPAVID3_Frame@@W4ID3_FrameID@@@Z.ID3LIB(00000020,00000040,0000003F,0000003E,6E79B076,?,?,?,?,069F724B,000000FF), ref: 069AA37D
                                                                                                                                          • ??0ID3_Frame@@QAE@W4ID3_FrameID@@@Z.ID3LIB(0000003E,?,?,?,?,?,?,?,000000FF), ref: 069AA3A4
                                                                                                                                          • ?GetField@ID3_Frame@@QBEPAVID3_Field@@W4ID3_FieldID@@@Z.ID3LIB(00000002,?,?,?,?,?,?,?,000000FF), ref: 069AA3BF
                                                                                                                                          • ?AttachFrame@ID3_Tag@@QAE_NPAVID3_Frame@@@Z.ID3LIB(00000000,?,?,?,?,?,?,?,000000FF), ref: 069AA3D1
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: D@@@Frame@@$?getCharEnd@FrameReader@io@dami@@Tag@@$Find@$Artists@@AttachFieldField@Field@@Frame@Frame@@@RemoveTag@@@
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 113741529-0
                                                                                                                                          • Opcode ID: 68138a61e430f0dd745bcb249252486cc0d8f1401d4deab000fd08de528cade9
                                                                                                                                          • Instruction ID: fa22c3f501f4b91ffb10428fb376013320e32e3350990c6a8cd65b8e42ce82b3
                                                                                                                                          • Opcode Fuzzy Hash: 68138a61e430f0dd745bcb249252486cc0d8f1401d4deab000fd08de528cade9
                                                                                                                                          • Instruction Fuzzy Hash: C3212E71B143019BDB91EB694C4073E73C9ABC5550F144A19E9A19BBC0FF66C905C3E2
                                                                                                                                          Function 0B07DB90 Relevance: 12.1, APIs: 8, Instructions: 76COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • RtlEnterCriticalSection.NTDLL(0B5ACC14), ref: 0B07DBAE
                                                                                                                                          • RtlLeaveCriticalSection.NTDLL(0B5ACC14), ref: 0B07DBD2
                                                                                                                                          • RtlLeaveCriticalSection.NTDLL(0B5ACC14), ref: 0B07DBE1
                                                                                                                                          • IsValidLocale.KERNEL32(00000000,00000002,00000000,0B07DC94,?,?,00000000,00000000,?,0B07E55C), ref: 0B07DBF3
                                                                                                                                          • RtlEnterCriticalSection.NTDLL(0B5ACC14), ref: 0B07DC50
                                                                                                                                          • RtlLeaveCriticalSection.NTDLL(0B5ACC14), ref: 0B07DC79
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3379869403.000000000B070000.00000040.00001000.00020000.00000000.sdmp, Offset: 0B070000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5AF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5B1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5BB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5F7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_b070000_CPPlayer.jbxd
                                                                                                                                          Yara matches
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CriticalSection$Leave$Enter$LocaleValid
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 975949045-0
                                                                                                                                          • Opcode ID: bb2337984c0eff08f4226f1b597e04b536ca57cce854aa78ccf4615441b819a2
                                                                                                                                          • Instruction ID: 7e8f7a39fcadee53a3fd69f61df5997b78a071ba803cc656454dc5452c2b6f2a
                                                                                                                                          • Opcode Fuzzy Hash: bb2337984c0eff08f4226f1b597e04b536ca57cce854aa78ccf4615441b819a2
                                                                                                                                          • Instruction Fuzzy Hash: 1421A5A0FC42056EEB1CB7A98C766DDF5DAEF46A80F5085B5A010AB250DDF4CD4182FE
                                                                                                                                          Function 06DB2A40 Relevance: 12.1, APIs: 8, Instructions: 71threadCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • pthread_getspecific.PTHREADVC2(01BF0578,00000000,5604C483,?,06DB3435), ref: 06DB2A49
                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 06DB2A87
                                                                                                                                          • GetCurrentProcess.KERNEL32(00000004,00000000,00000000,00000002), ref: 06DB2A9F
                                                                                                                                          • GetCurrentThread.KERNEL32 ref: 06DB2AA2
                                                                                                                                          • GetCurrentProcess.KERNEL32(00000000), ref: 06DB2AA9
                                                                                                                                          • DuplicateHandle.KERNEL32(00000000), ref: 06DB2AAC
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361426622.0000000006DB1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 06DB0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361402305.0000000006DB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361483658.0000000006DB6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361523421.0000000006DB8000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361556198.0000000006DB9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6db0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Current$ProcessThread$DuplicateHandlepthread_getspecific
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1970083564-0
                                                                                                                                          • Opcode ID: 50fe021612f6a1cd0be2b63bcf28c0daff5c96bc2a0851c71c27355d72471b76
                                                                                                                                          • Instruction ID: c553c76c2964c0d25c8f2d4d19717da49f0188728966c9b6ffadc5fde67727f6
                                                                                                                                          • Opcode Fuzzy Hash: 50fe021612f6a1cd0be2b63bcf28c0daff5c96bc2a0851c71c27355d72471b76
                                                                                                                                          • Instruction Fuzzy Hash: CF118277B00314DBD660ABB6AC48BA7B79DEF84751F045429EA09C3308EA31E9058BA0
                                                                                                                                          Function 07314419 Relevance: 12.1, APIs: 8, Instructions: 68threadCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • ___set_flsgetvalue.LIBCMT ref: 0731441F
                                                                                                                                            • Part of subcall function 07317D28: TlsGetValue.KERNEL32(?,07317EB4,?,?,?,00000000,000003FF), ref: 07317D31
                                                                                                                                            • Part of subcall function 07317D28: __decode_pointer.LIBCMT ref: 07317D43
                                                                                                                                            • Part of subcall function 07317D28: TlsSetValue.KERNEL32(00000000,?,?,00000000,000003FF), ref: 07317D52
                                                                                                                                          • ___fls_getvalue@4.LIBCMT ref: 0731442A
                                                                                                                                            • Part of subcall function 07317D08: TlsGetValue.KERNEL32(?,?,0731442F,00000000), ref: 07317D16
                                                                                                                                          • ___fls_setvalue@8.LIBCMT ref: 0731443D
                                                                                                                                            • Part of subcall function 07317D5C: __decode_pointer.LIBCMT ref: 07317D6D
                                                                                                                                          • GetLastError.KERNEL32(00000000,?,00000000), ref: 07314446
                                                                                                                                          • ExitThread.KERNEL32 ref: 0731444D
                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 07314453
                                                                                                                                          • __freefls@4.LIBCMT ref: 07314473
                                                                                                                                          • __IsNonwritableInCurrentImage.LIBCMT ref: 07314486
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3364461439.0000000007311000.00000020.00000001.01000000.00000012.sdmp, Offset: 07310000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3364405182.0000000007310000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364564894.0000000007320000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364633835.0000000007324000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364663478.0000000007327000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_7310000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Value$CurrentThread__decode_pointer$ErrorExitImageLastNonwritable___fls_getvalue@4___fls_setvalue@8___set_flsgetvalue__freefls@4
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1925773019-0
                                                                                                                                          • Opcode ID: a641c140d01070bf793a02bba8d3e5f351ceabc1e9de83bfb8facad0090b627a
                                                                                                                                          • Instruction ID: 00b90abadc83b0f8d66ac841c46ce6721205f592cf53be1b9c15714588325e98
                                                                                                                                          • Opcode Fuzzy Hash: a641c140d01070bf793a02bba8d3e5f351ceabc1e9de83bfb8facad0090b627a
                                                                                                                                          • Instruction Fuzzy Hash: 0C1106F9600249EFF71CBFA5D84995E3BACAF89350F158429E40C87211EF34E843C662
                                                                                                                                          Function 06DB2DB0 Relevance: 12.0, APIs: 8, Instructions: 50COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • EnterCriticalSection.KERNEL32(06DB8120,06DB526B,06DB30D7,06DB526B,?,?,06DB526B,?), ref: 06DB2DB8
                                                                                                                                          • pthread_mutex_init.PTHREADVC2(?,00000000), ref: 06DB2DCB
                                                                                                                                          • LeaveCriticalSection.KERNEL32(06DB8120), ref: 06DB2DDA
                                                                                                                                          • pthread_mutex_init.PTHREADVC2(?,06DB8030), ref: 06DB2DEF
                                                                                                                                          • LeaveCriticalSection.KERNEL32(06DB8120), ref: 06DB2DFE
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361426622.0000000006DB1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 06DB0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361402305.0000000006DB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361483658.0000000006DB6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361523421.0000000006DB8000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361556198.0000000006DB9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6db0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CriticalSection$Leavepthread_mutex_init$Enter
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 4050321482-0
                                                                                                                                          • Opcode ID: 1f9e9413849b66c99c186798d60ad18a8bbbc2170b41a4954881e5d0bfdffc8b
                                                                                                                                          • Instruction ID: 5e3a89dbb1ffd4ba1873689ed25144cc5f4b5af2c939599a1def8b49043f5465
                                                                                                                                          • Opcode Fuzzy Hash: 1f9e9413849b66c99c186798d60ad18a8bbbc2170b41a4954881e5d0bfdffc8b
                                                                                                                                          • Instruction Fuzzy Hash: 52014B36F61220E786E02F76BC059EE6E999B09AF67052750FA23E238CE520CD0556A1
                                                                                                                                          Function 06DB1170 Relevance: 12.0, APIs: 8, Instructions: 36COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • pthread_key_create.PTHREADVC2(06DB80BC,00000000,06DB35FC), ref: 06DB1190
                                                                                                                                          • pthread_key_create.PTHREADVC2(06DB80C0,00000000), ref: 06DB11A2
                                                                                                                                          • InitializeCriticalSection.KERNEL32(06DB80E0), ref: 06DB11BF
                                                                                                                                          • InitializeCriticalSection.KERNEL32(06DB8120), ref: 06DB11C6
                                                                                                                                          • InitializeCriticalSection.KERNEL32(06DB8180), ref: 06DB11CD
                                                                                                                                          • InitializeCriticalSection.KERNEL32(06DB8100), ref: 06DB11D4
                                                                                                                                          • InitializeCriticalSection.KERNEL32(06DB8160), ref: 06DB11DB
                                                                                                                                          • InitializeCriticalSection.KERNEL32(06DB8140), ref: 06DB11E2
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361426622.0000000006DB1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 06DB0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361402305.0000000006DB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361483658.0000000006DB6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361523421.0000000006DB8000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361556198.0000000006DB9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6db0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CriticalInitializeSection$pthread_key_create
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3042224635-0
                                                                                                                                          • Opcode ID: 5fdf99cc980267f1ba213e16ebba5de2ba4d96632557011ec75f63e109950935
                                                                                                                                          • Instruction ID: b3c12141d0ad0427405c54dd160e66ca1e516a5c19b7151ed0826120ca1c1198
                                                                                                                                          • Opcode Fuzzy Hash: 5fdf99cc980267f1ba213e16ebba5de2ba4d96632557011ec75f63e109950935
                                                                                                                                          • Instruction Fuzzy Hash: 25F08220F86215F5D7D06BA76C12BC62D4ECB149D1F0C3011F52A8224CD9A0D44CE9F2
                                                                                                                                          Function 069C3724 Relevance: 10.7, APIs: 7, Instructions: 189COMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: _memset$__filbuf__fileno__getptd_noexit__read_memcpy_s
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3886058894-0
                                                                                                                                          • Opcode ID: 6fc3432dac063d8122c127221b6d10b7bd74bcf9286a1dacb33f1a174448f685
                                                                                                                                          • Instruction ID: 10e87489beeb651e837547905434c3f13eecce292b64276f90733fc822edde9d
                                                                                                                                          • Opcode Fuzzy Hash: 6fc3432dac063d8122c127221b6d10b7bd74bcf9286a1dacb33f1a174448f685
                                                                                                                                          • Instruction Fuzzy Hash: 6151C571D00205EFDBA09F69CC4499EBB79EF81330F24C62DE835A29D0D7709A51DBA2
                                                                                                                                          Function 06992A0E Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 145COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: 8$OleAut32$mscoree$ntdll
                                                                                                                                          • API String ID: 0-2361160079
                                                                                                                                          • Opcode ID: 11975908e03ac4d76dac226c6e5c4408d81929cb85845d103eb9e58db051c252
                                                                                                                                          • Instruction ID: fe057774e24794fee1458df83c2a5a24f6646e0240985dd638c61e5fd3177624
                                                                                                                                          • Opcode Fuzzy Hash: 11975908e03ac4d76dac226c6e5c4408d81929cb85845d103eb9e58db051c252
                                                                                                                                          • Instruction Fuzzy Hash: 23514E31D14298EEEF51CBE8D845BEDBBF4AF09314F20409AE548FB291D7B50A84CB25
                                                                                                                                          Function 06992A27 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 141COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,C0104754), ref: 06992A91
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,5B40A19F), ref: 06992AA6
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,6AE4AB71), ref: 06992AB8
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ?getCharEnd@Reader@io@dami@@
                                                                                                                                          • String ID: OleAut32$mscoree$ntdll
                                                                                                                                          • API String ID: 495049384-3596425917
                                                                                                                                          • Opcode ID: 0ff9476a51ed6da28d99ed77da328ec9118502ddb164bc71c25eca60b51d7b8a
                                                                                                                                          • Instruction ID: d638b8dc092512d686aa9b02e96c9591ee86ae3947862a84ce4e2d3063409aa4
                                                                                                                                          • Opcode Fuzzy Hash: 0ff9476a51ed6da28d99ed77da328ec9118502ddb164bc71c25eca60b51d7b8a
                                                                                                                                          • Instruction Fuzzy Hash: CF513E35D14298EEEF61CBE8D845BEDBBB4AF08314F20449AE518FB290D7750A84CF25
                                                                                                                                          Function 06992A45 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 133COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,C0104754), ref: 06992A91
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,5B40A19F), ref: 06992AA6
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,6AE4AB71), ref: 06992AB8
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ?getCharEnd@Reader@io@dami@@
                                                                                                                                          • String ID: OleAut32$mscoree$ntdll
                                                                                                                                          • API String ID: 495049384-3596425917
                                                                                                                                          • Opcode ID: d2ee6715da3b9d1601ada60747ccc9522117b56852128ab73d86904168a684b7
                                                                                                                                          • Instruction ID: 7b6c08f8e69a1a12caeb9dace800799a792d05ead9ebc3952ad948c4ae896eca
                                                                                                                                          • Opcode Fuzzy Hash: d2ee6715da3b9d1601ada60747ccc9522117b56852128ab73d86904168a684b7
                                                                                                                                          • Instruction Fuzzy Hash: B4510B35D14258EEEF61CBE8DC45BEDBBB4AF09310F20449AE518EB2A0D7754A84CF25
                                                                                                                                          Function 0B078A30 Relevance: 10.6, APIs: 7, Instructions: 130threadCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 0B078EBC: GetCurrentThreadId.KERNEL32 ref: 0B078EBF
                                                                                                                                          • GetTickCount.KERNEL32 ref: 0B078A67
                                                                                                                                          • GetTickCount.KERNEL32 ref: 0B078A7F
                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0B078AAE
                                                                                                                                          • GetTickCount.KERNEL32 ref: 0B078AD9
                                                                                                                                          • GetTickCount.KERNEL32 ref: 0B078B10
                                                                                                                                          • GetTickCount.KERNEL32 ref: 0B078B3A
                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0B078BAA
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3379869403.000000000B070000.00000040.00001000.00020000.00000000.sdmp, Offset: 0B070000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5AF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5B1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5BB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5F7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_b070000_CPPlayer.jbxd
                                                                                                                                          Yara matches
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CountTick$CurrentThread
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3968769311-0
                                                                                                                                          • Opcode ID: ffe8503c184f2c86ae9a2af154c76d171832dd3a91b8745c5c80554c6e0c5cb4
                                                                                                                                          • Instruction ID: 4643ac42490120e952f45276ae46b8f61f6acca85a3ddd4555d69abb2d562ef1
                                                                                                                                          • Opcode Fuzzy Hash: ffe8503c184f2c86ae9a2af154c76d171832dd3a91b8745c5c80554c6e0c5cb4
                                                                                                                                          • Instruction Fuzzy Hash: BA4193B0E483419EE769BE7EC88835EFBD1AF85250F04CE6CD4E887290E774D485875A
                                                                                                                                          Function 06992A54 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 128COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,C0104754), ref: 06992A91
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,5B40A19F), ref: 06992AA6
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,6AE4AB71), ref: 06992AB8
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ?getCharEnd@Reader@io@dami@@
                                                                                                                                          • String ID: OleAut32$mscoree$ntdll
                                                                                                                                          • API String ID: 495049384-3596425917
                                                                                                                                          • Opcode ID: 16787837fe5c0f4013a245309672cb576aa828b97f6ee3d087a3d902f71c14b3
                                                                                                                                          • Instruction ID: 2d30b347aa5a46f750ff93e907e6b32631b7b6c65ad32e7e493700ffb59641be
                                                                                                                                          • Opcode Fuzzy Hash: 16787837fe5c0f4013a245309672cb576aa828b97f6ee3d087a3d902f71c14b3
                                                                                                                                          • Instruction Fuzzy Hash: 2A510835D24258EEEF60CBA8EC45BEDB7B8EF08311F20449AE518EB1A0D7705A84CF14
                                                                                                                                          Function 06DB27A0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 113threadCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361426622.0000000006DB1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 06DB0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361402305.0000000006DB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361483658.0000000006DB6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361523421.0000000006DB8000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361556198.0000000006DB9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6db0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ResumeThread_beginthreadexfreemallocpthread_self
                                                                                                                                          • String ID: 0l5v`d5vk:v
                                                                                                                                          • API String ID: 1815304114-2752800198
                                                                                                                                          • Opcode ID: 16913649bd1746572eae35a31b0c1b536c8d8e1ae611a59b75248b4c2811cf5c
                                                                                                                                          • Instruction ID: 986bc9140c9e547dd367f076e063745dffeea6dcc26611a4ed180d63dcf4f5e6
                                                                                                                                          • Opcode Fuzzy Hash: 16913649bd1746572eae35a31b0c1b536c8d8e1ae611a59b75248b4c2811cf5c
                                                                                                                                          • Instruction Fuzzy Hash: AC319F76A04304DFC350DF59D840A67BBE4EFC8710F04992DF95A87305DA71EA05CBA2
                                                                                                                                          Function 06DB2680 Relevance: 10.6, APIs: 7, Instructions: 109COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • pthread_mutex_lock.PTHREADVC2(?,?,?,?,06DB267C,?,00000000), ref: 06DB26A8
                                                                                                                                          • pthread_mutex_unlock.PTHREADVC2(?), ref: 06DB26C6
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361426622.0000000006DB1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 06DB0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361402305.0000000006DB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361483658.0000000006DB6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361523421.0000000006DB8000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361556198.0000000006DB9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6db0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: pthread_mutex_lockpthread_mutex_unlock
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3887897452-0
                                                                                                                                          • Opcode ID: 6cf63e3856e0e85a51dac1486444bd65f11acca069b85bd86fa7dac404a8c42d
                                                                                                                                          • Instruction ID: a219ea27806f9b3c4cca5b0a7a1dde1c6e3d85427dc62dd054a26fe8de2b7d96
                                                                                                                                          • Opcode Fuzzy Hash: 6cf63e3856e0e85a51dac1486444bd65f11acca069b85bd86fa7dac404a8c42d
                                                                                                                                          • Instruction Fuzzy Hash: 98318DB7E00201CBD7A09F6AE8806A6B3E4EB94761B18143DD997C3305E671E505C6A1
                                                                                                                                          Function 06DB51E0 Relevance: 10.6, APIs: 7, Instructions: 102COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • pthread_self.PTHREADVC2(00000004,00000000,?,06DB2AE2,01BF0578,00000000), ref: 06DB51F3
                                                                                                                                            • Part of subcall function 06DB2A40: pthread_getspecific.PTHREADVC2(01BF0578,00000000,5604C483,?,06DB3435), ref: 06DB2A49
                                                                                                                                          • pthread_getspecific.PTHREADVC2(01BF0578,00000004,00000000,?,06DB2AE2,01BF0578,00000000), ref: 06DB520F
                                                                                                                                          • pthread_mutex_lock.PTHREADVC2(?,?,?,06DB2AE2,01BF0578,00000000), ref: 06DB5266
                                                                                                                                          • pthread_mutex_lock.PTHREADVC2(?,?,?,06DB2AE2,01BF0578,00000000), ref: 06DB5276
                                                                                                                                          • pthread_mutex_unlock.PTHREADVC2(?,?,?,?,?,?,06DB2AE2,01BF0578,00000000), ref: 06DB52A7
                                                                                                                                          • pthread_mutex_unlock.PTHREADVC2(?,?,?,06DB2AE2,01BF0578,00000000), ref: 06DB52B7
                                                                                                                                          • TlsSetValue.KERNEL32(?,?,?,?,06DB2AE2,01BF0578,00000000), ref: 06DB52C7
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361426622.0000000006DB1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 06DB0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361402305.0000000006DB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361483658.0000000006DB6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361523421.0000000006DB8000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361556198.0000000006DB9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6db0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: pthread_getspecificpthread_mutex_lockpthread_mutex_unlock$Valuepthread_self
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2380599342-0
                                                                                                                                          • Opcode ID: 689c6835b7813ed33b1b0b64bd4dfeafbc2a41a48f40536c094f87e9f026bf49
                                                                                                                                          • Instruction ID: 7d118e8e893274a0fb72641b80a6d5a35dcb0a9309da4e2d8f8d47094c60f249
                                                                                                                                          • Opcode Fuzzy Hash: 689c6835b7813ed33b1b0b64bd4dfeafbc2a41a48f40536c094f87e9f026bf49
                                                                                                                                          • Instruction Fuzzy Hash: DF319175E06301DBD6B0AF69FD80A9BB3D8EF44650F086535DD1687309F725E809C6A1
                                                                                                                                          Function 069AAE50 Relevance: 10.6, APIs: 7, Instructions: 91COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • ?ID3_RemoveLyrics@@YAIPAVID3_Tag@@@Z.ID3LIB(?,6E79B076,?,?,?,?,069F73CB,000000FF), ref: 069AAEA6
                                                                                                                                          • ?Find@ID3_Tag@@QBEPAVID3_Frame@@W4ID3_FrameID@@@Z.ID3LIB(00000054,6E79B076,?,?,?,?,069F73CB,000000FF), ref: 069AAEB4
                                                                                                                                            • Part of subcall function 069928C9: ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,85557334), ref: 069929E7
                                                                                                                                            • Part of subcall function 069928C9: ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,F23B576D), ref: 069929F9
                                                                                                                                            • Part of subcall function 069928C9: ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,C0104754), ref: 06992A91
                                                                                                                                          • ??0ID3_Frame@@QAE@W4ID3_FrameID@@@Z.ID3LIB(00000054,?,?,?,?,?,?,?,000000FF), ref: 069AAEDB
                                                                                                                                          • ?GetField@ID3_Frame@@QBEPAVID3_Field@@W4ID3_FieldID@@@Z.ID3LIB(0000000A,?,?,?,?,?,?,?,000000FF), ref: 069AAEF6
                                                                                                                                          • ?GetField@ID3_Frame@@QBEPAVID3_Field@@W4ID3_FieldID@@@Z.ID3LIB(00000005,?,?,?,?,?,?,?,000000FF), ref: 069AAF0D
                                                                                                                                          • ?GetField@ID3_Frame@@QBEPAVID3_Field@@W4ID3_FieldID@@@Z.ID3LIB(00000002,?,?,?,?,?,?,?,000000FF), ref: 069AAF24
                                                                                                                                          • ?AttachFrame@ID3_Tag@@QAE_NPAVID3_Frame@@@Z.ID3LIB(00000000,?,?,?,?,?,?,?,000000FF), ref: 069AAF36
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: D@@@Frame@@$?getCharEnd@FieldField@Field@@Reader@io@dami@@$FrameTag@@$AttachFind@Frame@Frame@@@Lyrics@@RemoveTag@@@
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2863123122-0
                                                                                                                                          • Opcode ID: f10810e7bbfa8d275d5097d7f63d3a34dd3b0197d40d75645a90a61f5c79630b
                                                                                                                                          • Instruction ID: d8070708fc2baaf3682f1e81e7ddbe11ca0c7b438a24b3435b0cdb74fbeb674d
                                                                                                                                          • Opcode Fuzzy Hash: f10810e7bbfa8d275d5097d7f63d3a34dd3b0197d40d75645a90a61f5c79630b
                                                                                                                                          • Instruction Fuzzy Hash: F021D1B1718711AFDB84DB688890B3B73D5ABC9A10F200A19E9568B780DB34DD06C7E2
                                                                                                                                          Function 06DB3970 Relevance: 10.6, APIs: 7, Instructions: 90COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361426622.0000000006DB1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 06DB0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361402305.0000000006DB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361483658.0000000006DB6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361523421.0000000006DB8000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361556198.0000000006DB9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6db0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 24396bc3d052542169d399c2fe0f4f001be65667111949c4310cd4f3cf85a56c
                                                                                                                                          • Instruction ID: 952eea50d31e4d0a306ed141dafe5b81a53aa92f34dc221b8c5e5df50eac9a76
                                                                                                                                          • Opcode Fuzzy Hash: 24396bc3d052542169d399c2fe0f4f001be65667111949c4310cd4f3cf85a56c
                                                                                                                                          • Instruction Fuzzy Hash: 0C21DE72600310CBDB609B29FC00BD7B3E9EFC0765F1A0429F95A87348DB76E90687A1
                                                                                                                                          Function 069A4680 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 87COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 06992180: ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(0699224D,9FE4FCE1,?,?,0699224D), ref: 06992180
                                                                                                                                          • ?writeUInt28@io@dami@@YAIAAVID3_Writer@@I@Z.ID3LIB(?,?), ref: 069A46E6
                                                                                                                                          • ?writeUInt28@io@dami@@YAIAAVID3_Writer@@I@Z.ID3LIB(?,00000006), ref: 069A46FF
                                                                                                                                          • ?writeBENumber@io@dami@@YAIAAVID3_Writer@@II@Z.ID3LIB(?,00000001,00000001,?,00000006), ref: 069A4709
                                                                                                                                          • ?writeBENumber@io@dami@@YAIAAVID3_Writer@@II@Z.ID3LIB(?,00000000,00000001,?,00000001,00000001,?,00000006), ref: 069A4713
                                                                                                                                          • ?writeBENumber@io@dami@@YAIAAVID3_Writer@@II@Z.ID3LIB(?,00000006,00000004), ref: 069A472B
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ?writeWriter@@$Number@io@dami@@$Int28@io@dami@@$?getCharEnd@Reader@io@dami@@
                                                                                                                                          • String ID: ID3
                                                                                                                                          • API String ID: 330986215-2882503754
                                                                                                                                          • Opcode ID: 3560a8cd747883d659c0bcd09b5788c3429beeba590c6a37b3bbddad427ff7d3
                                                                                                                                          • Instruction ID: 45090650bd0ead84a9eec89b2769e94fbe0fd9626225df18629a4ec48c397975
                                                                                                                                          • Opcode Fuzzy Hash: 3560a8cd747883d659c0bcd09b5788c3429beeba590c6a37b3bbddad427ff7d3
                                                                                                                                          • Instruction Fuzzy Hash: 21210E72B006116BDAA4EB1CDC81F6EB3DAAFCA710F104014F6448B680D7B8AD5386F6
                                                                                                                                          Function 06DB12B0 Relevance: 10.6, APIs: 7, Instructions: 78COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • free.MSVCRT ref: 06DB12D2
                                                                                                                                          • pthread_setspecific.PTHREADVC2(01BF0578), ref: 06DB12E0
                                                                                                                                            • Part of subcall function 06DB51E0: pthread_self.PTHREADVC2(00000004,00000000,?,06DB2AE2,01BF0578,00000000), ref: 06DB51F3
                                                                                                                                          • _setjmp3.MSVCRT ref: 06DB12F2
                                                                                                                                          • _endthreadex.MSVCRT(00000000), ref: 06DB1311
                                                                                                                                          • _endthreadex.MSVCRT ref: 06DB1333
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361426622.0000000006DB1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 06DB0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361402305.0000000006DB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361483658.0000000006DB6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361523421.0000000006DB8000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361556198.0000000006DB9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6db0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: _endthreadex$_setjmp3freepthread_selfpthread_setspecific
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 684966763-0
                                                                                                                                          • Opcode ID: fad39aea57f172c05d05c0a6a0cd2eeaac9553cdd3d7fe22017053ef5265d5b0
                                                                                                                                          • Instruction ID: 27ac44c6bbbd2753654b0160193580e96cb61c8733258e0eaac6965fa60f700c
                                                                                                                                          • Opcode Fuzzy Hash: fad39aea57f172c05d05c0a6a0cd2eeaac9553cdd3d7fe22017053ef5265d5b0
                                                                                                                                          • Instruction Fuzzy Hash: 022183B2E01124DFCB00DF99EC0599AB7B8EF04250B1441A6FD0697345D731DE10CBD6
                                                                                                                                          Function 06DB2F00 Relevance: 10.6, APIs: 7, Instructions: 78COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • pthread_mutex_trylock.PTHREADVC2(00000000,00000004,00000000,06DB4631,00000004), ref: 06DB2F1C
                                                                                                                                            • Part of subcall function 06DB33E0: InterlockedCompareExchange.KERNEL32(5604C483,00000001,00000000), ref: 06DB3403
                                                                                                                                            • Part of subcall function 06DB33E0: pthread_self.PTHREADVC2 ref: 06DB341B
                                                                                                                                          • pthread_mutex_unlock.PTHREADVC2(?,00000004), ref: 06DB2F55
                                                                                                                                          • CloseHandle.KERNEL32(?,?,00000004), ref: 06DB2F6B
                                                                                                                                          • free.MSVCRT ref: 06DB2F88
                                                                                                                                          • EnterCriticalSection.KERNEL32(06DB8120,00000004,00000000,06DB4631,00000004), ref: 06DB2FA6
                                                                                                                                          • LeaveCriticalSection.KERNEL32(06DB8120), ref: 06DB2FBC
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361426622.0000000006DB1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 06DB0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361402305.0000000006DB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361483658.0000000006DB6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361523421.0000000006DB8000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361556198.0000000006DB9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6db0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CriticalSection$CloseCompareEnterExchangeHandleInterlockedLeavefreepthread_mutex_trylockpthread_mutex_unlockpthread_self
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 115795767-0
                                                                                                                                          • Opcode ID: 5e7ac518bbd2543a913c7e7b1fa87b9a3daa267ed5762fbb570c315a950ed038
                                                                                                                                          • Instruction ID: 9e7b498b005e6eacc28dfd96228998bdbf64da82f663786a42fd9e74327887ef
                                                                                                                                          • Opcode Fuzzy Hash: 5e7ac518bbd2543a913c7e7b1fa87b9a3daa267ed5762fbb570c315a950ed038
                                                                                                                                          • Instruction Fuzzy Hash: D4217C76704200DFC7908F1AF8006DAB7EAEBC8321F15992AF59AC7348D730D886CB91
                                                                                                                                          Function 0731449C Relevance: 10.6, APIs: 7, Instructions: 71threadCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • ___set_flsgetvalue.LIBCMT ref: 073144CD
                                                                                                                                          • __calloc_crt.LIBCMT ref: 073144D9
                                                                                                                                          • __getptd.LIBCMT ref: 073144E6
                                                                                                                                          • __initptd.LIBCMT ref: 073144EF
                                                                                                                                          • CreateThread.KERNEL32(?,?,07314419,00000000,?,?), ref: 0731451D
                                                                                                                                          • GetLastError.KERNEL32 ref: 07314527
                                                                                                                                          • __dosmaperr.LIBCMT ref: 0731453F
                                                                                                                                            • Part of subcall function 07315C69: __getptd_noexit.LIBCMT ref: 07315C69
                                                                                                                                            • Part of subcall function 07317BEC: __decode_pointer.LIBCMT ref: 07317BF7
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3364461439.0000000007311000.00000020.00000001.01000000.00000012.sdmp, Offset: 07310000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3364405182.0000000007310000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364564894.0000000007320000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364633835.0000000007324000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364663478.0000000007327000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_7310000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CreateErrorLastThread___set_flsgetvalue__calloc_crt__decode_pointer__dosmaperr__getptd__getptd_noexit__initptd
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3358092440-0
                                                                                                                                          • Opcode ID: 29582e919241ad170ce3e3812a846eb11b9fa7756b230287e7d313dbfeb6a975
                                                                                                                                          • Instruction ID: cd28763bfcec9ee52329beb9102eb2427fd4c4ab18699e0592f2791609a21581
                                                                                                                                          • Opcode Fuzzy Hash: 29582e919241ad170ce3e3812a846eb11b9fa7756b230287e7d313dbfeb6a975
                                                                                                                                          • Instruction Fuzzy Hash: CD11A3F650424AEFFB18BFA5EC868EE7BA8EF04324B144439F50D97150EB719911C6A1
                                                                                                                                          Function 07313A10 Relevance: 10.6, APIs: 7, Instructions: 65memorysleepCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • Sleep.KERNEL32(0000000A,00000000,?,07312806,00000000,?,?,?,?,?,NdfPlayer_OpenFile 12 ), ref: 07313A26
                                                                                                                                          • waveOutUnprepareHeader.WINMM(?,840FFF85,00000020,?,75919350,00000000,?,07312806,00000000,?,?,?,?,?,NdfPlayer_OpenFile 12 ), ref: 07313A54
                                                                                                                                          • DeleteCriticalSection.KERNEL32(0731283A,75919350,00000000,?,07312806,00000000,?,?,?,?,?,NdfPlayer_OpenFile 12 ), ref: 07313A66
                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,840FFF85,?,?,?,?,?,NdfPlayer_OpenFile 12 ), ref: 07313A72
                                                                                                                                          • HeapFree.KERNEL32(00000000,?,?,?,?,?,NdfPlayer_OpenFile 12 ), ref: 07313A79
                                                                                                                                          • waveOutReset.WINMM(?,?,?,?,?,?,NdfPlayer_OpenFile 12 ), ref: 07313A82
                                                                                                                                          • waveOutClose.WINMM(00000000,?,?,?,?,?,?,NdfPlayer_OpenFile 12 ), ref: 07313A8B
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3364461439.0000000007311000.00000020.00000001.01000000.00000012.sdmp, Offset: 07310000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3364405182.0000000007310000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364564894.0000000007320000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364633835.0000000007324000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364663478.0000000007327000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_7310000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: wave$Heap$CloseCriticalDeleteFreeHeaderProcessResetSectionSleepUnprepare
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1131490990-0
                                                                                                                                          • Opcode ID: 42ca49524477d1aa4d5faa4c6137bbb8693464134993bd0799fe15d43c02a639
                                                                                                                                          • Instruction ID: c153c9d22b3238fa7acf03551e39d21b19a8d8f10594cbebb4fb527ac00f052c
                                                                                                                                          • Opcode Fuzzy Hash: 42ca49524477d1aa4d5faa4c6137bbb8693464134993bd0799fe15d43c02a639
                                                                                                                                          • Instruction Fuzzy Hash: 12115EB66003059FF338DBA9E889A17B3EDFF88310F15490DE54A83651E775F8468B51
                                                                                                                                          Function 073131B0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 48COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • _memset.LIBCMT ref: 073131DE
                                                                                                                                          • _sprintf.LIBCMT ref: 073131FA
                                                                                                                                          • OutputDebugStringA.KERNEL32(?), ref: 0731320D
                                                                                                                                          • OutputDebugStringA.KERNEL32(NdfPlayer_SetAspect OUT ), ref: 0731324B
                                                                                                                                          Strings
                                                                                                                                          • NdfPlayer_SetAspect OUT , xrefs: 07313236
                                                                                                                                          • NdfPlayer_SetAspect IN :%.3f , xrefs: 073131F4
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3364461439.0000000007311000.00000020.00000001.01000000.00000012.sdmp, Offset: 07310000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3364405182.0000000007310000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364564894.0000000007320000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364633835.0000000007324000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364663478.0000000007327000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_7310000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: DebugOutputString$_memset_sprintf
                                                                                                                                          • String ID: NdfPlayer_SetAspect IN :%.3f $NdfPlayer_SetAspect OUT
                                                                                                                                          • API String ID: 1939697985-2645436803
                                                                                                                                          • Opcode ID: 834cd551fde890a0f87013c82a701f26cd6682fca200e8d4af5f36d1eec052c8
                                                                                                                                          • Instruction ID: bb4c2375e50b7de8f0934d12cbb8c1b7e28ff79ec05b0cabd1b656937dcc1236
                                                                                                                                          • Opcode Fuzzy Hash: 834cd551fde890a0f87013c82a701f26cd6682fca200e8d4af5f36d1eec052c8
                                                                                                                                          • Instruction Fuzzy Hash: B40184F15047449BF338AB68E842B9AB7D4FFC8710F40895DE78C52241DA74944A879B
                                                                                                                                          Function 069A9700 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • ?Find@ID3_Tag@@QBEPAVID3_Frame@@W4ID3_FrameID@@W4ID3_FieldID@@PBD@Z.ID3LIB(00000004,00000005,?), ref: 069A9721
                                                                                                                                          • ?ID3_GetString@@YAPADPBVID3_Frame@@W4ID3_FieldID@@@Z.ID3LIB(00000000,00000002,00000004,00000005,ID3v1 Comment,00000004), ref: 069A9757
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: FieldFrame@@$D@@@Find@FrameString@@Tag@@
                                                                                                                                          • String ID: ID3v1 Comment
                                                                                                                                          • API String ID: 737432779-1246727109
                                                                                                                                          • Opcode ID: a96e6b2f504a65caa6699d7cdab071a71c369641d698144f0c01e228ea1ba60c
                                                                                                                                          • Instruction ID: 69130722302e684e93e3bbb15cfb04928d677800ff7486759e3e73018a0522a3
                                                                                                                                          • Opcode Fuzzy Hash: a96e6b2f504a65caa6699d7cdab071a71c369641d698144f0c01e228ea1ba60c
                                                                                                                                          • Instruction Fuzzy Hash: D4F09672B613113BEFD0E6AD0CC5B6E83CD5FC1651F250425F714EBAC0E6918C0041B5
                                                                                                                                          Function 069D9C32 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Name::operator+$ArgumentDecorator::getNameName::Typesoperator+
                                                                                                                                          • String ID: throw(
                                                                                                                                          • API String ID: 4203687869-3159766648
                                                                                                                                          • Opcode ID: 0a2e58ce0005e099534f943219e412a5279ee18694ee74e0098225391e51f447
                                                                                                                                          • Instruction ID: 293985835b95e1aa1b46b2b7d635729fe5288e9636916cc6be2be0908dcac39a
                                                                                                                                          • Opcode Fuzzy Hash: 0a2e58ce0005e099534f943219e412a5279ee18694ee74e0098225391e51f447
                                                                                                                                          • Instruction Fuzzy Hash: 3C01A230A00208AFDF80FFE8DC45EED3BE9EB84708F00C061FA19AB690D630D9068754
                                                                                                                                          Function 06DB3750 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 45libraryloaderCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • pthread_getspecific.PTHREADVC2(01BF0578), ref: 06DB3760
                                                                                                                                          • TlsSetValue.KERNEL32(?,00000000), ref: 06DB378C
                                                                                                                                          • GetProcAddress.KERNEL32(00000000,QueueUserAPCEx_Fini), ref: 06DB37AC
                                                                                                                                          • FreeLibrary.KERNEL32(00000000), ref: 06DB37BF
                                                                                                                                          • FreeLibrary.KERNEL32(75900000), ref: 06DB37CB
                                                                                                                                            • Part of subcall function 06DB1380: CloseHandle.KERNEL32(?,00000000), ref: 06DB13BE
                                                                                                                                            • Part of subcall function 06DB1380: pthread_mutex_destroy.PTHREADVC2(?,00000000), ref: 06DB13C5
                                                                                                                                            • Part of subcall function 06DB1380: pthread_mutex_destroy.PTHREADVC2(?,?,00000000), ref: 06DB13CF
                                                                                                                                            • Part of subcall function 06DB1380: CloseHandle.KERNEL32(?,?,?,?,00000000), ref: 06DB13E0
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361426622.0000000006DB1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 06DB0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361402305.0000000006DB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361483658.0000000006DB6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361523421.0000000006DB8000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361556198.0000000006DB9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6db0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CloseFreeHandleLibrarypthread_mutex_destroy$AddressProcValuepthread_getspecific
                                                                                                                                          • String ID: QueueUserAPCEx_Fini
                                                                                                                                          • API String ID: 3014517292-1183190490
                                                                                                                                          • Opcode ID: a9d0f7cff889bde7c3fde9737c5a99931fbde303158dfe7b9bb2807610edfd8d
                                                                                                                                          • Instruction ID: ad238d1f92468073b670b31037f023a9242c07645e302b39da5ebe9946fadc6c
                                                                                                                                          • Opcode Fuzzy Hash: a9d0f7cff889bde7c3fde9737c5a99931fbde303158dfe7b9bb2807610edfd8d
                                                                                                                                          • Instruction Fuzzy Hash: 270181B4E11200EBD7D0EB7AEC84F9633AEEB48680B056114EA06C734CDA70E804EB71
                                                                                                                                          Function 07313110 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 35COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • OutputDebugStringA.KERNEL32(NdfPlayer_Seek IN ), ref: 0731311D
                                                                                                                                          • #212.CPKERNEL(?,?,?), ref: 0731313D
                                                                                                                                          • #209.CPKERNEL(00000000,?,?,?), ref: 07313147
                                                                                                                                          • OutputDebugStringA.KERNEL32(NdfPlayer_Seek OUT ), ref: 07313163
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3364461439.0000000007311000.00000020.00000001.01000000.00000012.sdmp, Offset: 07310000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3364405182.0000000007310000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364564894.0000000007320000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364633835.0000000007324000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364663478.0000000007327000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_7310000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: DebugOutputString$#209#212
                                                                                                                                          • String ID: NdfPlayer_Seek IN $NdfPlayer_Seek OUT
                                                                                                                                          • API String ID: 2797552750-728229483
                                                                                                                                          • Opcode ID: 064ff4abb4eec7d83dab8c0eff056c440f2c783eabe206219a474377a33e07ff
                                                                                                                                          • Instruction ID: 195ce27de945f77ec92bb2fc347185563048b8e8f6b5e451e2ffdd5529e9a241
                                                                                                                                          • Opcode Fuzzy Hash: 064ff4abb4eec7d83dab8c0eff056c440f2c783eabe206219a474377a33e07ff
                                                                                                                                          • Instruction Fuzzy Hash: E8F082F67002106BE628EBADD880E5AB7D9FFC8620F144819F58CD3300C320D8459672
                                                                                                                                          Function 073129F0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 33COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • OutputDebugStringA.KERNEL32(NdfPlayer_Pause IN ), ref: 073129FD
                                                                                                                                          • #205.CPKERNEL(00000000), ref: 07312A13
                                                                                                                                          • SDL_PauseAudio.SDL2(00000001), ref: 07312A28
                                                                                                                                          • OutputDebugStringA.KERNEL32 ref: 07312A3F
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3364461439.0000000007311000.00000020.00000001.01000000.00000012.sdmp, Offset: 07310000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3364405182.0000000007310000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364564894.0000000007320000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364633835.0000000007324000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364663478.0000000007327000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_7310000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: DebugOutputString$#205AudioPause
                                                                                                                                          • String ID: NdfPlayer_Pause IN $NdfPlayer_Pause OUT
                                                                                                                                          • API String ID: 3332362702-265158116
                                                                                                                                          • Opcode ID: 27d3700c226a0330d3b74ec4f4b1b704817323e251d9ecc8f23386b4b66c37f1
                                                                                                                                          • Instruction ID: d896e607bbef3ba4c10d94979835824a233fff525fc182858542c6dbdd7774df
                                                                                                                                          • Opcode Fuzzy Hash: 27d3700c226a0330d3b74ec4f4b1b704817323e251d9ecc8f23386b4b66c37f1
                                                                                                                                          • Instruction Fuzzy Hash: BAF0E5F274026057F73896AD5885F4B73D8BBC4271F54002AE98DD3301EA64E44482A2
                                                                                                                                          Function 069A5D30 Relevance: 9.2, APIs: 6, Instructions: 230COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • ?GetID@ID3_Frame@@QBE?AW4ID3_FrameID@@XZ.ID3LIB ref: 069A5DC3
                                                                                                                                          • ?getString@v2@id3@dami@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PBVID3_Frame@@W4ID3_FieldID@@@Z.ID3LIB(?,?,00000005), ref: 069A5DD5
                                                                                                                                          • ??0ID3_Frame@@QAE@W4ID3_FrameID@@@Z.ID3LIB(00000004), ref: 069A5E9F
                                                                                                                                          • ?GetField@ID3_Frame@@QBEPAVID3_Field@@W4ID3_FieldID@@@Z.ID3LIB(0000000A), ref: 069A5F36
                                                                                                                                          • ?GetField@ID3_Frame@@QBEPAVID3_Field@@W4ID3_FieldID@@@Z.ID3LIB(00000005), ref: 069A5F60
                                                                                                                                          • ?GetField@ID3_Frame@@QBEPAVID3_Field@@W4ID3_FieldID@@@Z.ID3LIB(00000002), ref: 069A5F84
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Frame@@$D@@@$Field$Field@Field@@$Frame$?getD@2@@std@@D@std@@String@v2@id3@dami@@U?$char_traits@V?$allocator@V?$basic_string@
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 4041803594-0
                                                                                                                                          • Opcode ID: f04924233285ff48a554be0a3d574cc57f4746c7a22996c28c9a402e16827e0d
                                                                                                                                          • Instruction ID: 114c38ac586fb8fc05bf4d8453b49300452a2ff3915cad26c46f2036fbbbeed3
                                                                                                                                          • Opcode Fuzzy Hash: f04924233285ff48a554be0a3d574cc57f4746c7a22996c28c9a402e16827e0d
                                                                                                                                          • Instruction Fuzzy Hash: 38917DB1B08380AFDBA0DB64C844B2BB7E5BBC8710F61492DE59587690DB70D945CBA3
                                                                                                                                          Function 069A6500 Relevance: 9.2, APIs: 6, Instructions: 228COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • ?GetID@ID3_Frame@@QBE?AW4ID3_FrameID@@XZ.ID3LIB ref: 069A6593
                                                                                                                                          • ?getString@v2@id3@dami@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PBVID3_Frame@@W4ID3_FieldID@@@Z.ID3LIB(?,?,00000005), ref: 069A65A5
                                                                                                                                          • ??0ID3_Frame@@QAE@W4ID3_FrameID@@@Z.ID3LIB(00000054), ref: 069A666D
                                                                                                                                          • ?GetField@ID3_Frame@@QBEPAVID3_Field@@W4ID3_FieldID@@@Z.ID3LIB(0000000A), ref: 069A6700
                                                                                                                                          • ?GetField@ID3_Frame@@QBEPAVID3_Field@@W4ID3_FieldID@@@Z.ID3LIB(00000005), ref: 069A672A
                                                                                                                                          • ?GetField@ID3_Frame@@QBEPAVID3_Field@@W4ID3_FieldID@@@Z.ID3LIB(00000002), ref: 069A674E
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Frame@@$D@@@$Field$Field@Field@@$Frame$?getD@2@@std@@D@std@@String@v2@id3@dami@@U?$char_traits@V?$allocator@V?$basic_string@
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 4041803594-0
                                                                                                                                          • Opcode ID: 6582c3c5dcdd74242a4f17b98d4ea4cc2a8693625dcc5ba30134a5420dc6f637
                                                                                                                                          • Instruction ID: 891ffbf0e76ac950ff241fc6a085a5914759ed7c39a6f8b0c3ad2f057c246783
                                                                                                                                          • Opcode Fuzzy Hash: 6582c3c5dcdd74242a4f17b98d4ea4cc2a8693625dcc5ba30134a5420dc6f637
                                                                                                                                          • Instruction Fuzzy Hash: 1D818BB1A083409FDBA0DF68C880B2BB7E4BBC8710F14492DE59587B81DB30D945CBA3
                                                                                                                                          Function 069A6AC0 Relevance: 9.2, APIs: 6, Instructions: 200COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • ??0ID3_Frame@@QAE@W4ID3_FrameID@@@Z.ID3LIB(0000001C,?,?,?,?,?,?,?,?,?,000000FF), ref: 069A6B7E
                                                                                                                                          • ?GetField@ID3_Frame@@QBEPAVID3_Field@@W4ID3_FieldID@@@Z.ID3LIB(0000000A,0000001C,0000000A), ref: 069A6C0D
                                                                                                                                          • ?GetField@ID3_Frame@@QBEPAVID3_Field@@W4ID3_FieldID@@@Z.ID3LIB(00000005), ref: 069A6C36
                                                                                                                                          • ?GetField@ID3_Frame@@QBEPAVID3_Field@@W4ID3_FieldID@@@Z.ID3LIB(00000016), ref: 069A6C57
                                                                                                                                          • ?GetField@ID3_Frame@@QBEPAVID3_Field@@W4ID3_FieldID@@@Z.ID3LIB(00000017), ref: 069A6C6E
                                                                                                                                          • ?GetField@ID3_Frame@@QBEPAVID3_Field@@W4ID3_FieldID@@@Z.ID3LIB(00000004), ref: 069A6C88
                                                                                                                                            • Part of subcall function 069C2621: _malloc.LIBCMT ref: 069C263B
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: D@@@Frame@@$FieldField@Field@@$Frame_malloc
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 4056554302-0
                                                                                                                                          • Opcode ID: 851e3d418fc3da83a2b38c3cb938acdf43c8c001199044030970dce598a5f618
                                                                                                                                          • Instruction ID: a223d51053d259e31bf1055ac3eb010c023b074b6b79ab96e0fa2fa08ff1af64
                                                                                                                                          • Opcode Fuzzy Hash: 851e3d418fc3da83a2b38c3cb938acdf43c8c001199044030970dce598a5f618
                                                                                                                                          • Instruction Fuzzy Hash: 6A6180B1A08380ABDB94DF58C840A2FB7E5FBC5710F144A2DF59587781DB35D905C7A2
                                                                                                                                          Function 069B1A40 Relevance: 9.2, APIs: 6, Instructions: 178COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • ?openWritableFile@dami@@YA?AW4ID3_Err@@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV?$basic_fstream@DU?$char_traits@D@std@@@4@@Z.ID3LIB(?,?,?,?,?), ref: 069B1AD5
                                                                                                                                          • ?getFileSize@dami@@YAIAAV?$basic_fstream@DU?$char_traits@D@std@@@std@@@Z.ID3LIB(?,?,?,?,?,?), ref: 069B1AE1
                                                                                                                                          • ?createFile@dami@@YA?AW4ID3_Err@@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV?$basic_fstream@DU?$char_traits@D@std@@@4@@Z.ID3LIB(?), ref: 069B1B1C
                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 069B1B7F
                                                                                                                                          • ?getFileSize@dami@@YAIAAV?$basic_fstream@DU?$char_traits@D@std@@@std@@@Z.ID3LIB(?), ref: 069B1C19
                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 069B1CA6
                                                                                                                                            • Part of subcall function 0699272A: ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,985B77AC,?,?,06991087), ref: 06992735
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: U?$char_traits@$V?$basic_fstream@$?get$D@2@@std@@D@std@@D@std@@@4@@D@std@@@std@@@Err@@FileFile@dami@@Ios_base_dtorSize@dami@@V?$allocator@V?$basic_string@std::ios_base::_$?create?openCharEnd@Reader@io@dami@@Writable
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 4040455093-0
                                                                                                                                          • Opcode ID: 9d9ccb525291e6f822343bbf5c18d6166390a5b81a576539c9273ba2e0d13b03
                                                                                                                                          • Instruction ID: c06ee1f2eb75119fd3c12879a4392f7e9a223b902ee8c55b0922904254b7560e
                                                                                                                                          • Opcode Fuzzy Hash: 9d9ccb525291e6f822343bbf5c18d6166390a5b81a576539c9273ba2e0d13b03
                                                                                                                                          • Instruction Fuzzy Hash: 5761F9B19083419BDBB4EF64CD50BABB7E4FF94314F100A2DE4A987681E7319549CBA3
                                                                                                                                          Function 06DC6D16 Relevance: 9.1, APIs: 6, Instructions: 117COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • GetStringTypeW.KERNEL32(00000001,06DC86B0,00000001,?,7591E860,06DCDEA0,?,?,00000002,00000000,?,?,06DC6968,?), ref: 06DC6D55
                                                                                                                                          • GetStringTypeA.KERNEL32(00000000,00000001,06DC86AC,00000001,?,?,?,06DC6968,?), ref: 06DC6D6F
                                                                                                                                          • GetStringTypeA.KERNEL32(?,?,?,00000000,00000002,7591E860,06DCDEA0,?,?,00000002,00000000,?,?,06DC6968,?), ref: 06DC6DA3
                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,06DCDEA1,?,00000000,00000000,00000000,7591E860,06DCDEA0,?,?,00000002,00000000,?,?,06DC6968,?), ref: 06DC6DDB
                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,?), ref: 06DC6E31
                                                                                                                                          • GetStringTypeW.KERNEL32(?,?,00000000,?,?,?), ref: 06DC6E43
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361628266.0000000006DC1000.00000020.00000001.01000000.00000010.sdmp, Offset: 06DC0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361583894.0000000006DC0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361695467.0000000006DC8000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361730827.0000000006DCB000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361760959.0000000006DCD000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361801698.0000000006DCF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6dc0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: StringType$ByteCharMultiWide
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3852931651-0
                                                                                                                                          • Opcode ID: fe46982527612ac5f1f5c9918f293cf5bbc5f52199740bf4b0191bf365521e35
                                                                                                                                          • Instruction ID: 365a5e747d55bf56d8edad84ee0b31fe8a8a3305ddd15a1642200e8bc2cdbfd6
                                                                                                                                          • Opcode Fuzzy Hash: fe46982527612ac5f1f5c9918f293cf5bbc5f52199740bf4b0191bf365521e35
                                                                                                                                          • Instruction Fuzzy Hash: CD413872A0025FAFCF619FA4DC85EAA7F7AEB48660F10442AFA11D7250C334D950DBA1
                                                                                                                                          Function 06DE0AB2 Relevance: 9.1, APIs: 6, Instructions: 117COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • GetStringTypeW.KERNEL32(00000001,06DE2598,00000001,?,7591E860,06DE603C,?,?,00000002,00000000,?,?,06DE05DF,?), ref: 06DE0AF1
                                                                                                                                          • GetStringTypeA.KERNEL32(00000000,00000001,06DE2594,00000001,?,?,?,06DE05DF,?), ref: 06DE0B0B
                                                                                                                                          • GetStringTypeA.KERNEL32(?,?,?,00000000,00000002,7591E860,06DE603C,?,?,00000002,00000000,?,?,06DE05DF,?), ref: 06DE0B3F
                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,06DE603D,?,00000000,00000000,00000000,7591E860,06DE603C,?,?,00000002,00000000,?,?,06DE05DF,?), ref: 06DE0B77
                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,?), ref: 06DE0BCD
                                                                                                                                          • GetStringTypeW.KERNEL32(?,?,00000000,?,?,?), ref: 06DE0BDF
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361849390.0000000006DD1000.00000020.00000001.01000000.00000011.sdmp, Offset: 06DD0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361827332.0000000006DD0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361960118.0000000006DE2000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361980942.0000000006DE5000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3362017883.0000000006DE8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6dd0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: StringType$ByteCharMultiWide
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3852931651-0
                                                                                                                                          • Opcode ID: cd20a94a51cce6a3b5555f0c6729af4df5fe6e7865cb52075217c02a86f15cef
                                                                                                                                          • Instruction ID: f7da0b8e1aad87146d149c3caa671e6dd311ed9827bcc72b29d3a6a3ba784f03
                                                                                                                                          • Opcode Fuzzy Hash: cd20a94a51cce6a3b5555f0c6729af4df5fe6e7865cb52075217c02a86f15cef
                                                                                                                                          • Instruction Fuzzy Hash: 6F419C72A40219FFCF60AF94DC85EAE7B79FB08758F104425FA15D6240C3B1CA61CBA0
                                                                                                                                          Function 06DB3E70 Relevance: 9.1, APIs: 6, Instructions: 104COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • pthread_mutex_timedlock.PTHREADVC2(?,?), ref: 06DB3EBC
                                                                                                                                          • pthread_mutex_timedlock.PTHREADVC2(?,?), ref: 06DB3ED1
                                                                                                                                          • pthread_mutex_unlock.PTHREADVC2(?), ref: 06DB3EE0
                                                                                                                                            • Part of subcall function 06DB38F0: EnterCriticalSection.KERNEL32(06DB8160,?,06DB3BD4,?), ref: 06DB38F8
                                                                                                                                            • Part of subcall function 06DB38F0: pthread_rwlock_init.PTHREADVC2(?,00000000), ref: 06DB390B
                                                                                                                                            • Part of subcall function 06DB38F0: LeaveCriticalSection.KERNEL32(06DB8160), ref: 06DB391A
                                                                                                                                          • ptw32_push_cleanup.PTHREADVC2(?,06DB3940,?), ref: 06DB3F26
                                                                                                                                          • pthread_cond_timedwait.PTHREADVC2(?,?,?), ref: 06DB3F38
                                                                                                                                          • ptw32_pop_cleanup.PTHREADVC2(00000000), ref: 06DB3F55
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361426622.0000000006DB1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 06DB0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361402305.0000000006DB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361483658.0000000006DB6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361523421.0000000006DB8000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361556198.0000000006DB9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6db0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CriticalSectionpthread_mutex_timedlock$EnterLeavepthread_cond_timedwaitpthread_mutex_unlockpthread_rwlock_initptw32_pop_cleanupptw32_push_cleanup
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 645293595-0
                                                                                                                                          • Opcode ID: 2f126d82a164c10b2264fdad7f83941c7f50ca2340e43dfc4dac42285c0d0d92
                                                                                                                                          • Instruction ID: daeabfe8718ed760ad012f9b471ac8996c32aab474543a9dc35b2173ab7c3088
                                                                                                                                          • Opcode Fuzzy Hash: 2f126d82a164c10b2264fdad7f83941c7f50ca2340e43dfc4dac42285c0d0d92
                                                                                                                                          • Instruction Fuzzy Hash: CD318776A00605D7D6B0DF29AC40AAB73F8DF84650B06552DEC57C3608E635FA1CD7A1
                                                                                                                                          Function 06DB3D60 Relevance: 9.1, APIs: 6, Instructions: 99COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • pthread_mutex_lock.PTHREADVC2(?), ref: 06DB3DA7
                                                                                                                                          • pthread_mutex_lock.PTHREADVC2(?), ref: 06DB3DBB
                                                                                                                                          • pthread_mutex_unlock.PTHREADVC2(?), ref: 06DB3DCA
                                                                                                                                            • Part of subcall function 06DB38F0: EnterCriticalSection.KERNEL32(06DB8160,?,06DB3BD4,?), ref: 06DB38F8
                                                                                                                                            • Part of subcall function 06DB38F0: pthread_rwlock_init.PTHREADVC2(?,00000000), ref: 06DB390B
                                                                                                                                            • Part of subcall function 06DB38F0: LeaveCriticalSection.KERNEL32(06DB8160), ref: 06DB391A
                                                                                                                                          • ptw32_push_cleanup.PTHREADVC2(?,06DB3940,?), ref: 06DB3E10
                                                                                                                                          • pthread_cond_wait.PTHREADVC2(?,?), ref: 06DB3E1D
                                                                                                                                          • ptw32_pop_cleanup.PTHREADVC2(00000000), ref: 06DB3E3A
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361426622.0000000006DB1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 06DB0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361402305.0000000006DB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361483658.0000000006DB6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361523421.0000000006DB8000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361556198.0000000006DB9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6db0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CriticalSectionpthread_mutex_lock$EnterLeavepthread_cond_waitpthread_mutex_unlockpthread_rwlock_initptw32_pop_cleanupptw32_push_cleanup
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 707912094-0
                                                                                                                                          • Opcode ID: 76941c8f7f13adb197fcc6758b85d7b4f07b5ccdfc218ab3b992a4e59dec970f
                                                                                                                                          • Instruction ID: a0625cfcabe7eec4255301b17de208300c8e17189277a4436e183410ac58cd38
                                                                                                                                          • Opcode Fuzzy Hash: 76941c8f7f13adb197fcc6758b85d7b4f07b5ccdfc218ab3b992a4e59dec970f
                                                                                                                                          • Instruction Fuzzy Hash: E321A976E00701D7D6B09B25BC416EB73E8DF84960B461A39DD67C3708E725F90C97A2
                                                                                                                                          Function 06DB40E0 Relevance: 9.1, APIs: 6, Instructions: 92COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • pthread_mutex_trylock.PTHREADVC2(?), ref: 06DB4124
                                                                                                                                          • pthread_mutex_trylock.PTHREADVC2(?), ref: 06DB4138
                                                                                                                                          • pthread_mutex_unlock.PTHREADVC2(?), ref: 06DB4147
                                                                                                                                            • Part of subcall function 06DB38F0: EnterCriticalSection.KERNEL32(06DB8160,?,06DB3BD4,?), ref: 06DB38F8
                                                                                                                                            • Part of subcall function 06DB38F0: pthread_rwlock_init.PTHREADVC2(?,00000000), ref: 06DB390B
                                                                                                                                            • Part of subcall function 06DB38F0: LeaveCriticalSection.KERNEL32(06DB8160), ref: 06DB391A
                                                                                                                                          • pthread_mutex_unlock.PTHREADVC2(?), ref: 06DB417E
                                                                                                                                          • pthread_mutex_unlock.PTHREADVC2(?), ref: 06DB418D
                                                                                                                                          • pthread_mutex_unlock.PTHREADVC2(?), ref: 06DB419B
                                                                                                                                            • Part of subcall function 06DB3360: InterlockedExchange.KERNEL32(?,00000000), ref: 06DB3376
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361426622.0000000006DB1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 06DB0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361402305.0000000006DB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361483658.0000000006DB6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361523421.0000000006DB8000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361556198.0000000006DB9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6db0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: pthread_mutex_unlock$CriticalSectionpthread_mutex_trylock$EnterExchangeInterlockedLeavepthread_rwlock_init
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 942081579-0
                                                                                                                                          • Opcode ID: 2c78ef0b46a2a6ff6848ed4ed21944674afd7cdbe0c4382aac00cc5b1f0b0263
                                                                                                                                          • Instruction ID: 126c2daf02da05f5a3178ede8eda73b8e4c38fef02b8658a1de7ad53763bb5b5
                                                                                                                                          • Opcode Fuzzy Hash: 2c78ef0b46a2a6ff6848ed4ed21944674afd7cdbe0c4382aac00cc5b1f0b0263
                                                                                                                                          • Instruction Fuzzy Hash: 7721C1B6F0061087D6B0DB2DAD406DB63E4DB902E1B1D1939E927C730EEB21E82493A1
                                                                                                                                          Function 06DB4AB0 Relevance: 9.1, APIs: 6, Instructions: 87COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • pthread_mutex_lock.PTHREADVC2(?,?,?,?,?,06DB1B97,?,?), ref: 06DB4AD7
                                                                                                                                          • pthread_mutex_unlock.PTHREADVC2(?), ref: 06DB4AF0
                                                                                                                                            • Part of subcall function 06DB3360: InterlockedExchange.KERNEL32(?,00000000), ref: 06DB3376
                                                                                                                                          • ReleaseSemaphore.KERNEL32(00000000,?,00000000), ref: 06DB4B26
                                                                                                                                          • pthread_mutex_unlock.PTHREADVC2(?), ref: 06DB4B47
                                                                                                                                          • _errno.MSVCRT ref: 06DB4B53
                                                                                                                                          • _errno.MSVCRT ref: 06DB4B68
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361426622.0000000006DB1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 06DB0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361402305.0000000006DB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361483658.0000000006DB6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361523421.0000000006DB8000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361556198.0000000006DB9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6db0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: _errnopthread_mutex_unlock$ExchangeInterlockedReleaseSemaphorepthread_mutex_lock
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 626336619-0
                                                                                                                                          • Opcode ID: 10f76fed56ddbd5d3a6c353a62d5765fb5e067c1386603a0572817a508f8f432
                                                                                                                                          • Instruction ID: 29ecbbd27c13df8f48cda70dd95957f78bf66aba16602de48215b12aee77af2b
                                                                                                                                          • Opcode Fuzzy Hash: 10f76fed56ddbd5d3a6c353a62d5765fb5e067c1386603a0572817a508f8f432
                                                                                                                                          • Instruction Fuzzy Hash: 9221AC72B04205CBDB50DFADAC8479AB3D9EB84231F182A3AE766C7389DB31D8049751
                                                                                                                                          Function 06DB3C80 Relevance: 9.1, APIs: 6, Instructions: 84COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • pthread_mutex_timedlock.PTHREADVC2(?,?), ref: 06DB3CC9
                                                                                                                                          • pthread_mutex_timedlock.PTHREADVC2(?,?), ref: 06DB3CEA
                                                                                                                                          • pthread_mutex_unlock.PTHREADVC2(?), ref: 06DB3D04
                                                                                                                                            • Part of subcall function 06DB38F0: EnterCriticalSection.KERNEL32(06DB8160,?,06DB3BD4,?), ref: 06DB38F8
                                                                                                                                            • Part of subcall function 06DB38F0: pthread_rwlock_init.PTHREADVC2(?,00000000), ref: 06DB390B
                                                                                                                                            • Part of subcall function 06DB38F0: LeaveCriticalSection.KERNEL32(06DB8160), ref: 06DB391A
                                                                                                                                          • pthread_mutex_unlock.PTHREADVC2 ref: 06DB3D25
                                                                                                                                          • pthread_mutex_unlock.PTHREADVC2(?), ref: 06DB3D34
                                                                                                                                          • pthread_mutex_unlock.PTHREADVC2(?), ref: 06DB3D43
                                                                                                                                            • Part of subcall function 06DB3360: InterlockedExchange.KERNEL32(?,00000000), ref: 06DB3376
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361426622.0000000006DB1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 06DB0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361402305.0000000006DB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361483658.0000000006DB6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361523421.0000000006DB8000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361556198.0000000006DB9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6db0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: pthread_mutex_unlock$CriticalSectionpthread_mutex_timedlock$EnterExchangeInterlockedLeavepthread_rwlock_init
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2249298169-0
                                                                                                                                          • Opcode ID: 5c5469fe4c8500c98d0416e0eef77cd9ebe17cd0a61ec6f2bee362e77ac9c64d
                                                                                                                                          • Instruction ID: 046c4ccf2328c77216a794bb141b1c82049c3319c2667034f9f214942fafed91
                                                                                                                                          • Opcode Fuzzy Hash: 5c5469fe4c8500c98d0416e0eef77cd9ebe17cd0a61ec6f2bee362e77ac9c64d
                                                                                                                                          • Instruction Fuzzy Hash: 30210BB2E04610CBDAB05B58BC805DBB3E8DFC0A31B16553DE967C6204D724E819A6B2
                                                                                                                                          Function 06DB3BB0 Relevance: 9.1, APIs: 6, Instructions: 78COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • pthread_mutex_lock.PTHREADVC2(?), ref: 06DB3BF0
                                                                                                                                          • pthread_mutex_lock.PTHREADVC2(?), ref: 06DB3C10
                                                                                                                                          • pthread_mutex_unlock.PTHREADVC2(?), ref: 06DB3C1F
                                                                                                                                            • Part of subcall function 06DB38F0: EnterCriticalSection.KERNEL32(06DB8160,?,06DB3BD4,?), ref: 06DB38F8
                                                                                                                                            • Part of subcall function 06DB38F0: pthread_rwlock_init.PTHREADVC2(?,00000000), ref: 06DB390B
                                                                                                                                            • Part of subcall function 06DB38F0: LeaveCriticalSection.KERNEL32(06DB8160), ref: 06DB391A
                                                                                                                                          • pthread_mutex_unlock.PTHREADVC2 ref: 06DB3C40
                                                                                                                                          • pthread_mutex_unlock.PTHREADVC2(?,?), ref: 06DB3C4F
                                                                                                                                          • pthread_mutex_unlock.PTHREADVC2(?), ref: 06DB3C5E
                                                                                                                                            • Part of subcall function 06DB3360: InterlockedExchange.KERNEL32(?,00000000), ref: 06DB3376
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361426622.0000000006DB1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 06DB0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361402305.0000000006DB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361483658.0000000006DB6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361523421.0000000006DB8000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361556198.0000000006DB9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6db0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: pthread_mutex_unlock$CriticalSectionpthread_mutex_lock$EnterExchangeInterlockedLeavepthread_rwlock_init
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3719208998-0
                                                                                                                                          • Opcode ID: c927d135a830e7d5bf0f1b80c0d356d744015613d20c2093fd2d666cf48b9e9a
                                                                                                                                          • Instruction ID: 1f29e1427564b8ab1edece839332e480ebbacb9ab3416760deb003f55c9572b8
                                                                                                                                          • Opcode Fuzzy Hash: c927d135a830e7d5bf0f1b80c0d356d744015613d20c2093fd2d666cf48b9e9a
                                                                                                                                          • Instruction Fuzzy Hash: D71129B6F00720CBD6A05BADAC809DFA3D4DF80531B161539E96BC3308E735E419A2A3
                                                                                                                                          Function 06DB4010 Relevance: 9.1, APIs: 6, Instructions: 78COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • pthread_mutex_trylock.PTHREADVC2(?), ref: 06DB4050
                                                                                                                                          • pthread_mutex_lock.PTHREADVC2(?), ref: 06DB4070
                                                                                                                                          • pthread_mutex_unlock.PTHREADVC2(?), ref: 06DB407F
                                                                                                                                            • Part of subcall function 06DB38F0: EnterCriticalSection.KERNEL32(06DB8160,?,06DB3BD4,?), ref: 06DB38F8
                                                                                                                                            • Part of subcall function 06DB38F0: pthread_rwlock_init.PTHREADVC2(?,00000000), ref: 06DB390B
                                                                                                                                            • Part of subcall function 06DB38F0: LeaveCriticalSection.KERNEL32(06DB8160), ref: 06DB391A
                                                                                                                                          • pthread_mutex_unlock.PTHREADVC2 ref: 06DB40A0
                                                                                                                                          • pthread_mutex_unlock.PTHREADVC2(?,?), ref: 06DB40AF
                                                                                                                                          • pthread_mutex_unlock.PTHREADVC2(?), ref: 06DB40BE
                                                                                                                                            • Part of subcall function 06DB3360: InterlockedExchange.KERNEL32(?,00000000), ref: 06DB3376
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361426622.0000000006DB1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 06DB0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361402305.0000000006DB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361483658.0000000006DB6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361523421.0000000006DB8000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361556198.0000000006DB9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6db0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: pthread_mutex_unlock$CriticalSection$EnterExchangeInterlockedLeavepthread_mutex_lockpthread_mutex_trylockpthread_rwlock_init
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 247686806-0
                                                                                                                                          • Opcode ID: 32926426fc5634f5d82ff9e1e83358fdac472ba3d483583f0eade4f4814df8b2
                                                                                                                                          • Instruction ID: a1441155b49019bd2978768263f83d31abe1699e5af7f58073b5b2b828171652
                                                                                                                                          • Opcode Fuzzy Hash: 32926426fc5634f5d82ff9e1e83358fdac472ba3d483583f0eade4f4814df8b2
                                                                                                                                          • Instruction Fuzzy Hash: C9110AB2E00610CBD6B09B6EAC806DB63D4DF50135F141639E927C338BDB25E40596B3
                                                                                                                                          Function 06DB2CB0 Relevance: 9.1, APIs: 6, Instructions: 75COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • pthread_self.PTHREADVC2(-00000001,?,?,?,06DB4870,?,?,?,?), ref: 06DB2CC2
                                                                                                                                            • Part of subcall function 06DB2A40: pthread_getspecific.PTHREADVC2(01BF0578,00000000,5604C483,?,06DB3435), ref: 06DB2A49
                                                                                                                                          • WaitForMultipleObjects.KERNEL32(00000001,-00000001,00000000,?), ref: 06DB2CFF
                                                                                                                                          • ResetEvent.KERNEL32(00000000), ref: 06DB2D2D
                                                                                                                                          • pthread_mutex_lock.PTHREADVC2(00000030), ref: 06DB2D3B
                                                                                                                                          • pthread_mutex_unlock.PTHREADVC2(00000030,?,?,?,06DB4870), ref: 06DB2D5A
                                                                                                                                          • pthread_mutex_unlock.PTHREADVC2(00000030,?,?,?,06DB4870,?,?,?,?), ref: 06DB2D6A
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361426622.0000000006DB1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 06DB0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361402305.0000000006DB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361483658.0000000006DB6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361523421.0000000006DB8000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361556198.0000000006DB9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6db0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: pthread_mutex_unlock$EventMultipleObjectsResetWaitpthread_getspecificpthread_mutex_lockpthread_self
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1621130096-0
                                                                                                                                          • Opcode ID: 45c444aef43ec344f0339f9dec63601af89b2e7dd32d51160aaf948c21496393
                                                                                                                                          • Instruction ID: 1c55cd8601809a65ff4025a8c35d1903135cbf2902c66e2ff5abd135c8297ba6
                                                                                                                                          • Opcode Fuzzy Hash: 45c444aef43ec344f0339f9dec63601af89b2e7dd32d51160aaf948c21496393
                                                                                                                                          • Instruction Fuzzy Hash: 1221A472A05610DBE3A0AF2DED457BBB7E4FF80B10F44592DE49687244E234E6048792
                                                                                                                                          Function 06DB4A00 Relevance: 9.1, APIs: 6, Instructions: 74COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • _errno.MSVCRT ref: 06DB4A14
                                                                                                                                          • pthread_mutex_lock.PTHREADVC2(00000004,?,00000000,00000000,00000010,06DB22D6,00000010), ref: 06DB4A28
                                                                                                                                          • pthread_mutex_unlock.PTHREADVC2(00000004,00000010), ref: 06DB4A3D
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361426622.0000000006DB1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 06DB0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361402305.0000000006DB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361483658.0000000006DB6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361523421.0000000006DB8000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361556198.0000000006DB9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6db0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: _errnopthread_mutex_lockpthread_mutex_unlock
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1639020901-0
                                                                                                                                          • Opcode ID: 27026621dd0111698e1a9c43f7b3ce14a0aece0cf713349bf9c52fdb88f817c9
                                                                                                                                          • Instruction ID: 2a32f6369998596e03e933b91e26c548626d342f9d9186f77cf7d1bc903ead4c
                                                                                                                                          • Opcode Fuzzy Hash: 27026621dd0111698e1a9c43f7b3ce14a0aece0cf713349bf9c52fdb88f817c9
                                                                                                                                          • Instruction Fuzzy Hash: 8811E277604204DBD7A08B69AC40BC773D8EB80276F252635E66BC7389D731D4449BA0
                                                                                                                                          Function 06DB4FE0 Relevance: 9.1, APIs: 6, Instructions: 73COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • EnterCriticalSection.KERNEL32(06DB80E0), ref: 06DB4FE8
                                                                                                                                          • LeaveCriticalSection.KERNEL32(06DB80E0), ref: 06DB5019
                                                                                                                                          • pthread_self.PTHREADVC2 ref: 06DB5023
                                                                                                                                          • pthread_equal.PTHREADVC2(00000000,?,?,?), ref: 06DB5039
                                                                                                                                          • pthreadCancelableWait.PTHREADVC2(?), ref: 06DB5052
                                                                                                                                          • pthread_detach.PTHREADVC2(?,?), ref: 06DB506D
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361426622.0000000006DB1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 06DB0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361402305.0000000006DB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361483658.0000000006DB6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361523421.0000000006DB8000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361556198.0000000006DB9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6db0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CriticalSection$CancelableEnterLeaveWaitpthreadpthread_detachpthread_equalpthread_self
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3376135807-0
                                                                                                                                          • Opcode ID: 0e7453376b9273cc27868b0391bea1c87970731d2df1f6d3e1d95ada99f4d480
                                                                                                                                          • Instruction ID: bb55bc4e127fdcd0f238196198ab094dcab24b6dce0eb97b4616bcca187134e8
                                                                                                                                          • Opcode Fuzzy Hash: 0e7453376b9273cc27868b0391bea1c87970731d2df1f6d3e1d95ada99f4d480
                                                                                                                                          • Instruction Fuzzy Hash: B711A3B7F00211EBD6A0AE5BFC84EAA63ACDBC46A6F041166F956C7209D311EC0496F1
                                                                                                                                          Function 069AAB00 Relevance: 9.1, APIs: 6, Instructions: 71COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • ?ID3_RemovePictures@@YAIPAVID3_Tag@@@Z.ID3LIB(?,?,?,?,?,?,6E79B076,?,?,?,069F736B,000000FF), ref: 069AAB38
                                                                                                                                          • ?Find@ID3_Tag@@QBEPAVID3_Frame@@W4ID3_FrameID@@@Z.ID3LIB(00000002,?,?,?,?,?,6E79B076,?,?,?,069F736B,000000FF), ref: 069AAB46
                                                                                                                                          • ??0ID3_Frame@@QAE@W4ID3_FrameID@@@Z.ID3LIB(00000002,?,?,?,?,?,?,000000FF), ref: 069AAB6D
                                                                                                                                          • ?GetField@ID3_Frame@@QBEPAVID3_Field@@W4ID3_FieldID@@@Z.ID3LIB(00000004,?,?,?,?,?,?,000000FF), ref: 069AAB88
                                                                                                                                          • ?GetField@ID3_Frame@@QBEPAVID3_Field@@W4ID3_FieldID@@@Z.ID3LIB(0000000D,?,?,?,?,?,?,000000FF), ref: 069AAB9F
                                                                                                                                          • ?AttachFrame@ID3_Tag@@QAE_NPAVID3_Frame@@@Z.ID3LIB(00000000,?,?,?,?,?,?,000000FF), ref: 069AABB5
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: D@@@Frame@@$FieldField@Field@@FrameTag@@$AttachFind@Frame@Frame@@@Pictures@@RemoveTag@@@
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2581498280-0
                                                                                                                                          • Opcode ID: 5e76873c26e6e80c902751781eefe7ad88d55288d695a965063055ec5b3c53f3
                                                                                                                                          • Instruction ID: 99c255025a0f8e6e79fca91fb39c42f62105b90e1e6337891f27e05bc0efcb77
                                                                                                                                          • Opcode Fuzzy Hash: 5e76873c26e6e80c902751781eefe7ad88d55288d695a965063055ec5b3c53f3
                                                                                                                                          • Instruction Fuzzy Hash: 6621D471B08311ABDB84DB689840B3FB3D6ABC8A10F10461DE9169B7C0DA74DD01C7E2
                                                                                                                                          Function 06DB4380 Relevance: 9.1, APIs: 6, Instructions: 67threadCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • sched_get_priority_min.PTHREADVC2(06DB2875,00000000,00000000,06DB2875,00000000,?,00000000,?), ref: 06DB438F
                                                                                                                                          • sched_get_priority_max.PTHREADVC2(06DB2875,?), ref: 06DB43A0
                                                                                                                                          • pthread_mutex_lock.PTHREADVC2(?,00000000,00000000,?,?), ref: 06DB43DC
                                                                                                                                          • SetThreadPriority.KERNEL32(?,?,00000000,?,?), ref: 06DB43F3
                                                                                                                                          • pthread_mutex_unlock.PTHREADVC2(?,?,?), ref: 06DB4403
                                                                                                                                          • pthread_mutex_unlock.PTHREADVC2(?,?,?), ref: 06DB4416
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361426622.0000000006DB1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 06DB0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361402305.0000000006DB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361483658.0000000006DB6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361523421.0000000006DB8000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361556198.0000000006DB9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6db0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: pthread_mutex_unlock$PriorityThreadpthread_mutex_locksched_get_priority_maxsched_get_priority_min
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3560268452-0
                                                                                                                                          • Opcode ID: bff2cbbfddd73d82bdba8379ede433f91f7350577205c28b8679db1eef51dda3
                                                                                                                                          • Instruction ID: a634ce8df2bebda93e39314854b1cb4ce0d6a94ecdc1cd777b225372fc2bfa29
                                                                                                                                          • Opcode Fuzzy Hash: bff2cbbfddd73d82bdba8379ede433f91f7350577205c28b8679db1eef51dda3
                                                                                                                                          • Instruction Fuzzy Hash: 3011E673904214DAD690AE1D7C800DBF3D8EB84134F051236E9679334AE671E82546E3
                                                                                                                                          Function 06DB4D50 Relevance: 9.1, APIs: 6, Instructions: 67COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • pthread_mutex_destroy.PTHREADVC2(?), ref: 06DB4D79
                                                                                                                                            • Part of subcall function 06DB2F00: pthread_mutex_trylock.PTHREADVC2(00000000,00000004,00000000,06DB4631,00000004), ref: 06DB2F1C
                                                                                                                                          • free.MSVCRT ref: 06DB4D8E
                                                                                                                                          • InterlockedCompareExchange.KERNEL32(?,00000000,00000001), ref: 06DB4DA2
                                                                                                                                          • EnterCriticalSection.KERNEL32(06DB8140), ref: 06DB4DBD
                                                                                                                                          • LeaveCriticalSection.KERNEL32(06DB8140), ref: 06DB4DD3
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361426622.0000000006DB1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 06DB0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361402305.0000000006DB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361483658.0000000006DB6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361523421.0000000006DB8000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361556198.0000000006DB9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6db0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CriticalSection$CompareEnterExchangeInterlockedLeavefreepthread_mutex_destroypthread_mutex_trylock
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3182690364-0
                                                                                                                                          • Opcode ID: 5d1d9a42680f693d3b0c0759b54caf6ff6c0381f520dbb2327826b7122d5ea1e
                                                                                                                                          • Instruction ID: a8ffb54b1f5690694a6c7e4042a21cd82e402955ae07b6d4b2782d0d57203639
                                                                                                                                          • Opcode Fuzzy Hash: 5d1d9a42680f693d3b0c0759b54caf6ff6c0381f520dbb2327826b7122d5ea1e
                                                                                                                                          • Instruction Fuzzy Hash: CF118272B02211DBD7A05F9EBC847C6F799EF84737F181136F612C628DD3A1C8149691
                                                                                                                                          Function 06DB4F20 Relevance: 9.1, APIs: 6, Instructions: 67synchronizationCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • EnterCriticalSection.KERNEL32(06DB80E0), ref: 06DB4F30
                                                                                                                                          • pthread_mutex_lock.PTHREADVC2(?), ref: 06DB4F60
                                                                                                                                          • pthread_mutex_unlock.PTHREADVC2(?), ref: 06DB4F78
                                                                                                                                          • LeaveCriticalSection.KERNEL32(06DB80E0), ref: 06DB4FA0
                                                                                                                                          • WaitForSingleObject.KERNEL32(?,000000FF), ref: 06DB4FB8
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361426622.0000000006DB1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 06DB0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361402305.0000000006DB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361483658.0000000006DB6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361523421.0000000006DB8000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361556198.0000000006DB9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6db0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CriticalSection$EnterLeaveObjectSingleWaitpthread_mutex_lockpthread_mutex_unlock
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3841329263-0
                                                                                                                                          • Opcode ID: 5f62f099fc621345b31c4779633dd7193f8c2c494c569ef44cea3221169fe6d5
                                                                                                                                          • Instruction ID: 6bd6e03f7de2c26f2c3d7865f5493821e52bcec9eb0d18fba1ceb49fe78fc666
                                                                                                                                          • Opcode Fuzzy Hash: 5f62f099fc621345b31c4779633dd7193f8c2c494c569ef44cea3221169fe6d5
                                                                                                                                          • Instruction Fuzzy Hash: 9D11B671A04301DFD3A0DF56DD809AB77E9FB88251B10291DF55B8374EE731E8048762
                                                                                                                                          Function 06DB4720 Relevance: 9.1, APIs: 6, Instructions: 63COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361426622.0000000006DB1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 06DB0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361402305.0000000006DB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361483658.0000000006DB6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361523421.0000000006DB8000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361556198.0000000006DB9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6db0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: _errno$pthread_mutex_lockpthread_mutex_unlock
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 13973360-0
                                                                                                                                          • Opcode ID: 79d7b901482f45f86a5dd3de29318c51b74184a5841bf8087cd8b1a2275267b7
                                                                                                                                          • Instruction ID: a659ea4149cbb8d5fdb5642d2d32862f41f2759838dcddf529caafa4320de7fd
                                                                                                                                          • Opcode Fuzzy Hash: 79d7b901482f45f86a5dd3de29318c51b74184a5841bf8087cd8b1a2275267b7
                                                                                                                                          • Instruction Fuzzy Hash: 0C01A1B7A00204DBD7A09B6EBC4029B73E4EF81272F156636E626C7389D771D44496A1
                                                                                                                                          Function 06DB1CC0 Relevance: 9.1, APIs: 6, Instructions: 59synchronizationCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • pthread_self.PTHREADVC2 ref: 06DB1CC5
                                                                                                                                            • Part of subcall function 06DB2A40: pthread_getspecific.PTHREADVC2(01BF0578,00000000,5604C483,?,06DB3435), ref: 06DB2A49
                                                                                                                                          • pthread_mutex_lock.PTHREADVC2(00000030), ref: 06DB1CE6
                                                                                                                                          • WaitForSingleObject.KERNEL32(?,?), ref: 06DB1D0E
                                                                                                                                          • ResetEvent.KERNEL32(?,?,?,?,?,?,?,?), ref: 06DB1D2A
                                                                                                                                          • pthread_mutex_unlock.PTHREADVC2(00000030,?,?,?,?,?,?,?,?), ref: 06DB1D31
                                                                                                                                          • pthread_mutex_unlock.PTHREADVC2(00000030), ref: 06DB1D41
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361426622.0000000006DB1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 06DB0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361402305.0000000006DB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361483658.0000000006DB6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361523421.0000000006DB8000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361556198.0000000006DB9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6db0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: pthread_mutex_unlock$EventObjectResetSingleWaitpthread_getspecificpthread_mutex_lockpthread_self
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1031770717-0
                                                                                                                                          • Opcode ID: a798f532a4aaec02b6adb73ce19801767bc7984411b90ac77919b01280c9f621
                                                                                                                                          • Instruction ID: ea8238d00f3471dd66a2261105e5cc7e4e51dc61c6bdf024204b11e81c67419a
                                                                                                                                          • Opcode Fuzzy Hash: a798f532a4aaec02b6adb73ce19801767bc7984411b90ac77919b01280c9f621
                                                                                                                                          • Instruction Fuzzy Hash: 871173B1A00700CBD3A0AB59ADD06AB73A8FF84A05F44242CE94796704D775F4089BA2
                                                                                                                                          Function 06DB1C20 Relevance: 9.1, APIs: 6, Instructions: 59synchronizationCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • pthread_self.PTHREADVC2 ref: 06DB1C25
                                                                                                                                            • Part of subcall function 06DB2A40: pthread_getspecific.PTHREADVC2(01BF0578,00000000,5604C483,?,06DB3435), ref: 06DB2A49
                                                                                                                                          • pthread_mutex_lock.PTHREADVC2(00000030), ref: 06DB1C46
                                                                                                                                          • WaitForSingleObject.KERNEL32(?,?), ref: 06DB1C6E
                                                                                                                                          • ResetEvent.KERNEL32(?,?,?,?,?,?,?,?), ref: 06DB1C8A
                                                                                                                                          • pthread_mutex_unlock.PTHREADVC2(00000030,?,?,?,?,?,?,?,?), ref: 06DB1C91
                                                                                                                                          • pthread_mutex_unlock.PTHREADVC2(00000030), ref: 06DB1CA1
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361426622.0000000006DB1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 06DB0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361402305.0000000006DB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361483658.0000000006DB6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361523421.0000000006DB8000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361556198.0000000006DB9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6db0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: pthread_mutex_unlock$EventObjectResetSingleWaitpthread_getspecificpthread_mutex_lockpthread_self
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1031770717-0
                                                                                                                                          • Opcode ID: fb90c08347f4894a592873862bebafdbff910da76218d97c9a1c674e993da092
                                                                                                                                          • Instruction ID: aece4030d0443a04d6016faf1753579cadebd0770f7696fda152c1455e20abf0
                                                                                                                                          • Opcode Fuzzy Hash: fb90c08347f4894a592873862bebafdbff910da76218d97c9a1c674e993da092
                                                                                                                                          • Instruction Fuzzy Hash: 85118671A11700CBC7E0AF29DD91B97B7E8BF80A50F44242CD54787708E635F4189BA1
                                                                                                                                          Function 06DC39B5 Relevance: 9.1, APIs: 6, Instructions: 56memoryCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • VirtualFree.KERNEL32(0000000C,00100000,00004000,?,?,?,?,06DC36E4,06DC3738,?,?,?), ref: 06DC39ED
                                                                                                                                          • VirtualFree.KERNEL32(0000000C,00000000,00008000,?,?,?,?,06DC36E4,06DC3738,?,?,?), ref: 06DC39F8
                                                                                                                                          • HeapFree.KERNEL32(00000000,?,?,?,?,?,06DC36E4,06DC3738,?,?,?), ref: 06DC3A05
                                                                                                                                          • HeapFree.KERNEL32(00000000,?,?,?,?,06DC36E4,06DC3738,?,?,?), ref: 06DC3A21
                                                                                                                                          • VirtualFree.KERNEL32(?,00000000,00008000,?,?,06DC36E4,06DC3738,?,?,?), ref: 06DC3A42
                                                                                                                                          • HeapDestroy.KERNEL32(?,?,06DC36E4,06DC3738,?,?,?), ref: 06DC3A54
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361628266.0000000006DC1000.00000020.00000001.01000000.00000010.sdmp, Offset: 06DC0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361583894.0000000006DC0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361695467.0000000006DC8000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361730827.0000000006DCB000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361760959.0000000006DCD000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361801698.0000000006DCF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6dc0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Free$HeapVirtual$Destroy
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 716807051-0
                                                                                                                                          • Opcode ID: 0e30658bfa532c391527b14de4b79c0f25d34af50bec1a396436644e2941a474
                                                                                                                                          • Instruction ID: 9f273997a747c1b4952f925ef48434b3c8ad5e7831444cececd29d1bd1be1e78
                                                                                                                                          • Opcode Fuzzy Hash: 0e30658bfa532c391527b14de4b79c0f25d34af50bec1a396436644e2941a474
                                                                                                                                          • Instruction Fuzzy Hash: F011ED7168020FABDA718F11EC86F01B762FB80770F228018F785A32A0C636EC10EB54
                                                                                                                                          Function 06DDC532 Relevance: 9.1, APIs: 6, Instructions: 56memoryCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • VirtualFree.KERNEL32(?,00100000,00004000,?,?,?,?,06DDC261,06DDC2B5,?,?,?), ref: 06DDC56A
                                                                                                                                          • VirtualFree.KERNEL32(?,00000000,00008000,?,?,?,?,06DDC261,06DDC2B5,?,?,?), ref: 06DDC575
                                                                                                                                          • HeapFree.KERNEL32(00000000,?,?,?,?,?,06DDC261,06DDC2B5,?,?,?), ref: 06DDC582
                                                                                                                                          • HeapFree.KERNEL32(00000000,?,?,?,?,06DDC261,06DDC2B5,?,?,?), ref: 06DDC59E
                                                                                                                                          • VirtualFree.KERNEL32(?,00000000,00008000,?,?,06DDC261,06DDC2B5,?,?,?), ref: 06DDC5BF
                                                                                                                                          • HeapDestroy.KERNEL32(?,?,06DDC261,06DDC2B5,?,?,?), ref: 06DDC5D1
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361849390.0000000006DD1000.00000020.00000001.01000000.00000011.sdmp, Offset: 06DD0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361827332.0000000006DD0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361960118.0000000006DE2000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361980942.0000000006DE5000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3362017883.0000000006DE8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6dd0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Free$HeapVirtual$Destroy
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 716807051-0
                                                                                                                                          • Opcode ID: b2e099e0f5d7c8b6f8b646667930c1d7572c85d9facdc687ac6d33219c52106d
                                                                                                                                          • Instruction ID: 8a29aabb3cbd82040ab82a9511df2ef844fe8fbe1afabbdddf63084e45e7d3f0
                                                                                                                                          • Opcode Fuzzy Hash: b2e099e0f5d7c8b6f8b646667930c1d7572c85d9facdc687ac6d33219c52106d
                                                                                                                                          • Instruction Fuzzy Hash: 9511AD32610200ABDBF1BF55EC81F2577ABF740720F210454FB50AB290C6A2BD11CF68
                                                                                                                                          Function 06DB15F0 Relevance: 9.1, APIs: 6, Instructions: 55COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • _errno.MSVCRT ref: 06DB1604
                                                                                                                                          • pthread_mutex_lock.PTHREADVC2(?,?,?,?,?,06DB1BA6,?), ref: 06DB1618
                                                                                                                                          • pthread_mutex_unlock.PTHREADVC2(?), ref: 06DB162D
                                                                                                                                          • _errno.MSVCRT ref: 06DB1635
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361426622.0000000006DB1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 06DB0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361402305.0000000006DB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361483658.0000000006DB6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361523421.0000000006DB8000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361556198.0000000006DB9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6db0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: _errno$pthread_mutex_lockpthread_mutex_unlock
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 13973360-0
                                                                                                                                          • Opcode ID: 9d1fbea0866d4e68f56eb588915db4f9e6df22844081b2830655525103677982
                                                                                                                                          • Instruction ID: ee90f459a18e3fd371df55a39d0d809c4df86f8a81e1deddf62d966f674a17a0
                                                                                                                                          • Opcode Fuzzy Hash: 9d1fbea0866d4e68f56eb588915db4f9e6df22844081b2830655525103677982
                                                                                                                                          • Instruction Fuzzy Hash: E301D4B2604204DBDB605FAABCC46DB73A8EF85331F04573AE62687384DB31E44496A1
                                                                                                                                          Function 069AA240 Relevance: 9.1, APIs: 6, Instructions: 55COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • ?Find@ID3_Tag@@QBEPAVID3_Frame@@W4ID3_FrameID@@W4ID3_FieldID@@PBD@Z.ID3LIB(0000001C,0000000A,?), ref: 069AA252
                                                                                                                                          • ?Find@ID3_Tag@@QBEPAVID3_Frame@@W4ID3_FrameID@@W4ID3_FieldID@@PBD@Z.ID3LIB(0000001C,00000005,?), ref: 069AA266
                                                                                                                                          • ?GetField@ID3_Frame@@QBEPAVID3_Field@@W4ID3_FieldID@@@Z.ID3LIB(00000016,0000001C), ref: 069AA280
                                                                                                                                          • ?GetField@ID3_Frame@@QBEPAVID3_Field@@W4ID3_FieldID@@@Z.ID3LIB(00000017), ref: 069AA298
                                                                                                                                          • ?GetField@ID3_Frame@@QBEPAVID3_Field@@W4ID3_FieldID@@@Z.ID3LIB(00000004), ref: 069AA2B0
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: FieldFrame@@$D@@@Field@Field@@$Find@FrameTag@@
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2185247572-0
                                                                                                                                          • Opcode ID: b8d30e408a22f83ee8f934485c261ab71b7d646d8df567243c4ceb45ceba57d3
                                                                                                                                          • Instruction ID: c78b3302ccea53704d90e7b161c4d3cef1389e16c9f71d002b9054cf4d013ce9
                                                                                                                                          • Opcode Fuzzy Hash: b8d30e408a22f83ee8f934485c261ab71b7d646d8df567243c4ceb45ceba57d3
                                                                                                                                          • Instruction Fuzzy Hash: 50112770344311AFEA84EF69D851B6A73D1ABC9B00F104059EA16CB790DA31DD02CBA1
                                                                                                                                          Function 069C74C2 Relevance: 9.0, APIs: 6, Instructions: 44COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • __getptd.LIBCMT ref: 069C74CE
                                                                                                                                            • Part of subcall function 069CA1D0: __getptd_noexit.LIBCMT ref: 069CA1D3
                                                                                                                                            • Part of subcall function 069CA1D0: __amsg_exit.LIBCMT ref: 069CA1E0
                                                                                                                                          • __calloc_crt.LIBCMT ref: 069C74D9
                                                                                                                                            • Part of subcall function 069C6ABA: __calloc_impl.LIBCMT ref: 069C6ACB
                                                                                                                                            • Part of subcall function 069C6ABA: Sleep.KERNEL32(00000000), ref: 069C6AE2
                                                                                                                                          • __lock.LIBCMT ref: 069C750F
                                                                                                                                          • ___addlocaleref.LIBCMT ref: 069C751B
                                                                                                                                          • __lock.LIBCMT ref: 069C752F
                                                                                                                                          • InterlockedIncrement.KERNEL32(?), ref: 069C753F
                                                                                                                                            • Part of subcall function 069CABDC: __getptd_noexit.LIBCMT ref: 069CABDC
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: __getptd_noexit__lock$IncrementInterlockedSleep___addlocaleref__amsg_exit__calloc_crt__calloc_impl__getptd
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3538106438-0
                                                                                                                                          • Opcode ID: b81ace7ae70a161ff3124c5eec5c7af2432e89367e822c9ae101ddb44df6af9e
                                                                                                                                          • Instruction ID: 9c692e469f7aa340250b38457d4c8f3ce4abfe83d9c0e4741d70cb77ec540e7e
                                                                                                                                          • Opcode Fuzzy Hash: b81ace7ae70a161ff3124c5eec5c7af2432e89367e822c9ae101ddb44df6af9e
                                                                                                                                          • Instruction Fuzzy Hash: DE015A71900705EFEBE0FBA89C01B1D77A1AF85730F20811DE464ABAC0CA7459419F63
                                                                                                                                          Function 06DB1D60 Relevance: 9.0, APIs: 6, Instructions: 37COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • pthread_self.PTHREADVC2 ref: 06DB1D64
                                                                                                                                            • Part of subcall function 06DB2A40: pthread_getspecific.PTHREADVC2(01BF0578,00000000,5604C483,?,06DB3435), ref: 06DB2A49
                                                                                                                                          • pthread_mutex_lock.PTHREADVC2(00000030), ref: 06DB1D80
                                                                                                                                          • ResetEvent.KERNEL32(?), ref: 06DB1D94
                                                                                                                                          • pthread_mutex_unlock.PTHREADVC2(?,?,?,?,?,?,00000030,00000030), ref: 06DB1DAF
                                                                                                                                            • Part of subcall function 06DB3360: pthread_self.PTHREADVC2(?,?,06DB52BC,?,?,?,06DB2AE2,01BF0578,00000000), ref: 06DB338A
                                                                                                                                            • Part of subcall function 06DB3360: pthread_equal.PTHREADVC2(?,?,00000000,?,?,?,06DB52BC,?,?,?,06DB2AE2,01BF0578,00000000), ref: 06DB3399
                                                                                                                                            • Part of subcall function 06DB3360: InterlockedExchange.KERNEL32(?,00000000), ref: 06DB33B9
                                                                                                                                            • Part of subcall function 06DB3360: SetEvent.KERNEL32(?,?,?,06DB2AE2,01BF0578,00000000), ref: 06DB33C7
                                                                                                                                            • Part of subcall function 06DB1710: pthread_getspecific.PTHREADVC2(01BF0578,?,00000000,06DB1C9D,00000002,00000030,?,?,?,?,?,?,?,?), ref: 06DB1718
                                                                                                                                            • Part of subcall function 06DB1710: exit.MSVCRT ref: 06DB1732
                                                                                                                                            • Part of subcall function 06DB1710: _endthreadex.MSVCRT(?), ref: 06DB1758
                                                                                                                                            • Part of subcall function 06DB1710: longjmp.MSVCRT(-00000040,?), ref: 06DB1770
                                                                                                                                          • pthread_mutex_unlock.PTHREADVC2(00000030), ref: 06DB1DA2
                                                                                                                                            • Part of subcall function 06DB3360: InterlockedExchange.KERNEL32(?,00000000), ref: 06DB3376
                                                                                                                                          • pthread_mutex_unlock.PTHREADVC2(00000030), ref: 06DB1DBF
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361426622.0000000006DB1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 06DB0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361402305.0000000006DB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361483658.0000000006DB6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361523421.0000000006DB8000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361556198.0000000006DB9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6db0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: pthread_mutex_unlock$EventExchangeInterlockedpthread_getspecificpthread_self$Reset_endthreadexexitlongjmppthread_equalpthread_mutex_lock
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3306872268-0
                                                                                                                                          • Opcode ID: eb4d9014bb63f766d6fcff7cffc794fd82a976daca72f17353aaf07842e4bfa9
                                                                                                                                          • Instruction ID: 755e83110a7706221c8ac8be788b4de436a1f5103ddbc7cb41cf42418f204a4b
                                                                                                                                          • Opcode Fuzzy Hash: eb4d9014bb63f766d6fcff7cffc794fd82a976daca72f17353aaf07842e4bfa9
                                                                                                                                          • Instruction Fuzzy Hash: FEF06D75900600DBC2F0BB18AD91AAFB6E4BF81A01F442828E557A6708DA75F51896B2
                                                                                                                                          Function 069B3B40 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 226COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • ?readText@io@dami@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAVID3_Reader@@IH@Z.ID3LIB(?,?,00000003,00000000), ref: 069B3BAE
                                                                                                                                          • ?readText@io@dami@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAVID3_Reader@@IH@Z.ID3LIB ref: 069B3BC4
                                                                                                                                          • ?readText@io@dami@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAVID3_Reader@@IH@Z.ID3LIB(?,?,00000004,00000000), ref: 069B3BE6
                                                                                                                                          • ?readUInt28@io@dami@@YAIAAVID3_Reader@@@Z.ID3LIB(?,00000003,00000002,00000001,00000000,?,ID3,069FE589), ref: 069B3CDD
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ?read$D@2@@std@@D@std@@Reader@@Text@io@dami@@U?$char_traits@V?$allocator@V?$basic_string@$Int28@io@dami@@Reader@@@
                                                                                                                                          • String ID: ID3
                                                                                                                                          • API String ID: 2382135741-2882503754
                                                                                                                                          • Opcode ID: ef0393019f4f09dbb18584982175cb3176119f1b622cbde72b353850de794e15
                                                                                                                                          • Instruction ID: 44652736ca7fa0d95d96cec70c1897f99ea6ce7986bcd3bac03891a82221efc1
                                                                                                                                          • Opcode Fuzzy Hash: ef0393019f4f09dbb18584982175cb3176119f1b622cbde72b353850de794e15
                                                                                                                                          • Instruction Fuzzy Hash: E891C070608381AFD7A1CB68C944AABBBE5BFC5720F440A1EF1D687690D771D948CB53
                                                                                                                                          Function 069B4F10 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 184COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • ?setWindow@WindowedReader@io@dami@@QAEXII@Z.ID3LIB(00000000), ref: 069B4FF2
                                                                                                                                          • ?setWindow@WindowedReader@io@dami@@QAEXII@Z.ID3LIB(00000000), ref: 069B5052
                                                                                                                                          • ?readAllBinary@io@dami@@YA?AV?$basic_string@EU?$char_traits@E@std@@V?$allocator@E@2@@std@@AAVID3_Reader@@@Z.ID3LIB(?,069FE178,00000001,?,00000000), ref: 069B50AC
                                                                                                                                          • ?readAllBinary@io@dami@@YA?AV?$basic_string@EU?$char_traits@E@std@@V?$allocator@E@2@@std@@AAVID3_Reader@@@Z.ID3LIB(?,069FE240,?,069FE178,00000001,?,00000000), ref: 069B50EF
                                                                                                                                            • Part of subcall function 06991050: ?getAlbum@v2@id3@dami@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABVID3_TagImpl@@@Z.ID3LIB ref: 06991065
                                                                                                                                            • Part of subcall function 06991050: ?getCur@ID3_MemoryWriter@@UAEIXZ.ID3LIB(?), ref: 06991079
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: U?$char_traits@V?$allocator@V?$basic_string@$?get?read?setBinary@io@dami@@E@2@@std@@E@std@@Reader@@@Reader@io@dami@@Window@Windowed$Album@v2@id3@dami@@Cur@D@2@@std@@D@std@@Impl@@@MemoryWriter@@
                                                                                                                                          • String ID: @
                                                                                                                                          • API String ID: 3641780380-2766056989
                                                                                                                                          • Opcode ID: c85d46f6db6cdcd1fa5356b572f3ecd6b6e29d925e79eaef4040ef170262ae56
                                                                                                                                          • Instruction ID: 78b1d1e71eb73dcdcfa6abd4eb9d531e5892f8cbc8493ca2ff4fcec0971b088d
                                                                                                                                          • Opcode Fuzzy Hash: c85d46f6db6cdcd1fa5356b572f3ecd6b6e29d925e79eaef4040ef170262ae56
                                                                                                                                          • Instruction Fuzzy Hash: 897158752183409FC790DF28C880B9EBBE5BFC9714F154A0DE599877A0DB309909CBA3
                                                                                                                                          Function 06992AA4 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 128COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,5B40A19F), ref: 06992AA6
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,6AE4AB71), ref: 06992AB8
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ?getCharEnd@Reader@io@dami@@
                                                                                                                                          • String ID: OleAut32$mscoree$ntdll
                                                                                                                                          • API String ID: 495049384-3596425917
                                                                                                                                          • Opcode ID: c3d36e0db0393a90f4e128f6e78484f1796e9927067e7d9a6c654e0c7bbbe20f
                                                                                                                                          • Instruction ID: 99a9b8bdd00a86f8dead14fd83e399927bd874caacb06f6744289565ba62e751
                                                                                                                                          • Opcode Fuzzy Hash: c3d36e0db0393a90f4e128f6e78484f1796e9927067e7d9a6c654e0c7bbbe20f
                                                                                                                                          • Instruction Fuzzy Hash: 83514E35D14298EEEF61CBE8D845BEDBBB4AF08310F20449AE518FB290D7740A84CF25
                                                                                                                                          Function 06DC3810 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 115COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • GetVersionExA.KERNEL32 ref: 06DC382F
                                                                                                                                          • GetEnvironmentVariableA.KERNEL32(__MSVCRT_HEAP_SELECT,?,00001090), ref: 06DC3864
                                                                                                                                          • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 06DC38C4
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361628266.0000000006DC1000.00000020.00000001.01000000.00000010.sdmp, Offset: 06DC0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361583894.0000000006DC0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361695467.0000000006DC8000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361730827.0000000006DCB000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361760959.0000000006DCD000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361801698.0000000006DCF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6dc0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: EnvironmentFileModuleNameVariableVersion
                                                                                                                                          • String ID: __GLOBAL_HEAP_SELECTED$__MSVCRT_HEAP_SELECT
                                                                                                                                          • API String ID: 1385375860-4131005785
                                                                                                                                          • Opcode ID: 8afce0b811ad2caa010c4cba04423dc4842b56fd18a60df996867c92638ffae4
                                                                                                                                          • Instruction ID: f4ba8ab78b462be53ab2ee2bb0550c58fdba9d28d5b9ebcb3dc6e13343e90c1a
                                                                                                                                          • Opcode Fuzzy Hash: 8afce0b811ad2caa010c4cba04423dc4842b56fd18a60df996867c92638ffae4
                                                                                                                                          • Instruction Fuzzy Hash: F0312072C0124FADEBB68770AC44FD93B689F06234F1584DDD186D7142DE31DA8ADB21
                                                                                                                                          Function 06DDC38D Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 115COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • GetVersionExA.KERNEL32 ref: 06DDC3AC
                                                                                                                                          • GetEnvironmentVariableA.KERNEL32(__MSVCRT_HEAP_SELECT,?,00001090), ref: 06DDC3E1
                                                                                                                                          • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 06DDC441
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361849390.0000000006DD1000.00000020.00000001.01000000.00000011.sdmp, Offset: 06DD0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361827332.0000000006DD0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361960118.0000000006DE2000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361980942.0000000006DE5000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3362017883.0000000006DE8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6dd0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: EnvironmentFileModuleNameVariableVersion
                                                                                                                                          • String ID: __GLOBAL_HEAP_SELECTED$__MSVCRT_HEAP_SELECT
                                                                                                                                          • API String ID: 1385375860-4131005785
                                                                                                                                          • Opcode ID: 8d7569547367419dd3785216a2546072316bee01fbe605200546d745ad6b1b2f
                                                                                                                                          • Instruction ID: bc6ab29c70c9372994aac0aba57842074c16922aeedff7981681f8ccdde5531f
                                                                                                                                          • Opcode Fuzzy Hash: 8d7569547367419dd3785216a2546072316bee01fbe605200546d745ad6b1b2f
                                                                                                                                          • Instruction Fuzzy Hash: 68315771DB12886DEBF2B770AC41BFD376CDB0A704F1804D5E185D6141E631EA89CB20
                                                                                                                                          Function 069B0110 Relevance: 7.8, APIs: 5, Instructions: 278COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: _fgetc$_ungetc
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1266601628-0
                                                                                                                                          • Opcode ID: 1fa2363950ffca3d2bfd921e5a84f3ea2d996dfa07350465300e2892dd6a7807
                                                                                                                                          • Instruction ID: 1569fa517e30a235a70fc810749411f3a5e2de775c57aeb3b5828a35bbab64aa
                                                                                                                                          • Opcode Fuzzy Hash: 1fa2363950ffca3d2bfd921e5a84f3ea2d996dfa07350465300e2892dd6a7807
                                                                                                                                          • Instruction Fuzzy Hash: E1A1D2316083029FD788DB28C9909AFB7E6FFC5254F945A2DF49287A90D731E845CB92
                                                                                                                                          Function 069BB960 Relevance: 7.7, APIs: 5, Instructions: 191fileCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • GetVersion.KERNEL32(6E79B076,?,?,?,?,?,?,069F89A8,000000FF), ref: 069BB98F
                                                                                                                                          • GetFileAttributesW.KERNEL32(00000000), ref: 069BB9B8
                                                                                                                                          • GetVersion.KERNEL32(?,00000000), ref: 069BBA87
                                                                                                                                          • CreateFileW.KERNEL32(00000000,C0000000,00000000,00000000,00000003,00000000,00000000), ref: 069BBABA
                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 069BBAC6
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: FileVersion$AttributesCloseCreateHandle
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2868311566-0
                                                                                                                                          • Opcode ID: 11569bb35924ca75b6da9fb39a34e3cc0d1045f17b26d8aa24a4aaaef7faefec
                                                                                                                                          • Instruction ID: 366efd64ceec404e7da92fe1e9f4a3af0866ce4e592525eaad5c8fb18b68bbab
                                                                                                                                          • Opcode Fuzzy Hash: 11569bb35924ca75b6da9fb39a34e3cc0d1045f17b26d8aa24a4aaaef7faefec
                                                                                                                                          • Instruction Fuzzy Hash: 1A51F771A04340AFEBA0DB24DC45BAA77E8EF85324F10092DF915976C4EB36EA05C792
                                                                                                                                          Function 069BBC10 Relevance: 7.7, APIs: 5, Instructions: 178fileCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • GetVersion.KERNEL32(6E79B076,?,?,?,?,?,?,069F89D8,000000FF), ref: 069BBC3F
                                                                                                                                          • GetFileAttributesW.KERNEL32(00000000), ref: 069BBC68
                                                                                                                                          • GetVersion.KERNEL32 ref: 069BBD37
                                                                                                                                          • CreateFileW.KERNEL32(00000000,C0000000,00000000,00000000,00000003,00000000,00000000), ref: 069BBD6A
                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 069BBD76
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: FileVersion$AttributesCloseCreateHandle
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2868311566-0
                                                                                                                                          • Opcode ID: 5d898d06c959f4f0b60acebd694e142a5ee8152a6c1aa1bacecbb0a64e580071
                                                                                                                                          • Instruction ID: 857fede80d9ccd7fa49959ba987800c41071640b145b38662a9461cac86c27b5
                                                                                                                                          • Opcode Fuzzy Hash: 5d898d06c959f4f0b60acebd694e142a5ee8152a6c1aa1bacecbb0a64e580071
                                                                                                                                          • Instruction Fuzzy Hash: 305108B1A44340AFDB90DB28DD45BAA73E8EFC5224F100A2EF915876C1EB39D905C792
                                                                                                                                          Function 06DC4E5A Relevance: 7.6, APIs: 5, Instructions: 150COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • GetStartupInfoA.KERNEL32(?), ref: 06DC4EB8
                                                                                                                                          • GetFileType.KERNEL32(00000480), ref: 06DC4F63
                                                                                                                                          • GetStdHandle.KERNEL32(-000000F6), ref: 06DC4FC6
                                                                                                                                          • GetFileType.KERNEL32(00000000), ref: 06DC4FD4
                                                                                                                                          • SetHandleCount.KERNEL32 ref: 06DC500B
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361628266.0000000006DC1000.00000020.00000001.01000000.00000010.sdmp, Offset: 06DC0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361583894.0000000006DC0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361695467.0000000006DC8000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361730827.0000000006DCB000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361760959.0000000006DCD000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361801698.0000000006DCF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6dc0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: FileHandleType$CountInfoStartup
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1710529072-0
                                                                                                                                          • Opcode ID: aa17bf176b5e7f882ba485dc869b05e907235a9a9c22ca026e2d45269579481f
                                                                                                                                          • Instruction ID: e6fcea1867803c93072d92f61360bf0d229136fb3e4b4cb83fd127fc877b204a
                                                                                                                                          • Opcode Fuzzy Hash: aa17bf176b5e7f882ba485dc869b05e907235a9a9c22ca026e2d45269579481f
                                                                                                                                          • Instruction Fuzzy Hash: B451F77190420F8FD7A0CF68C868B657BE5EB11374F298A6CE6A2CB2D1DB34D906C750
                                                                                                                                          Function 06DDE332 Relevance: 7.6, APIs: 5, Instructions: 150COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • GetStartupInfoA.KERNEL32(?), ref: 06DDE390
                                                                                                                                          • GetFileType.KERNEL32(00000480), ref: 06DDE43B
                                                                                                                                          • GetStdHandle.KERNEL32(-000000F6), ref: 06DDE49E
                                                                                                                                          • GetFileType.KERNEL32(00000000), ref: 06DDE4AC
                                                                                                                                          • SetHandleCount.KERNEL32 ref: 06DDE4E3
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361849390.0000000006DD1000.00000020.00000001.01000000.00000011.sdmp, Offset: 06DD0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361827332.0000000006DD0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361960118.0000000006DE2000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361980942.0000000006DE5000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3362017883.0000000006DE8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6dd0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: FileHandleType$CountInfoStartup
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1710529072-0
                                                                                                                                          • Opcode ID: 84afd69e4189a1135f4826737d73211aacdae89806513a1a1c2637040ec23660
                                                                                                                                          • Instruction ID: a296d77e42456118474611a33678f5718b184b4ebc6badaafad318a6eb77663d
                                                                                                                                          • Opcode Fuzzy Hash: 84afd69e4189a1135f4826737d73211aacdae89806513a1a1c2637040ec23660
                                                                                                                                          • Instruction Fuzzy Hash: 155115729002418FD7A0FB78C8887697BE5FB1A328F19866CD6A69F3D0D770D905C7A1
                                                                                                                                          Function 06997F10 Relevance: 7.6, APIs: 5, Instructions: 117COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • std::exception::exception.LIBCMT ref: 06997F47
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 06997F5E
                                                                                                                                            • Part of subcall function 069C2621: _malloc.LIBCMT ref: 069C263B
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Exception@8Throw_mallocstd::exception::exception
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 4063778783-0
                                                                                                                                          • Opcode ID: e57f4e5408d9e716b5b1632f1d1e46415ed42ba7bf67bb26b9e0b429e31d66d1
                                                                                                                                          • Instruction ID: 95264e8926df8ece18c1bc19115239383e2ed6719d670463ec7e52b379db6d45
                                                                                                                                          • Opcode Fuzzy Hash: e57f4e5408d9e716b5b1632f1d1e46415ed42ba7bf67bb26b9e0b429e31d66d1
                                                                                                                                          • Instruction Fuzzy Hash: F411B2B15183016AD7C8EF689A45A2FB7D4AFD4620F504A1DF56A82580EB70DA1CC763
                                                                                                                                          Function 06DB4C50 Relevance: 7.6, APIs: 5, Instructions: 107COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361426622.0000000006DB1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 06DB0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361402305.0000000006DB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361483658.0000000006DB6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361523421.0000000006DB8000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361556198.0000000006DB9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6db0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: calloc
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2635317215-0
                                                                                                                                          • Opcode ID: 4effb7120e6c7955340b35d622e7895d788b6c170954e58636c711f0eaa7726a
                                                                                                                                          • Instruction ID: 75e4a6098b31a2fa907abbd8f74f814527d14916aeab0cfd950bbdef8f7b163a
                                                                                                                                          • Opcode Fuzzy Hash: 4effb7120e6c7955340b35d622e7895d788b6c170954e58636c711f0eaa7726a
                                                                                                                                          • Instruction Fuzzy Hash: 27219CB3A053058BD760DF4ABC406EAB3D5EBC0666F20092EF946C7249EB72D5498791
                                                                                                                                          Function 073113B0 Relevance: 7.6, APIs: 5, Instructions: 98COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • SDL_DestroyTexture.SDL2(?,00000002,?,75919350,?,00000000), ref: 073113EB
                                                                                                                                          • #305.CPKERNEL(?,?,?,?,00000000,00000002,?,75919350,?,00000000), ref: 07311458
                                                                                                                                          • SDL_CreateTexture.SDL2(00000000,16362004,00000000,?,?,?,?,00000002,?,75919350,?,00000000), ref: 0731149C
                                                                                                                                          • SDL_UpdateTexture.SDL2(?,00000000,?,?,?,?,00000002,?,75919350,?,00000000), ref: 073114C4
                                                                                                                                          • SDL_SetTextureBlendMode.SDL2(?,00000001,?,00000000,?,?,?,?,00000002,?,75919350,?,00000000), ref: 073114D2
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3364461439.0000000007311000.00000020.00000001.01000000.00000012.sdmp, Offset: 07310000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3364405182.0000000007310000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364564894.0000000007320000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364633835.0000000007324000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364663478.0000000007327000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_7310000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Texture$#305BlendCreateDestroyModeUpdate
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3775255488-0
                                                                                                                                          • Opcode ID: d13b20d7ac4a4a00f952babb73a026919c6395f8220d63f4a32d096f470fbcbc
                                                                                                                                          • Instruction ID: a75ff1842557e00a6d6ebe6b90701720f57b1289d26bfeda3a674cfa55a6089f
                                                                                                                                          • Opcode Fuzzy Hash: d13b20d7ac4a4a00f952babb73a026919c6395f8220d63f4a32d096f470fbcbc
                                                                                                                                          • Instruction Fuzzy Hash: F63161F19007159BE724DE19C8809E7F3F9EBC4610F54892DFAAE93205E730A845CBA6
                                                                                                                                          Function 069AC3A0 Relevance: 7.6, APIs: 5, Instructions: 83COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • GetConsoleCP.KERNEL32(00000200,00000000,000000FF,00000000,00000000,00000000,00000000), ref: 069AC3CE
                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000), ref: 069AC3D1
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ByteCharConsoleMultiWide
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 277923484-0
                                                                                                                                          • Opcode ID: 4e4c76d62536301329a95b50406b84b32bc76fd50bbdf7bcefc56d3483101fe6
                                                                                                                                          • Instruction ID: da230a1675f1a276d687508d679990cc01ad825615d1f5edb5f486e4b657a69a
                                                                                                                                          • Opcode Fuzzy Hash: 4e4c76d62536301329a95b50406b84b32bc76fd50bbdf7bcefc56d3483101fe6
                                                                                                                                          • Instruction Fuzzy Hash: EE11CA73B8831537E6B071BC7C45F7B739C87C2A71F204639F6109A5C4E955984182A6
                                                                                                                                          Function 07311270 Relevance: 7.6, APIs: 5, Instructions: 80COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 07311290
                                                                                                                                          • _malloc.LIBCMT ref: 073112E0
                                                                                                                                          • _memset.LIBCMT ref: 073112F2
                                                                                                                                          • _malloc.LIBCMT ref: 0731131C
                                                                                                                                          • LeaveCriticalSection.KERNEL32 ref: 07311354
                                                                                                                                            • Part of subcall function 07313D59: __lock.LIBCMT ref: 07313D77
                                                                                                                                            • Part of subcall function 07313D59: ___sbh_find_block.LIBCMT ref: 07313D82
                                                                                                                                            • Part of subcall function 07313D59: ___sbh_free_block.LIBCMT ref: 07313D91
                                                                                                                                            • Part of subcall function 07313D59: HeapFree.KERNEL32(00000000,00000214,07322450,0000000C,07314986,00000000,073224B0,0000000C,073149C0,00000214,-0000000E,?,0731BAE6,00000004,073226C0,0000000C), ref: 07313DC1
                                                                                                                                            • Part of subcall function 07313D59: GetLastError.KERNEL32(?,0731BAE6,00000004,073226C0,0000000C,07318589,00000214,00000001,00000000,00000000,00000000,?,07317EC8,00000001,00000214), ref: 07313DD2
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3364461439.0000000007311000.00000020.00000001.01000000.00000012.sdmp, Offset: 07310000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3364405182.0000000007310000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364564894.0000000007320000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364633835.0000000007324000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364663478.0000000007327000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_7310000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CriticalSection_malloc$EnterErrorFreeHeapLastLeave___sbh_find_block___sbh_free_block__lock_memset
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 510143637-0
                                                                                                                                          • Opcode ID: b4f872b4323f8eb76f62d8454a866d1bdc4a9b08702267f6396f42a449e39bde
                                                                                                                                          • Instruction ID: cdfe1e2833db2ff7aadf45797c47418e8e6fc907130151dd136817acf75d5baf
                                                                                                                                          • Opcode Fuzzy Hash: b4f872b4323f8eb76f62d8454a866d1bdc4a9b08702267f6396f42a449e39bde
                                                                                                                                          • Instruction Fuzzy Hash: 822180F1A00209CFFB28DF65D8C1B9B77A9AB84710F144559EA0D9B206E631E945CBA1
                                                                                                                                          Function 069B4900 Relevance: 7.6, APIs: 5, Instructions: 79COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • ?GetUnsync@ID3_Tag@@QBE_NXZ.ID3LIB(6E79B076,?,?,?,?,069F7E3B,000000FF), ref: 069B4930
                                                                                                                                          • ?GetExtendedHeader@ID3_Tag@@QBE_NXZ.ID3LIB(?,6E79B076,?,?,?,?,069F7E3B,000000FF), ref: 069B4942
                                                                                                                                          • ?GetExperimental@ID3_Tag@@QBE_NXZ.ID3LIB(?,?,6E79B076,?,?,?,?,069F7E3B,000000FF), ref: 069B4954
                                                                                                                                          • ?CreateIterator@ID3_Tag@@QBEPAVConstIterator@1@XZ.ID3LIB(?,?,?,6E79B076,?,?,?,?,069F7E3B,000000FF), ref: 069B4966
                                                                                                                                            • Part of subcall function 069C2621: _malloc.LIBCMT ref: 069C263B
                                                                                                                                          • ??0ID3_Frame@@QAE@ABV0@@Z.ID3LIB(00000000,?,?,?,?,?,?,?,000000FF), ref: 069B499D
                                                                                                                                            • Part of subcall function 06992194: ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,F1C25B45,?,?,0699108F), ref: 0699219D
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Tag@@$?getCharConstCreateEnd@Experimental@ExtendedFrame@@Header@Iterator@Iterator@1@Reader@io@dami@@Unsync@V0@@_malloc
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3334558483-0
                                                                                                                                          • Opcode ID: c34627105f175692ed1f41ac50c4cb7fbbc24357d244594bda56ca8ec63fffdf
                                                                                                                                          • Instruction ID: 31e5732144d201fabc5225361abab4b401d1d85970f6f50923b8e88775efdf82
                                                                                                                                          • Opcode Fuzzy Hash: c34627105f175692ed1f41ac50c4cb7fbbc24357d244594bda56ca8ec63fffdf
                                                                                                                                          • Instruction Fuzzy Hash: 562104B17046115BCBD5EB2C9D50B3E72D9AFC8A60F00062DE466C77C0EB28DE0696B2
                                                                                                                                          Function 0B2DDBC4 Relevance: 7.6, APIs: 5, Instructions: 76serviceCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • OpenSCManagerW.ADVAPI32(00000000,00000000,00000015), ref: 0B2DDBF1
                                                                                                                                          • OpenServiceW.ADVAPI32(00000000,00000000,80000080,00000000,0B2DDC99,?,00000000,00000000,00000015), ref: 0B2DDC22
                                                                                                                                          • QueryServiceStatus.ADVAPI32(00000000,0B55EF05,00000000,0B2DDC7B,?,00000000,00000000,80000080,00000000,0B2DDC99,?,00000000,00000000,00000015), ref: 0B2DDC55
                                                                                                                                          • CloseServiceHandle.ADVAPI32(00000000,0B2DDC82,0B2DDC7B,?,00000000,00000000,80000080,00000000,0B2DDC99,?,00000000,00000000,00000015), ref: 0B2DDC75
                                                                                                                                          • CloseServiceHandle.ADVAPI32(00000000,0B2DDCA0,00000000,0B2DDC99,?,00000000,00000000,00000015), ref: 0B2DDC93
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3379869403.000000000B089000.00000040.00001000.00020000.00000000.sdmp, Offset: 0B070000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B070000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5AF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5B1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5BB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5F7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_b070000_CPPlayer.jbxd
                                                                                                                                          Yara matches
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Service$CloseHandleOpen$ManagerQueryStatus
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2623946379-0
                                                                                                                                          • Opcode ID: 3d6180902dd5d219250fe2c22f410e30c97627e14e5e99f26bd1f92570b24911
                                                                                                                                          • Instruction ID: 862ca31f2ff592802b24642c48ea1da4809489007645de896928a670f76ddabf
                                                                                                                                          • Opcode Fuzzy Hash: 3d6180902dd5d219250fe2c22f410e30c97627e14e5e99f26bd1f92570b24911
                                                                                                                                          • Instruction Fuzzy Hash: 22219D70A54A49AFDB01EBE4D896AAEFBFCEB48340F904975E404E3240D7749A00CBA0
                                                                                                                                          Function 069AA650 Relevance: 7.6, APIs: 5, Instructions: 74COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • ?ID3_RemoveYears@@YAIPAVID3_Tag@@@Z.ID3LIB(?,6E79B076,?,?,?,?,069F72DB,000000FF), ref: 069AA6A4
                                                                                                                                          • ?Find@ID3_Tag@@QBEPAVID3_Frame@@W4ID3_FrameID@@@Z.ID3LIB(00000051,6E79B076,?,?,?,?,069F72DB,000000FF), ref: 069AA6B2
                                                                                                                                            • Part of subcall function 069928C9: ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,85557334), ref: 069929E7
                                                                                                                                            • Part of subcall function 069928C9: ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,F23B576D), ref: 069929F9
                                                                                                                                            • Part of subcall function 069928C9: ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,C0104754), ref: 06992A91
                                                                                                                                          • ??0ID3_Frame@@QAE@W4ID3_FrameID@@@Z.ID3LIB(00000051,?,?,?,?,?,?,?,000000FF), ref: 069AA6D9
                                                                                                                                          • ?GetField@ID3_Frame@@QBEPAVID3_Field@@W4ID3_FieldID@@@Z.ID3LIB(00000002,?,?,?,?,?,?,?,000000FF), ref: 069AA6F4
                                                                                                                                          • ?AttachFrame@ID3_Tag@@QAE_NPAVID3_Frame@@@Z.ID3LIB(00000000,?,?,?,?,?,?,?,000000FF), ref: 069AA706
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ?getCharD@@@End@Frame@@Reader@io@dami@@$FrameTag@@$AttachFieldField@Field@@Find@Frame@Frame@@@RemoveTag@@@Years@@
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1852256734-0
                                                                                                                                          • Opcode ID: 2f2da367624204d7be9bf05414e4389b581ceeed6cfb91b471d038f938afb7ab
                                                                                                                                          • Instruction ID: d72d2c99fd82311cec175d03ee6f12453812f0f64321c96c45e99a32c3fe79a4
                                                                                                                                          • Opcode Fuzzy Hash: 2f2da367624204d7be9bf05414e4389b581ceeed6cfb91b471d038f938afb7ab
                                                                                                                                          • Instruction Fuzzy Hash: 00215B71B047019BDBA1CB6C8C80B6B77E8BBC8A10F140A29E8568B784E725CE05C7E1
                                                                                                                                          Function 069AA430 Relevance: 7.6, APIs: 5, Instructions: 74COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • ?ID3_RemoveAlbums@@YAIPAVID3_Tag@@@Z.ID3LIB(?,6E79B076,?,?,?,?,069F727B,000000FF), ref: 069AA484
                                                                                                                                          • ?Find@ID3_Tag@@QBEPAVID3_Frame@@W4ID3_FrameID@@@Z.ID3LIB(0000001E,6E79B076,?,?,?,?,069F727B,000000FF), ref: 069AA492
                                                                                                                                            • Part of subcall function 069928C9: ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,85557334), ref: 069929E7
                                                                                                                                            • Part of subcall function 069928C9: ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,F23B576D), ref: 069929F9
                                                                                                                                            • Part of subcall function 069928C9: ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,C0104754), ref: 06992A91
                                                                                                                                          • ??0ID3_Frame@@QAE@W4ID3_FrameID@@@Z.ID3LIB(0000001E,?,?,?,?,?,?,?,000000FF), ref: 069AA4B9
                                                                                                                                          • ?GetField@ID3_Frame@@QBEPAVID3_Field@@W4ID3_FieldID@@@Z.ID3LIB(00000002,?,?,?,?,?,?,?,000000FF), ref: 069AA4D4
                                                                                                                                          • ?AttachFrame@ID3_Tag@@QAE_NPAVID3_Frame@@@Z.ID3LIB(00000000,?,?,?,?,?,?,?,000000FF), ref: 069AA4E6
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ?getCharD@@@End@Frame@@Reader@io@dami@@$FrameTag@@$Albums@@AttachFieldField@Field@@Find@Frame@Frame@@@RemoveTag@@@
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1817854198-0
                                                                                                                                          • Opcode ID: da928a08f4bdfca800565eb9737a19c13976477fef4993f4e15bc51ef1526d84
                                                                                                                                          • Instruction ID: 865782027e7350723a3baafd5a27f40b24450ccefd2942b04df46a5b63184438
                                                                                                                                          • Opcode Fuzzy Hash: da928a08f4bdfca800565eb9737a19c13976477fef4993f4e15bc51ef1526d84
                                                                                                                                          • Instruction Fuzzy Hash: 04210871B04741ABD7A0DF688C84B6B77D8AFC8A10F144A29F8569BB80DB65DD06C3E1
                                                                                                                                          Function 069AA540 Relevance: 7.6, APIs: 5, Instructions: 74COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • ?ID3_RemoveTitles@@YAIPAVID3_Tag@@@Z.ID3LIB(?,6E79B076,?,?,?,?,069F72AB,000000FF), ref: 069AA594
                                                                                                                                          • ?Find@ID3_Tag@@QBEPAVID3_Frame@@W4ID3_FrameID@@@Z.ID3LIB(00000030,6E79B076,?,?,?,?,069F72AB,000000FF), ref: 069AA5A2
                                                                                                                                            • Part of subcall function 069928C9: ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,85557334), ref: 069929E7
                                                                                                                                            • Part of subcall function 069928C9: ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,F23B576D), ref: 069929F9
                                                                                                                                            • Part of subcall function 069928C9: ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,C0104754), ref: 06992A91
                                                                                                                                          • ??0ID3_Frame@@QAE@W4ID3_FrameID@@@Z.ID3LIB(00000030,?,?,?,?,?,?,?,000000FF), ref: 069AA5C9
                                                                                                                                          • ?GetField@ID3_Frame@@QBEPAVID3_Field@@W4ID3_FieldID@@@Z.ID3LIB(00000002,?,?,?,?,?,?,?,000000FF), ref: 069AA5E4
                                                                                                                                          • ?AttachFrame@ID3_Tag@@QAE_NPAVID3_Frame@@@Z.ID3LIB(00000000,?,?,?,?,?,?,?,000000FF), ref: 069AA5F6
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ?getCharD@@@End@Frame@@Reader@io@dami@@$FrameTag@@$AttachFieldField@Field@@Find@Frame@Frame@@@RemoveTag@@@Titles@@
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1189781531-0
                                                                                                                                          • Opcode ID: 61a1bae1198dfcb87944b2ac5732c6950efe02f97251e204e4a86545b982553a
                                                                                                                                          • Instruction ID: b92ad1bd5719c05b546fa0fa2bbff2bd192968d3f59cf1b26228a6f740090bad
                                                                                                                                          • Opcode Fuzzy Hash: 61a1bae1198dfcb87944b2ac5732c6950efe02f97251e204e4a86545b982553a
                                                                                                                                          • Instruction Fuzzy Hash: E5210871B18341AFD790CB688C90B2F77D8ABC9A10F140A29E856DBB80DB35DE05C3E5
                                                                                                                                          Function 069AAF90 Relevance: 7.6, APIs: 5, Instructions: 74COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • ?ID3_RemoveLyricist@@YAIPAVID3_Tag@@@Z.ID3LIB(?,6E79B076,?,?,?,?,069F73FB,000000FF), ref: 069AAFE4
                                                                                                                                          • ?Find@ID3_Tag@@QBEPAVID3_Frame@@W4ID3_FrameID@@@Z.ID3LIB(0000002C,6E79B076,?,?,?,?,069F73FB,000000FF), ref: 069AAFF2
                                                                                                                                            • Part of subcall function 069928C9: ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,85557334), ref: 069929E7
                                                                                                                                            • Part of subcall function 069928C9: ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,F23B576D), ref: 069929F9
                                                                                                                                            • Part of subcall function 069928C9: ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,C0104754), ref: 06992A91
                                                                                                                                          • ??0ID3_Frame@@QAE@W4ID3_FrameID@@@Z.ID3LIB(0000002C,?,?,?,?,?,?,?,000000FF), ref: 069AB019
                                                                                                                                          • ?GetField@ID3_Frame@@QBEPAVID3_Field@@W4ID3_FieldID@@@Z.ID3LIB(00000002,?,?,?,?,?,?,?,000000FF), ref: 069AB034
                                                                                                                                          • ?AttachFrame@ID3_Tag@@QAE_NPAVID3_Frame@@@Z.ID3LIB(00000000,?,?,?,?,?,?,?,000000FF), ref: 069AB046
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ?getCharD@@@End@Frame@@Reader@io@dami@@$FrameTag@@$AttachFieldField@Field@@Find@Frame@Frame@@@Lyricist@@RemoveTag@@@
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 36875058-0
                                                                                                                                          • Opcode ID: 67f7b57fc2694eaeedb0bc4e15b79347ee9b9405086c9acc9018e4cc70cc9c50
                                                                                                                                          • Instruction ID: 458db1f28e0743bb7728ef8ccb93bc0cab8e12e7f35e51d47840c3a360d2aada
                                                                                                                                          • Opcode Fuzzy Hash: 67f7b57fc2694eaeedb0bc4e15b79347ee9b9405086c9acc9018e4cc70cc9c50
                                                                                                                                          • Instruction Fuzzy Hash: FB215E71704311ABD7A0CB289D40B3F77D8ABC9610F140A2DE96197788D729CD05C3D1
                                                                                                                                          Function 069AACC0 Relevance: 7.6, APIs: 5, Instructions: 74COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • ?ID3_RemoveGenres@@YAIPAVID3_Tag@@@Z.ID3LIB(?,6E79B076,?,?,?,?,069F739B,000000FF), ref: 069AAD14
                                                                                                                                          • ?Find@ID3_Tag@@QBEPAVID3_Frame@@W4ID3_FrameID@@@Z.ID3LIB(00000021,6E79B076,?,?,?,?,069F739B,000000FF), ref: 069AAD22
                                                                                                                                            • Part of subcall function 069928C9: ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,85557334), ref: 069929E7
                                                                                                                                            • Part of subcall function 069928C9: ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,F23B576D), ref: 069929F9
                                                                                                                                            • Part of subcall function 069928C9: ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,C0104754), ref: 06992A91
                                                                                                                                          • ??0ID3_Frame@@QAE@W4ID3_FrameID@@@Z.ID3LIB(00000021,?,?,?,?,?,?,?,000000FF), ref: 069AAD49
                                                                                                                                          • ?GetField@ID3_Frame@@QBEPAVID3_Field@@W4ID3_FieldID@@@Z.ID3LIB(00000002,?,?,?,?,?,?,?,000000FF), ref: 069AAD64
                                                                                                                                          • ?AttachFrame@ID3_Tag@@QAE_NPAVID3_Frame@@@Z.ID3LIB(00000000,?,?,?,?,?,?,?,000000FF), ref: 069AAD76
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ?getCharD@@@End@Frame@@Reader@io@dami@@$FrameTag@@$AttachFieldField@Field@@Find@Frame@Frame@@@Genres@@RemoveTag@@@
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1225729779-0
                                                                                                                                          • Opcode ID: 0093c5210e309c90225093696e471475d3332632c2ca9452ba5fdcdd179ef96f
                                                                                                                                          • Instruction ID: cbbf6f5202002c1d5f0f9237bd431ba81f718d39e170aba80f9a5d2555407044
                                                                                                                                          • Opcode Fuzzy Hash: 0093c5210e309c90225093696e471475d3332632c2ca9452ba5fdcdd179ef96f
                                                                                                                                          • Instruction Fuzzy Hash: 69212B71B047019BD794DF689C80B3B77D9ABC8A10F140A2EED969B780D765DD05C3E2
                                                                                                                                          Function 069C5E10 Relevance: 7.6, APIs: 5, Instructions: 71COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • GetFileType.KERNEL32(?,06A09B18,0000000C,069B5FD5,00000000,00000000), ref: 069C5E44
                                                                                                                                          • GetLastError.KERNEL32 ref: 069C5E4E
                                                                                                                                          • __dosmaperr.LIBCMT ref: 069C5E55
                                                                                                                                          • __alloc_osfhnd.LIBCMT ref: 069C5E76
                                                                                                                                          • __set_osfhnd.LIBCMT ref: 069C5EA0
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ErrorFileLastType__alloc_osfhnd__dosmaperr__set_osfhnd
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 43408053-0
                                                                                                                                          • Opcode ID: 61d898a11ad1f924edbf54c127b13d516d632b1d43bc613ba21c9efedef3f2e0
                                                                                                                                          • Instruction ID: a9e6415b7e59816e8f7ae2fb06230c163b036166ceda461ef52cba928a0a5241
                                                                                                                                          • Opcode Fuzzy Hash: 61d898a11ad1f924edbf54c127b13d516d632b1d43bc613ba21c9efedef3f2e0
                                                                                                                                          • Instruction Fuzzy Hash: E321F170941209AFDFD1EB68C8403AC7B61AF82374F29864CD5748B9E2C734A951DF86
                                                                                                                                          Function 073121F0 Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,?,?,75919350,?,0731258C), ref: 0731220C
                                                                                                                                          • _malloc.LIBCMT ref: 07312214
                                                                                                                                            • Part of subcall function 07313C8F: __FF_MSGBANNER.LIBCMT ref: 07313CB2
                                                                                                                                            • Part of subcall function 07313C8F: __NMSG_WRITE.LIBCMT ref: 07313CB9
                                                                                                                                            • Part of subcall function 07313C8F: HeapAlloc.KERNEL32(00000000,00000205,00000001,00000000,00000000,?,0731853F,00000214,00000001,00000214,?,0731492F,00000018,073224B0,0000000C,073149C0), ref: 07313D06
                                                                                                                                          • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,?,?,00000000,000003FF), ref: 0731222A
                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000), ref: 07312241
                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,?,00000000,00000000,00000000), ref: 07312272
                                                                                                                                            • Part of subcall function 07313D59: __lock.LIBCMT ref: 07313D77
                                                                                                                                            • Part of subcall function 07313D59: ___sbh_find_block.LIBCMT ref: 07313D82
                                                                                                                                            • Part of subcall function 07313D59: ___sbh_free_block.LIBCMT ref: 07313D91
                                                                                                                                            • Part of subcall function 07313D59: HeapFree.KERNEL32(00000000,00000214,07322450,0000000C,07314986,00000000,073224B0,0000000C,073149C0,00000214,-0000000E,?,0731BAE6,00000004,073226C0,0000000C), ref: 07313DC1
                                                                                                                                            • Part of subcall function 07313D59: GetLastError.KERNEL32(?,0731BAE6,00000004,073226C0,0000000C,07318589,00000214,00000001,00000000,00000000,00000000,?,07317EC8,00000001,00000214), ref: 07313DD2
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3364461439.0000000007311000.00000020.00000001.01000000.00000012.sdmp, Offset: 07310000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3364405182.0000000007310000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364564894.0000000007320000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364633835.0000000007324000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364663478.0000000007327000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_7310000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ByteCharMultiWide$Heap$AllocErrorFreeLast___sbh_find_block___sbh_free_block__lock_malloc
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2030283311-0
                                                                                                                                          • Opcode ID: 8416bac41463475f957f8b7979da5d1b1b2967703fd58423e31f2aa644bcffcf
                                                                                                                                          • Instruction ID: 2c12e68ce4056c6db020afb421c00609f6655166b68e591f3fa7d43e97d601b2
                                                                                                                                          • Opcode Fuzzy Hash: 8416bac41463475f957f8b7979da5d1b1b2967703fd58423e31f2aa644bcffcf
                                                                                                                                          • Instruction Fuzzy Hash: 7C1196B638531577F620A6565C43F9B7798DB85B71F300325F7286A2C0EAA0B905817A
                                                                                                                                          Function 06DB1A30 Relevance: 7.6, APIs: 5, Instructions: 67COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • calloc.MSVCRT ref: 06DB1A4F
                                                                                                                                          • sem_init.PTHREADVC2(00000010,00000000,00000000), ref: 06DB1A88
                                                                                                                                          • sem_init.PTHREADVC2(00000014,?,00000000), ref: 06DB1A9D
                                                                                                                                          • sem_destroy.PTHREADVC2(00000010), ref: 06DB1AB0
                                                                                                                                          • free.MSVCRT ref: 06DB1AB9
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361426622.0000000006DB1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 06DB0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361402305.0000000006DB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361483658.0000000006DB6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361523421.0000000006DB8000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361556198.0000000006DB9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6db0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: sem_init$callocfreesem_destroy
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3610725121-0
                                                                                                                                          • Opcode ID: 2496c05a23b314945e2580d670d936502b7bb7be7cfe48b94bca5ed9e4005f86
                                                                                                                                          • Instruction ID: ff03d4506491c1926b876af73413b65e2cd987c350dad1aa3800c26396859869
                                                                                                                                          • Opcode Fuzzy Hash: 2496c05a23b314945e2580d670d936502b7bb7be7cfe48b94bca5ed9e4005f86
                                                                                                                                          • Instruction Fuzzy Hash: AF1191B2B00601DBE7A0CF59AC40FD7B7E89F84665F085529E94BD7249E721E40ACBB1
                                                                                                                                          Function 06DB3F80 Relevance: 7.6, APIs: 5, Instructions: 66COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • pthread_mutex_lock.PTHREADVC2(?), ref: 06DB3FB0
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361426622.0000000006DB1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 06DB0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361402305.0000000006DB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361483658.0000000006DB6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361523421.0000000006DB8000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361556198.0000000006DB9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6db0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: pthread_mutex_lock
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3524145552-0
                                                                                                                                          • Opcode ID: 1a437cadb2e5a70a28ebe458a5501ac28c191d02775e8b10d4630c3f80cf78c3
                                                                                                                                          • Instruction ID: 0e0343812e0600dc6b5c857d26bfe29b0c4e17c955435d82a15fc40efb224945
                                                                                                                                          • Opcode Fuzzy Hash: 1a437cadb2e5a70a28ebe458a5501ac28c191d02775e8b10d4630c3f80cf78c3
                                                                                                                                          • Instruction Fuzzy Hash: 3F0108B7E01614CB96A0DB6DAC406D763E4DA84671716193AD927C3309F732E80992F1
                                                                                                                                          Function 069C74B7 Relevance: 7.6, APIs: 5, Instructions: 59COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • __lock.LIBCMT ref: 069C740E
                                                                                                                                            • Part of subcall function 069CBFE2: __mtinitlocknum.LIBCMT ref: 069CBFF8
                                                                                                                                            • Part of subcall function 069CBFE2: __amsg_exit.LIBCMT ref: 069CC004
                                                                                                                                            • Part of subcall function 069CBFE2: EnterCriticalSection.KERNEL32(00000000,00000000,?,069CA27B,0000000D,06A09EC8,00000008,069CA372,00000000,?,069C6051,00000000,?,?,?,069C60B4), ref: 069CC00C
                                                                                                                                          • InterlockedDecrement.KERNEL32(00000000), ref: 069C7420
                                                                                                                                            • Part of subcall function 069C3E7F: __lock.LIBCMT ref: 069C3E9D
                                                                                                                                            • Part of subcall function 069C3E7F: ___sbh_find_block.LIBCMT ref: 069C3EA8
                                                                                                                                            • Part of subcall function 069C3E7F: ___sbh_free_block.LIBCMT ref: 069C3EB7
                                                                                                                                            • Part of subcall function 069C3E7F: HeapFree.KERNEL32(00000000,00000000,06A09908,0000000C,069CA1C1,00000000,?,069C6A86,00000000,00000001,00000000,?,069CBF6C,00000018,06A09FB0,0000000C), ref: 069C3EE7
                                                                                                                                            • Part of subcall function 069C3E7F: GetLastError.KERNEL32(?,069C6A86,00000000,00000001,00000000,?,069CBF6C,00000018,06A09FB0,0000000C,069CBFFD,00000000,00000000,?,069CA27B,0000000D), ref: 069C3EF8
                                                                                                                                          • __lock.LIBCMT ref: 069C744E
                                                                                                                                          • ___removelocaleref.LIBCMT ref: 069C745D
                                                                                                                                          • ___freetlocinfo.LIBCMT ref: 069C7476
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: __lock$CriticalDecrementEnterErrorFreeHeapInterlockedLastSection___freetlocinfo___removelocaleref___sbh_find_block___sbh_free_block__amsg_exit__mtinitlocknum
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1907232653-0
                                                                                                                                          • Opcode ID: 8700359c14af5aca19c623189bf7c2a75476d6381d38f73c066ea0cabb2ddab5
                                                                                                                                          • Instruction ID: fec006cd9499a034bf8f4f7abf334f0bb0c7dbc9233020d92dd285017a0a0f45
                                                                                                                                          • Opcode Fuzzy Hash: 8700359c14af5aca19c623189bf7c2a75476d6381d38f73c066ea0cabb2ddab5
                                                                                                                                          • Instruction Fuzzy Hash: 6E114F31905204ABDBE0FFB89844B297BA9AF84770F30850DE4A99F990DA348940DE62
                                                                                                                                          Function 07313270 Relevance: 7.6, APIs: 5, Instructions: 56COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3364461439.0000000007311000.00000020.00000001.01000000.00000012.sdmp, Offset: 07310000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3364405182.0000000007310000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364564894.0000000007320000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364633835.0000000007324000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364663478.0000000007327000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_7310000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: #200#202#203_memset
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2069710911-0
                                                                                                                                          • Opcode ID: 396d7d90584295a0524ae1a02a64a653a93373a7a687a831b7ed0b335e145c88
                                                                                                                                          • Instruction ID: 3c49c06c23c1ba1fb018a1ef96fc94fab261d3a2d6df016f6455878cfcd4e2f9
                                                                                                                                          • Opcode Fuzzy Hash: 396d7d90584295a0524ae1a02a64a653a93373a7a687a831b7ed0b335e145c88
                                                                                                                                          • Instruction Fuzzy Hash: 6701DEF5A04211ABF618E768CC42FAFB7E8AF84214F448898FD8C86200F735D90982D3
                                                                                                                                          Function 069AB0E0 Relevance: 7.6, APIs: 5, Instructions: 55COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • ?Find@ID3_Tag@@QBEPAVID3_Frame@@W4ID3_FrameID@@W4ID3_FieldID@@PBD@Z.ID3LIB(0000001C,0000000A,?), ref: 069AB0F2
                                                                                                                                          • ?Find@ID3_Tag@@QBEPAVID3_Frame@@W4ID3_FrameID@@W4ID3_FieldID@@PBD@Z.ID3LIB(0000001C,00000005,?), ref: 069AB106
                                                                                                                                          • ?GetField@ID3_Frame@@QBEPAVID3_Field@@W4ID3_FieldID@@@Z.ID3LIB(00000004,?,0000001C), ref: 069AB121
                                                                                                                                          • ?GetField@ID3_Frame@@QBEPAVID3_Field@@W4ID3_FieldID@@@Z.ID3LIB(00000004), ref: 069AB14D
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: FieldFrame@@$D@@@Field@Field@@Find@FrameTag@@
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3038029626-0
                                                                                                                                          • Opcode ID: e464bec5076c5b6ddd94738b4bb0e937d4c8fc9bd8a201ff04c2221085e76e9e
                                                                                                                                          • Instruction ID: a0589f7389e2926036c0eda584fe0ca189604af4c4dbef23488977ba5de27ead
                                                                                                                                          • Opcode Fuzzy Hash: e464bec5076c5b6ddd94738b4bb0e937d4c8fc9bd8a201ff04c2221085e76e9e
                                                                                                                                          • Instruction Fuzzy Hash: 06015B70754312AFEB84EB68EC41E2AB3D9AFC5B00F104829E6518B694DA70DD02CBE1
                                                                                                                                          Function 06DB3360 Relevance: 7.6, APIs: 5, Instructions: 52COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • InterlockedExchange.KERNEL32(?,00000000), ref: 06DB3376
                                                                                                                                          • pthread_self.PTHREADVC2(?,?,06DB52BC,?,?,?,06DB2AE2,01BF0578,00000000), ref: 06DB338A
                                                                                                                                          • pthread_equal.PTHREADVC2(?,?,00000000,?,?,?,06DB52BC,?,?,?,06DB2AE2,01BF0578,00000000), ref: 06DB3399
                                                                                                                                          • InterlockedExchange.KERNEL32(?,00000000), ref: 06DB33B9
                                                                                                                                          • SetEvent.KERNEL32(?,?,?,06DB2AE2,01BF0578,00000000), ref: 06DB33C7
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361426622.0000000006DB1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 06DB0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361402305.0000000006DB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361483658.0000000006DB6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361523421.0000000006DB8000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361556198.0000000006DB9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6db0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ExchangeInterlocked$Eventpthread_equalpthread_self
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2864401594-0
                                                                                                                                          • Opcode ID: 6c1fd9a7e1880b6e4eb5b10c62421c4508eadcc8c7958bec099f9805a1b65834
                                                                                                                                          • Instruction ID: b2343275bf092ed1f002f8e54a76f84e39c6a660b3fa6514be22f340df15886b
                                                                                                                                          • Opcode Fuzzy Hash: 6c1fd9a7e1880b6e4eb5b10c62421c4508eadcc8c7958bec099f9805a1b65834
                                                                                                                                          • Instruction Fuzzy Hash: C5015232B00600EB8BB09B1B99449AB77E9EBC1721701991DF56BC3348EB71E8419B60
                                                                                                                                          Function 07319D13 Relevance: 7.5, APIs: 5, Instructions: 47COMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • __getptd.LIBCMT ref: 07319D1F
                                                                                                                                            • Part of subcall function 07317F16: __getptd_noexit.LIBCMT ref: 07317F19
                                                                                                                                            • Part of subcall function 07317F16: __amsg_exit.LIBCMT ref: 07317F26
                                                                                                                                          • __amsg_exit.LIBCMT ref: 07319D3F
                                                                                                                                          • __lock.LIBCMT ref: 07319D4F
                                                                                                                                          • InterlockedDecrement.KERNEL32(?), ref: 07319D6C
                                                                                                                                          • InterlockedIncrement.KERNEL32(075315B8), ref: 07319D97
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3364461439.0000000007311000.00000020.00000001.01000000.00000012.sdmp, Offset: 07310000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3364405182.0000000007310000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364564894.0000000007320000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364633835.0000000007324000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364663478.0000000007327000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_7310000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 4271482742-0
                                                                                                                                          • Opcode ID: 869e97bea7d8c7066976cbb796709d604f9cdbda9fce57fc4f5d54def269aa0b
                                                                                                                                          • Instruction ID: 533ad3f06e4b0e7fab92dc761a7b8fdd7d7a4cbce5303110932709452f259210
                                                                                                                                          • Opcode Fuzzy Hash: 869e97bea7d8c7066976cbb796709d604f9cdbda9fce57fc4f5d54def269aa0b
                                                                                                                                          • Instruction Fuzzy Hash: 6801D2F3E016A2DBF729AB24941AB5DB3A4BF44B21F150159E40C67681CB387952CFD2
                                                                                                                                          Function 069CE8A5 Relevance: 7.5, APIs: 5, Instructions: 47COMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • __getptd.LIBCMT ref: 069CE8B1
                                                                                                                                            • Part of subcall function 069CA1D0: __getptd_noexit.LIBCMT ref: 069CA1D3
                                                                                                                                            • Part of subcall function 069CA1D0: __amsg_exit.LIBCMT ref: 069CA1E0
                                                                                                                                          • __amsg_exit.LIBCMT ref: 069CE8D1
                                                                                                                                          • __lock.LIBCMT ref: 069CE8E1
                                                                                                                                          • InterlockedDecrement.KERNEL32(?), ref: 069CE8FE
                                                                                                                                          • InterlockedIncrement.KERNEL32(06AA15B8), ref: 069CE929
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 4271482742-0
                                                                                                                                          • Opcode ID: d60633f48134d64f4911f75dba404b9a26ce0ae5d741c837033e1ab5506aab30
                                                                                                                                          • Instruction ID: 11faff475176876559c8db376ea34f40f9058aaa4bf7b1a5d05afc3c8a3644f7
                                                                                                                                          • Opcode Fuzzy Hash: d60633f48134d64f4911f75dba404b9a26ce0ae5d741c837033e1ab5506aab30
                                                                                                                                          • Instruction Fuzzy Hash: B401AD31D01726ABDBE1FB289805B6A7364BF42730F25001CE915ABE80C7346E42DBD3
                                                                                                                                          Function 07313D59 Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • __lock.LIBCMT ref: 07313D77
                                                                                                                                            • Part of subcall function 073149A5: __mtinitlocknum.LIBCMT ref: 073149BB
                                                                                                                                            • Part of subcall function 073149A5: __amsg_exit.LIBCMT ref: 073149C7
                                                                                                                                            • Part of subcall function 073149A5: EnterCriticalSection.KERNEL32(-0000000E,-0000000E,?,0731BAE6,00000004,073226C0,0000000C,07318589,00000214,00000001,00000000,00000000,00000000,?,07317EC8,00000001), ref: 073149CF
                                                                                                                                          • ___sbh_find_block.LIBCMT ref: 07313D82
                                                                                                                                          • ___sbh_free_block.LIBCMT ref: 07313D91
                                                                                                                                          • HeapFree.KERNEL32(00000000,00000214,07322450,0000000C,07314986,00000000,073224B0,0000000C,073149C0,00000214,-0000000E,?,0731BAE6,00000004,073226C0,0000000C), ref: 07313DC1
                                                                                                                                          • GetLastError.KERNEL32(?,0731BAE6,00000004,073226C0,0000000C,07318589,00000214,00000001,00000000,00000000,00000000,?,07317EC8,00000001,00000214), ref: 07313DD2
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3364461439.0000000007311000.00000020.00000001.01000000.00000012.sdmp, Offset: 07310000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3364405182.0000000007310000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364564894.0000000007320000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364633835.0000000007324000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364663478.0000000007327000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_7310000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2714421763-0
                                                                                                                                          • Opcode ID: 374052107479c372db7e0d09c4355ce85ae38752f50057dece53d09aa152ccb6
                                                                                                                                          • Instruction ID: de62d73c0837549133719cdf2c4f16b3ce3572b9cf4af1cb7718737ab924db96
                                                                                                                                          • Opcode Fuzzy Hash: 374052107479c372db7e0d09c4355ce85ae38752f50057dece53d09aa152ccb6
                                                                                                                                          • Instruction Fuzzy Hash: DD0186F2A45356EAFF3C7FB09C0AB9D3B68AF41721F20005DE44CA6081DF3995618B96
                                                                                                                                          Function 069C3E7F Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • __lock.LIBCMT ref: 069C3E9D
                                                                                                                                            • Part of subcall function 069CBFE2: __mtinitlocknum.LIBCMT ref: 069CBFF8
                                                                                                                                            • Part of subcall function 069CBFE2: __amsg_exit.LIBCMT ref: 069CC004
                                                                                                                                            • Part of subcall function 069CBFE2: EnterCriticalSection.KERNEL32(00000000,00000000,?,069CA27B,0000000D,06A09EC8,00000008,069CA372,00000000,?,069C6051,00000000,?,?,?,069C60B4), ref: 069CC00C
                                                                                                                                          • ___sbh_find_block.LIBCMT ref: 069C3EA8
                                                                                                                                          • ___sbh_free_block.LIBCMT ref: 069C3EB7
                                                                                                                                          • HeapFree.KERNEL32(00000000,00000000,06A09908,0000000C,069CA1C1,00000000,?,069C6A86,00000000,00000001,00000000,?,069CBF6C,00000018,06A09FB0,0000000C), ref: 069C3EE7
                                                                                                                                          • GetLastError.KERNEL32(?,069C6A86,00000000,00000001,00000000,?,069CBF6C,00000018,06A09FB0,0000000C,069CBFFD,00000000,00000000,?,069CA27B,0000000D), ref: 069C3EF8
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2714421763-0
                                                                                                                                          • Opcode ID: 4c096914941a68f8eefc49d091015ef253f931500855107f34acdb96f3efd9a2
                                                                                                                                          • Instruction ID: 4ade8161568d5e1bdca954ea7a49c6757b37528714fc03cf81751958b322db81
                                                                                                                                          • Opcode Fuzzy Hash: 4c096914941a68f8eefc49d091015ef253f931500855107f34acdb96f3efd9a2
                                                                                                                                          • Instruction Fuzzy Hash: C3018431D04209AFEBE0BB759C0476E3FB9AF40370F20845CE524A68C0CA3889419B56
                                                                                                                                          Function 069A9390 Relevance: 7.5, APIs: 5, Instructions: 39COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • ?Find@ID3_Tag@@QBEPAVID3_Frame@@W4ID3_FrameID@@@Z.ID3LIB(0000003E), ref: 069A93A5
                                                                                                                                          • ?Find@ID3_Tag@@QBEPAVID3_Frame@@W4ID3_FrameID@@@Z.ID3LIB(0000003F,0000003E), ref: 069A93B2
                                                                                                                                          • ?Find@ID3_Tag@@QBEPAVID3_Frame@@W4ID3_FrameID@@@Z.ID3LIB(00000040,0000003F,0000003E), ref: 069A93BF
                                                                                                                                          • ?Find@ID3_Tag@@QBEPAVID3_Frame@@W4ID3_FrameID@@@Z.ID3LIB(00000020,00000040,0000003F,0000003E), ref: 069A93CC
                                                                                                                                          • ?ID3_GetString@@YAPADPBVID3_Frame@@W4ID3_FieldID@@@Z.ID3LIB(00000000,00000002,0000003E), ref: 069A93D8
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: D@@@Frame@@$Find@FrameTag@@$FieldString@@
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1755935093-0
                                                                                                                                          • Opcode ID: 2b54eb78b59a771d89a06f770f8c247238bb21a078b57af655b1d3b1701f5ab2
                                                                                                                                          • Instruction ID: 65055225e64b20a2ac219192a71ea3a6f6b00c5949c332f3ab6854dc07efd937
                                                                                                                                          • Opcode Fuzzy Hash: 2b54eb78b59a771d89a06f770f8c247238bb21a078b57af655b1d3b1701f5ab2
                                                                                                                                          • Instruction Fuzzy Hash: 1BF08262B3031226EFD5B13E2C15B7E02DD5BC1961F100461EA49DAAC8EE428A0201F1
                                                                                                                                          Function 06DC4D53 Relevance: 7.5, APIs: 5, Instructions: 38threadCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • GetLastError.KERNEL32(00000103,7FFFFFFF,06DC6913,06DC5802,00000000,?,?,00000000,00000001), ref: 06DC4D55
                                                                                                                                          • TlsGetValue.KERNEL32 ref: 06DC4D63
                                                                                                                                          • SetLastError.KERNEL32(00000000), ref: 06DC4DAF
                                                                                                                                            • Part of subcall function 06DC5DA8: HeapAlloc.KERNEL32(00000008,?,00000000,00000000,00000001,06DC4AD8,06DC8658,000000FF,?,06DC4D78,00000001,00000074), ref: 06DC5E9E
                                                                                                                                          • TlsSetValue.KERNEL32(00000000), ref: 06DC4D87
                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 06DC4D98
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361628266.0000000006DC1000.00000020.00000001.01000000.00000010.sdmp, Offset: 06DC0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361583894.0000000006DC0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361695467.0000000006DC8000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361730827.0000000006DCB000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361760959.0000000006DCD000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361801698.0000000006DCF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6dc0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ErrorLastValue$AllocCurrentHeapThread
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2020098873-0
                                                                                                                                          • Opcode ID: ca58409fb162d012067b81cd25cc7a12b6ae5ac3574a886a70c3380b77cb62cd
                                                                                                                                          • Instruction ID: ca6034bb5c0e64aa11faf660670380d6ac79853760f72c90b7e2b541750f7902
                                                                                                                                          • Opcode Fuzzy Hash: ca58409fb162d012067b81cd25cc7a12b6ae5ac3574a886a70c3380b77cb62cd
                                                                                                                                          • Instruction Fuzzy Hash: 81F09631D02B3F9FD7F13B75BC0DA5A3EA6EF816B1F11021DF65597280DB288441A6A0
                                                                                                                                          Function 06DDE884 Relevance: 7.5, APIs: 5, Instructions: 38threadCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • GetLastError.KERNEL32(00000000,00000000,06DDE5C3,06DDE548,00000000,06DDBECC,00000000,?,?,?,06DDB0DA,00000000,00000000,?,?,00000000), ref: 06DDE886
                                                                                                                                          • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,00000008,000000D5,?,?,?,00000111,?), ref: 06DDE894
                                                                                                                                          • SetLastError.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,00000008,000000D5,?,?,?,00000111), ref: 06DDE8E0
                                                                                                                                            • Part of subcall function 06DDE98B: RtlAllocateHeap.NTDLL(00000008,?,00000000,?,?,00000000,?,06DD32E9,?,?,?), ref: 06DDEA81
                                                                                                                                          • TlsSetValue.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,00000008,000000D5,?,?,?,00000111), ref: 06DDE8B8
                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 06DDE8C9
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361849390.0000000006DD1000.00000020.00000001.01000000.00000011.sdmp, Offset: 06DD0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361827332.0000000006DD0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361960118.0000000006DE2000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361980942.0000000006DE5000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3362017883.0000000006DE8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6dd0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ErrorLastValue$AllocateCurrentHeapThread
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2047054392-0
                                                                                                                                          • Opcode ID: 8984cfa37ff684f5af81d7f10ec040831f1ec9254576796da9342362c3eef78d
                                                                                                                                          • Instruction ID: 840fa9b6c89637e70d7d91cb536101e033d9ab679c6098577d12e436ef2412f5
                                                                                                                                          • Opcode Fuzzy Hash: 8984cfa37ff684f5af81d7f10ec040831f1ec9254576796da9342362c3eef78d
                                                                                                                                          • Instruction Fuzzy Hash: 5BF090369016219FD6A53B25FC086293B6AEF417B1B040234E791DE6E0DFA58802D7A0
                                                                                                                                          Function 06DB44D0 Relevance: 7.5, APIs: 5, Instructions: 36COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361426622.0000000006DB1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 06DB0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361402305.0000000006DB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361483658.0000000006DB6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361523421.0000000006DB8000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361556198.0000000006DB9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6db0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Process_errno$CurrentErrorLastOpen
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1532143965-0
                                                                                                                                          • Opcode ID: 2c8e43e3db8b6d182384dd0546322ec300995348f375ed0aa0fc4d6bd49fd828
                                                                                                                                          • Instruction ID: 426df4dc16707caa4221a96b8708252e155d8032cb622a73c3cab852fe60a279
                                                                                                                                          • Opcode Fuzzy Hash: 2c8e43e3db8b6d182384dd0546322ec300995348f375ed0aa0fc4d6bd49fd828
                                                                                                                                          • Instruction Fuzzy Hash: 29F09A32914670CBDA609B3AB8083AA3BE5AF01621F0A6310F966D63CCD630C840C6A5
                                                                                                                                          Function 06DC48FB Relevance: 7.5, APIs: 5, Instructions: 34COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • DeleteCriticalSection.KERNEL32(00000000,?,?,06DC4D27,06DC36DF,06DC3738,?,?,?), ref: 06DC492F
                                                                                                                                            • Part of subcall function 06DC350A: HeapFree.KERNEL32(00000000,?,00000000,00000010,?,?,06DC34A7,00000009,?,?,?), ref: 06DC35DE
                                                                                                                                          • DeleteCriticalSection.KERNEL32(?,?,06DC4D27,06DC36DF,06DC3738,?,?,?), ref: 06DC494A
                                                                                                                                          • DeleteCriticalSection.KERNEL32 ref: 06DC4952
                                                                                                                                          • DeleteCriticalSection.KERNEL32 ref: 06DC495A
                                                                                                                                          • DeleteCriticalSection.KERNEL32 ref: 06DC4962
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361628266.0000000006DC1000.00000020.00000001.01000000.00000010.sdmp, Offset: 06DC0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361583894.0000000006DC0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361695467.0000000006DC8000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361730827.0000000006DCB000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361760959.0000000006DCD000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361801698.0000000006DCF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6dc0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CriticalDeleteSection$FreeHeap
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 447823528-0
                                                                                                                                          • Opcode ID: b36dd21384ee0f377eaad7150a826881e28a1b121e7dee50b3b2f3bf6b456b0c
                                                                                                                                          • Instruction ID: f24bbcf4fad0f3c19d0e2375a9f2d5ad49d5dbcafe91aa7ad822c70cf9d8343a
                                                                                                                                          • Opcode Fuzzy Hash: b36dd21384ee0f377eaad7150a826881e28a1b121e7dee50b3b2f3bf6b456b0c
                                                                                                                                          • Instruction Fuzzy Hash: D2F05426C0116F5AC9B03B1FEF7B95D6A56DA82230306053FDAB853230C916CC40E990
                                                                                                                                          Function 06DDD478 Relevance: 7.5, APIs: 5, Instructions: 34COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • DeleteCriticalSection.KERNEL32(00000000,?,?,06DDE858,06DDC25C,06DDC2B5,?,?,?), ref: 06DDD4AC
                                                                                                                                            • Part of subcall function 06DDB3DA: HeapFree.KERNEL32(00000000,?,00000000,?,00000000,?,06DDEA41,00000009,00000000,?,?,00000000,?,06DD32E9,?,?), ref: 06DDB4AE
                                                                                                                                          • DeleteCriticalSection.KERNEL32(?,?,06DDE858,06DDC25C,06DDC2B5,?,?,?), ref: 06DDD4C7
                                                                                                                                          • DeleteCriticalSection.KERNEL32 ref: 06DDD4CF
                                                                                                                                          • DeleteCriticalSection.KERNEL32 ref: 06DDD4D7
                                                                                                                                          • DeleteCriticalSection.KERNEL32 ref: 06DDD4DF
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361849390.0000000006DD1000.00000020.00000001.01000000.00000011.sdmp, Offset: 06DD0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361827332.0000000006DD0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361960118.0000000006DE2000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361980942.0000000006DE5000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3362017883.0000000006DE8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6dd0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CriticalDeleteSection$FreeHeap
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 447823528-0
                                                                                                                                          • Opcode ID: ffbec9c15c3062be4292b5bd2517535103a877f98509e9148cd1c56c17c1e609
                                                                                                                                          • Instruction ID: 5558a2f46a1ab5d593d1421e4051bf103bd27828bcd95f07fc5b96ed53410219
                                                                                                                                          • Opcode Fuzzy Hash: ffbec9c15c3062be4292b5bd2517535103a877f98509e9148cd1c56c17c1e609
                                                                                                                                          • Instruction Fuzzy Hash: 3EF0F822C0019096DDF47B2BBD4984A7A57EED52BC3174036FB986F3A485A76C40DBE1
                                                                                                                                          Function 06DB1070 Relevance: 7.5, APIs: 5, Instructions: 28synchronizationCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 06DB1078
                                                                                                                                          • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?), ref: 06DB1087
                                                                                                                                          • InterlockedCompareExchange.KERNEL32(?,00000000,00000000), ref: 06DB1093
                                                                                                                                          • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 06DB10A0
                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 06DB10A7
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361426622.0000000006DB1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 06DB0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361402305.0000000006DB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361483658.0000000006DB6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361523421.0000000006DB8000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361556198.0000000006DB9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6db0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ExchangeInterlocked$CloseCompareCreateEventHandleObjectSingleWait
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2569747014-0
                                                                                                                                          • Opcode ID: 574e66bbf752807541b03ce861fa6f870c607841566146ee0fc42ca8d11f153a
                                                                                                                                          • Instruction ID: 9e96b17581e54c47d6a20b4869d35593f630c1aa92783b41a3940b1b99131d3a
                                                                                                                                          • Opcode Fuzzy Hash: 574e66bbf752807541b03ce861fa6f870c607841566146ee0fc42ca8d11f153a
                                                                                                                                          • Instruction Fuzzy Hash: 49E04F31605150FFE6301B27AC0CFBB7A6DEF426A1F102119FB16D1288D73484018675
                                                                                                                                          Function 06DB52E0 Relevance: 7.5, APIs: 5, Instructions: 26networkCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • GetLastError.KERNEL32(00000000,5604C483,?,06DB2A4E,01BF0578,00000000,5604C483,?,06DB3435), ref: 06DB52EF
                                                                                                                                          • WSAGetLastError.WS2_32(?,06DB3435), ref: 06DB52F7
                                                                                                                                          • TlsGetValue.KERNEL32(00000000,?,06DB3435), ref: 06DB5301
                                                                                                                                          • SetLastError.KERNEL32(00000000,?,06DB3435), ref: 06DB530A
                                                                                                                                          • WSASetLastError.WS2_32(00000000,?,06DB3435), ref: 06DB5311
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361426622.0000000006DB1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 06DB0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361402305.0000000006DB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361483658.0000000006DB6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361523421.0000000006DB8000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361556198.0000000006DB9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6db0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ErrorLast$Value
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1883355122-0
                                                                                                                                          • Opcode ID: 3cc3ac6059244c64607eb7f6176231d064d540369adbb42ffeb511ad44e50dee
                                                                                                                                          • Instruction ID: c2af46225710630f378c630a9f462419b142c57dfb9667c345eb3ded94017383
                                                                                                                                          • Opcode Fuzzy Hash: 3cc3ac6059244c64607eb7f6176231d064d540369adbb42ffeb511ad44e50dee
                                                                                                                                          • Instruction Fuzzy Hash: 80E08C72701210DB9B806FFABCC889A7BADEF891623402439F209C3308EB65C8015730
                                                                                                                                          Function 0731440D Relevance: 7.5, APIs: 5, Instructions: 24threadCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 073159D0: _doexit.LIBCMT ref: 073159DC
                                                                                                                                          • ___set_flsgetvalue.LIBCMT ref: 0731441F
                                                                                                                                            • Part of subcall function 07317D28: TlsGetValue.KERNEL32(?,07317EB4,?,?,?,00000000,000003FF), ref: 07317D31
                                                                                                                                            • Part of subcall function 07317D28: __decode_pointer.LIBCMT ref: 07317D43
                                                                                                                                            • Part of subcall function 07317D28: TlsSetValue.KERNEL32(00000000,?,?,00000000,000003FF), ref: 07317D52
                                                                                                                                          • ___fls_getvalue@4.LIBCMT ref: 0731442A
                                                                                                                                            • Part of subcall function 07317D08: TlsGetValue.KERNEL32(?,?,0731442F,00000000), ref: 07317D16
                                                                                                                                          • ___fls_setvalue@8.LIBCMT ref: 0731443D
                                                                                                                                            • Part of subcall function 07317D5C: __decode_pointer.LIBCMT ref: 07317D6D
                                                                                                                                          • GetLastError.KERNEL32(00000000,?,00000000), ref: 07314446
                                                                                                                                          • ExitThread.KERNEL32 ref: 0731444D
                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 07314453
                                                                                                                                          • __freefls@4.LIBCMT ref: 07314473
                                                                                                                                          • __IsNonwritableInCurrentImage.LIBCMT ref: 07314486
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3364461439.0000000007311000.00000020.00000001.01000000.00000012.sdmp, Offset: 07310000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3364405182.0000000007310000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364564894.0000000007320000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364633835.0000000007324000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364663478.0000000007327000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_7310000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Value$CurrentThread__decode_pointer$ErrorExitImageLastNonwritable___fls_getvalue@4___fls_setvalue@8___set_flsgetvalue__freefls@4_doexit
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 132634196-0
                                                                                                                                          • Opcode ID: 7862d0a4f9f784c1876df623f6b65dc5d9d5809646b3b6d1c198cdbd4caf2266
                                                                                                                                          • Instruction ID: e39c47ec4911ef66a4a2492c10ea58b62da33cbd3bcb50f853a4e2b957bc2d2d
                                                                                                                                          • Opcode Fuzzy Hash: 7862d0a4f9f784c1876df623f6b65dc5d9d5809646b3b6d1c198cdbd4caf2266
                                                                                                                                          • Instruction Fuzzy Hash: F3E0E6F690025EEBFF1D37F19C099AF372C9D49350F554410B92C97011EE28A91346A3
                                                                                                                                          Function 06DB28D0 Relevance: 7.5, APIs: 5, Instructions: 14COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • pthread_win32_process_attach_np.PTHREADVC2(?,?,?,?), ref: 06DB28E5
                                                                                                                                          • pthread_win32_thread_attach_np.PTHREADVC2(?), ref: 06DB28ED
                                                                                                                                          • pthread_win32_thread_detach_np.PTHREADVC2 ref: 06DB28F5
                                                                                                                                          • pthread_win32_thread_detach_np.PTHREADVC2(06DB5525,?,?,?,?,?,?), ref: 06DB28FD
                                                                                                                                          • pthread_win32_process_detach_np.PTHREADVC2(06DB5525,?,?,?,?,?,?), ref: 06DB2902
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361426622.0000000006DB1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 06DB0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361402305.0000000006DB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361483658.0000000006DB6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361523421.0000000006DB8000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361556198.0000000006DB9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6db0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: pthread_win32_thread_detach_np$pthread_win32_process_attach_nppthread_win32_process_detach_nppthread_win32_thread_attach_np
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3555143841-0
                                                                                                                                          • Opcode ID: a807f59c3c6af7c8be8139ba3e78e65ae2bfaa195c927a48bf825419e63b5560
                                                                                                                                          • Instruction ID: 059c44c353854f8132ddcbce08134ea1e427a16cf9813771a7d2b47aac4ddb86
                                                                                                                                          • Opcode Fuzzy Hash: a807f59c3c6af7c8be8139ba3e78e65ae2bfaa195c927a48bf825419e63b5560
                                                                                                                                          • Instruction Fuzzy Hash: 5CD0C9BEC04149C7C5D4B760C811FEEA300FBB0390B87A01FC02B0120889B00461E132
                                                                                                                                          Function 07312370 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          Strings
                                                                                                                                          • NdfPlayer_UpdateTextPos IN pPlayerCtx:%d cx:%.3f cy:%.3f, xrefs: 0731240A
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3364461439.0000000007311000.00000020.00000001.01000000.00000012.sdmp, Offset: 07310000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3364405182.0000000007310000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364564894.0000000007320000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364633835.0000000007324000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364663478.0000000007327000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_7310000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: _memset
                                                                                                                                          • String ID: NdfPlayer_UpdateTextPos IN pPlayerCtx:%d cx:%.3f cy:%.3f
                                                                                                                                          • API String ID: 2102423945-3072522838
                                                                                                                                          • Opcode ID: 05ed61bae9d883eefef877d08b57dc777d4e95e611a7aeba4d5e8c872f000e52
                                                                                                                                          • Instruction ID: 2589f3a92307d0bf67550390829e1a4408db6032999eb2f0e8e28e616404a9ed
                                                                                                                                          • Opcode Fuzzy Hash: 05ed61bae9d883eefef877d08b57dc777d4e95e611a7aeba4d5e8c872f000e52
                                                                                                                                          • Instruction Fuzzy Hash: 7E21F4F2A043409AF338AB18E4457ABBBE4BFC8304F808D5DE7CD62181EA745465879B
                                                                                                                                          Function 069B11D0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 69COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • ??0ID3_IOStreamWriter@@QAE@AAV?$basic_iostream@DU?$char_traits@D@std@@@std@@@Z.ID3LIB(?,00000000,00000002,6E79B076), ref: 069B126F
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: D@std@@@std@@@StreamU?$char_traits@V?$basic_iostream@Writer@@
                                                                                                                                          • String ID: A$G$T
                                                                                                                                          • API String ID: 2381759-1692029315
                                                                                                                                          • Opcode ID: 5550facf3b9bfb12b30978b41cc240ee8af18fab33494bba64b63c79a10dccb1
                                                                                                                                          • Instruction ID: 664ac97b25135ebf93e55a77c2cbb2e10cc7963b6e014bf80b8b6ad56001cf8c
                                                                                                                                          • Opcode Fuzzy Hash: 5550facf3b9bfb12b30978b41cc240ee8af18fab33494bba64b63c79a10dccb1
                                                                                                                                          • Instruction Fuzzy Hash: 902122716087406BDB50DB18CC51B4ABBD8ABC9734F504A1DF16892AD0D7349609CB96
                                                                                                                                          Function 0B545F7C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 65libraryCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • LoadLibraryW.KERNEL32(wtsapi32.dll,00000000,0B546017), ref: 0B545FA2
                                                                                                                                            • Part of subcall function 0B083900: GetProcAddress.KERNEL32(?,?), ref: 0B08392A
                                                                                                                                          • FreeLibrary.KERNEL32(00000000,0B54600D,0B546006,?,wtsapi32.dll,00000000,0B546017), ref: 0B546000
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3379869403.000000000B089000.00000040.00001000.00020000.00000000.sdmp, Offset: 0B070000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B070000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5AF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5B1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5BB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5F7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_b070000_CPPlayer.jbxd
                                                                                                                                          Yara matches
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Library$AddressFreeLoadProc
                                                                                                                                          • String ID: WTSRegisterSessionNotification$wtsapi32.dll
                                                                                                                                          • API String ID: 145871493-1656296286
                                                                                                                                          • Opcode ID: a8d4ac851c599937de3dbbec43bdbcaab497b37a9a95eef870c8041dfcd6eca7
                                                                                                                                          • Instruction ID: 608daaddaccb93742a45a112005c0f59443dfe14fb12c6aa40ae740b0e92008f
                                                                                                                                          • Opcode Fuzzy Hash: a8d4ac851c599937de3dbbec43bdbcaab497b37a9a95eef870c8041dfcd6eca7
                                                                                                                                          • Instruction Fuzzy Hash: 29119371E04248AFEB16DFE4D815BAEFBB8FB4A714F1148E6F418E2540E7754A10C670
                                                                                                                                          Function 0699274D Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(85557334,85557334), ref: 06992754
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,C0104754), ref: 069927A6
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ?getCharEnd@Reader@io@dami@@
                                                                                                                                          • String ID: OleAut32
                                                                                                                                          • API String ID: 495049384-3615908411
                                                                                                                                          • Opcode ID: 4f32d31d542f53c907a3df858e9ac4998fb455b148bd6fa0874fc1e4ff6d8f00
                                                                                                                                          • Instruction ID: d2bf3cee393116979d121ac1c5c42b820768bc9151d062d385d302b5bc76def1
                                                                                                                                          • Opcode Fuzzy Hash: 4f32d31d542f53c907a3df858e9ac4998fb455b148bd6fa0874fc1e4ff6d8f00
                                                                                                                                          • Instruction Fuzzy Hash: C8118F30C08289EEEF01DFA8D804BEDBFB5AF05314F104059E5647A291D7764B448B69
                                                                                                                                          Function 06992752 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 45COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(85557334,85557334), ref: 06992754
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,C0104754), ref: 069927A6
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ?getCharEnd@Reader@io@dami@@
                                                                                                                                          • String ID: OleAut32
                                                                                                                                          • API String ID: 495049384-3615908411
                                                                                                                                          • Opcode ID: 2fd6affe6c39ca94539e62a1ac4d60ae9d80fee24ce821c23a2f9f50ae8b4f18
                                                                                                                                          • Instruction ID: 08912130b759a9c8e0c5d4dd6394f8d7c1dacc6613598a4c66dad925f8db303a
                                                                                                                                          • Opcode Fuzzy Hash: 2fd6affe6c39ca94539e62a1ac4d60ae9d80fee24ce821c23a2f9f50ae8b4f18
                                                                                                                                          • Instruction Fuzzy Hash: 2D119130C08289EEEF01DFA8D804BEDBFB5AF05314F104059E5647A291D7764B448B69
                                                                                                                                          Function 073168D5 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • GetModuleHandleA.KERNEL32(KERNEL32,07313E56), ref: 073168DA
                                                                                                                                          • GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 073168EA
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3364461439.0000000007311000.00000020.00000001.01000000.00000012.sdmp, Offset: 07310000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3364405182.0000000007310000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364564894.0000000007320000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364633835.0000000007324000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364663478.0000000007327000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_7310000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: AddressHandleModuleProc
                                                                                                                                          • String ID: IsProcessorFeaturePresent$KERNEL32
                                                                                                                                          • API String ID: 1646373207-3105848591
                                                                                                                                          • Opcode ID: 09c116737a936ecf76260de545a7f212e27f74f52bfe099e82b82278d58fcff3
                                                                                                                                          • Instruction ID: d4ed87e25b1d1d4ecad67ecd0f9798a4d9d654183582d0ffb33cd521547a7574
                                                                                                                                          • Opcode Fuzzy Hash: 09c116737a936ecf76260de545a7f212e27f74f52bfe099e82b82278d58fcff3
                                                                                                                                          • Instruction Fuzzy Hash: 97F01DB4A00A0EE3FF142BE5AA0B66E7B7CBFC0742F8105A4D19AA0485DF3494759351
                                                                                                                                          Function 069D0F1E Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • GetModuleHandleA.KERNEL32(KERNEL32,069C4E25), ref: 069D0F23
                                                                                                                                          • GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 069D0F33
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: AddressHandleModuleProc
                                                                                                                                          • String ID: IsProcessorFeaturePresent$KERNEL32
                                                                                                                                          • API String ID: 1646373207-3105848591
                                                                                                                                          • Opcode ID: bb7cd3861a3f47f53a756f778818f25d638e212825a9af3bf875dfb26246d286
                                                                                                                                          • Instruction ID: 43775679933aecd55ab2bb378e4f7bbb9b8301c112bc45b0d7e5f88fd8593ca2
                                                                                                                                          • Opcode Fuzzy Hash: bb7cd3861a3f47f53a756f778818f25d638e212825a9af3bf875dfb26246d286
                                                                                                                                          • Instruction Fuzzy Hash: BAF0362094460EE6EF802FB5B90A37F7A79BB80745F9144A0D695A1084DF30D875D256
                                                                                                                                          Function 073115CE Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 32sleepCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • Sleep.KERNEL32(0000000A), ref: 073115E8
                                                                                                                                          • SDL_CreateWindowFrom.SDL2(?), ref: 07311607
                                                                                                                                          • OutputDebugStringA.KERNEL32(video_refresh_thread SDL_CreateRenderer nUseSoftwareRender), ref: 07311628
                                                                                                                                          • SDL_SetHint.SDL2(SDL_RENDER_VSYNC,073206B0), ref: 07311634
                                                                                                                                          • SDL_CreateRenderer.SDL2(00000000,?,00000002), ref: 07311651
                                                                                                                                          • OutputDebugStringA.KERNEL32(video_refresh_thread SDL_CreateRenderer faile!use SDL_RENDERER_ACCELERATED), ref: 07311665
                                                                                                                                          • SDL_SetHint.SDL2(SDL_RENDER_VSYNC,073206B0), ref: 07311671
                                                                                                                                          • SDL_CreateRenderer.SDL2(00000000,?,00000001,SDL_RENDER_VSYNC,073206B0), ref: 0731168B
                                                                                                                                          • OutputDebugStringA.KERNEL32(video_refresh_thread SDL_CreateRenderer faile!use SDL_RENDERER_SOFTWARE), ref: 073116A3
                                                                                                                                          • SDL_GetNumRenderDrivers.SDL2 ref: 073116A5
                                                                                                                                          • SDL_CreateRenderer.SDL2(00000000,-00000001,00000001), ref: 073116B7
                                                                                                                                          • SDL_RenderClear.SDL2(00000000,?,00000000), ref: 073116E7
                                                                                                                                          • SDL_GetWindowSize.SDL2(00000000,?,?), ref: 07311717
                                                                                                                                          • SDL_RenderCopy.SDL2(00000000,00000000,00000000,?,00000000,?,?), ref: 07311768
                                                                                                                                          • SDL_RenderPresent.SDL2(00000000), ref: 0731177E
                                                                                                                                          • _sprintf.LIBCMT ref: 07311F30
                                                                                                                                          • OutputDebugStringA.KERNEL32(?), ref: 07311F3D
                                                                                                                                          Strings
                                                                                                                                          • video_refresh_thread out video_refresh_tid:%d , xrefs: 07311F20
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3364461439.0000000007311000.00000020.00000001.01000000.00000012.sdmp, Offset: 07310000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3364405182.0000000007310000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364564894.0000000007320000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364633835.0000000007324000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364663478.0000000007327000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_7310000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CreateDebugOutputRenderString$Renderer$HintWindow$ClearCopyDriversFromPresentSizeSleep_sprintf
                                                                                                                                          • String ID: video_refresh_thread out video_refresh_tid:%d
                                                                                                                                          • API String ID: 273434516-789071236
                                                                                                                                          • Opcode ID: b010fcad7512aefdf2b4b6ad13b84552b72823d2338af25f1daeeda45c452e13
                                                                                                                                          • Instruction ID: 948863a522bc958ed25e508b5325426cdc8a2381f7e110175e03148f5c579469
                                                                                                                                          • Opcode Fuzzy Hash: b010fcad7512aefdf2b4b6ad13b84552b72823d2338af25f1daeeda45c452e13
                                                                                                                                          • Instruction Fuzzy Hash: 0AF090F2204708CBF728CBA8D80578AF3E5FB84311F00491EE65F92580DBB16489C792
                                                                                                                                          Function 07312890 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 30COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • OutputDebugStringA.KERNEL32(NdfPlyer_GetFrameSize IN ), ref: 0731289C
                                                                                                                                          Strings
                                                                                                                                          • NdfPlyer_GetFrameSize OUT , xrefs: 073128D4
                                                                                                                                          • NdfPlyer_GetFrameSize IN , xrefs: 07312897
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3364461439.0000000007311000.00000020.00000001.01000000.00000012.sdmp, Offset: 07310000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3364405182.0000000007310000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364564894.0000000007320000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364633835.0000000007324000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364663478.0000000007327000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_7310000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: DebugOutputString
                                                                                                                                          • String ID: NdfPlyer_GetFrameSize IN $NdfPlyer_GetFrameSize OUT
                                                                                                                                          • API String ID: 1166629820-1483821270
                                                                                                                                          • Opcode ID: 7a0d7c7782b70d0a830b0fcc302283b071bafa7a0006d77c223671fb6a5e899b
                                                                                                                                          • Instruction ID: 0cd919b7bb3ede1e34c983f54a71f5b6fb786ab56e8c97d3f95feb16daf43111
                                                                                                                                          • Opcode Fuzzy Hash: 7a0d7c7782b70d0a830b0fcc302283b071bafa7a0006d77c223671fb6a5e899b
                                                                                                                                          • Instruction Fuzzy Hash: 87F082B17052255FFB5CCF29E440E6633D4BF84214F05445DE448CB625D630D846CB40
                                                                                                                                          Function 06992A7C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,C0104754), ref: 06992A91
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,5B40A19F), ref: 06992AA6
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,6AE4AB71), ref: 06992AB8
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ?getCharEnd@Reader@io@dami@@
                                                                                                                                          • String ID: ntdll
                                                                                                                                          • API String ID: 495049384-3337577438
                                                                                                                                          • Opcode ID: f6b4e45c9c8ca426889a89d95efb9e4d9c30958dbd99ada4f9c49f56808f810d
                                                                                                                                          • Instruction ID: b8238990fb7f488b8ca40f412199b6ceb258f36e4e3463fc08d3778f0559ea48
                                                                                                                                          • Opcode Fuzzy Hash: f6b4e45c9c8ca426889a89d95efb9e4d9c30958dbd99ada4f9c49f56808f810d
                                                                                                                                          • Instruction Fuzzy Hash: DCF09471C58258AEEF659F74EC41B9CBBB5EF04314F30806AE468E6160DA711A818E18
                                                                                                                                          Function 073128E0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 25COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • OutputDebugStringA.KERNEL32(NdfPlyer_GetDisplayApsect IN ), ref: 073128EC
                                                                                                                                          Strings
                                                                                                                                          • NdfPlyer_GetDisplayApsect OUT , xrefs: 07312917
                                                                                                                                          • NdfPlyer_GetDisplayApsect IN , xrefs: 073128E7
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3364461439.0000000007311000.00000020.00000001.01000000.00000012.sdmp, Offset: 07310000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3364405182.0000000007310000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364564894.0000000007320000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364633835.0000000007324000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364663478.0000000007327000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_7310000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: DebugOutputString
                                                                                                                                          • String ID: NdfPlyer_GetDisplayApsect IN $NdfPlyer_GetDisplayApsect OUT
                                                                                                                                          • API String ID: 1166629820-1880650553
                                                                                                                                          • Opcode ID: 40528044f70eacb012f19a6d73e6fdc61e81c0546b188c6181caa80b6a9e9bce
                                                                                                                                          • Instruction ID: b871acb35f7b15ad04196bb99a40d62978f2e87e7df9d2b973b707da3fe6c5e9
                                                                                                                                          • Opcode Fuzzy Hash: 40528044f70eacb012f19a6d73e6fdc61e81c0546b188c6181caa80b6a9e9bce
                                                                                                                                          • Instruction Fuzzy Hash: 7EE0DFB03042368EFB18DA6DF484B9A33A4BF88320F01448EE058CB125E670CC858780
                                                                                                                                          Function 06DC42AE Relevance: 6.4, APIs: 5, Instructions: 102memoryCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • HeapAlloc.KERNEL32(00000000,00002020,?,?,?,?,06DC477A,?,00000010,?,00000009,00000009,?,06DC34BA,00000010), ref: 06DC42CF
                                                                                                                                          • VirtualAlloc.KERNEL32(00000000,00400000,00002000,00000004,?,?,06DC477A,?,00000010,?,00000009,00000009,?,06DC34BA,00000010), ref: 06DC42F3
                                                                                                                                          • VirtualAlloc.KERNEL32(00000000,00010000,00001000,00000004,?,?,06DC477A,?,00000010,?,00000009,00000009,?,06DC34BA,00000010), ref: 06DC430D
                                                                                                                                          • VirtualFree.KERNEL32(00000000,00000000,00008000,?,?,06DC477A,?,00000010,?,00000009,00000009,?,06DC34BA,00000010), ref: 06DC43CE
                                                                                                                                          • HeapFree.KERNEL32(00000000,00000000,?,?,06DC477A,?,00000010,?,00000009,00000009,?,06DC34BA,00000010,?,?,?), ref: 06DC43E5
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361628266.0000000006DC1000.00000020.00000001.01000000.00000010.sdmp, Offset: 06DC0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361583894.0000000006DC0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361695467.0000000006DC8000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361730827.0000000006DCB000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361760959.0000000006DCD000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361801698.0000000006DCF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6dc0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: AllocVirtual$FreeHeap
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 714016831-0
                                                                                                                                          • Opcode ID: 8318977c52c568d7cabef0727451e6d94163e8d024db9595c9d384bdab834197
                                                                                                                                          • Instruction ID: 0d3b0db25046acc6c7a6ce011a33ea47d9fc2100faa5dfd2bd555bd1929d0caa
                                                                                                                                          • Opcode Fuzzy Hash: 8318977c52c568d7cabef0727451e6d94163e8d024db9595c9d384bdab834197
                                                                                                                                          • Instruction Fuzzy Hash: 1B310F70A8170B9BD3708B25DCA1B65BBE1FB807B1F00422DE6A99B380E774A444DB54
                                                                                                                                          Function 06DDCE2B Relevance: 6.4, APIs: 5, Instructions: 102memoryCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • HeapAlloc.KERNEL32(00000000,00002020,?,?,?,?,06DDD2F7,00000000,00000010,00000000,00000009,00000009,?,06DDB38A,00000010,00000000), ref: 06DDCE4C
                                                                                                                                          • VirtualAlloc.KERNEL32(00000000,00400000,00002000,00000004,?,?,06DDD2F7,00000000,00000010,00000000,00000009,00000009,?,06DDB38A,00000010,00000000), ref: 06DDCE70
                                                                                                                                          • VirtualAlloc.KERNEL32(00000000,00010000,00001000,00000004,?,?,06DDD2F7,00000000,00000010,00000000,00000009,00000009,?,06DDB38A,00000010,00000000), ref: 06DDCE8A
                                                                                                                                          • VirtualFree.KERNEL32(00000000,00000000,00008000,?,?,06DDD2F7,00000000,00000010,00000000,00000009,00000009,?,06DDB38A,00000010,00000000,?), ref: 06DDCF4B
                                                                                                                                          • HeapFree.KERNEL32(00000000,00000000,?,?,06DDD2F7,00000000,00000010,00000000,00000009,00000009,?,06DDB38A,00000010,00000000,?,00000000), ref: 06DDCF62
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361849390.0000000006DD1000.00000020.00000001.01000000.00000011.sdmp, Offset: 06DD0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361827332.0000000006DD0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361960118.0000000006DE2000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361980942.0000000006DE5000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3362017883.0000000006DE8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6dd0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: AllocVirtual$FreeHeap
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 714016831-0
                                                                                                                                          • Opcode ID: 1325d09ffef9888d2e11070f7d7909e42603944a8e9334548b4dc4ace80ba0a5
                                                                                                                                          • Instruction ID: b9d78114c1723f213bdb9c31ccc1cf1b6c9d134a3828164ca552750389513893
                                                                                                                                          • Opcode Fuzzy Hash: 1325d09ffef9888d2e11070f7d7909e42603944a8e9334548b4dc4ace80ba0a5
                                                                                                                                          • Instruction Fuzzy Hash: CA3103B0950701AFE3B0FF29DC42B72B7AAE744B50F114529E2559B7C0E7B0A844CB54
                                                                                                                                          Function 069B2850 Relevance: 6.3, APIs: 4, Instructions: 253COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • ?GetID@ID3_Frame@@QBE?AW4ID3_FrameID@@XZ.ID3LIB(6E79B076), ref: 069B2997
                                                                                                                                          • ?Contains@ID3_Frame@@QBE_NW4ID3_FieldID@@@Z.ID3LIB(?,6E79B076), ref: 069B29DB
                                                                                                                                          • ?GetField@ID3_Frame@@QBEPAVID3_Field@@W4ID3_FieldID@@@Z.ID3LIB(?,?,6E79B076), ref: 069B2A19
                                                                                                                                          • ?toWString@dami@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBGI@Z.ID3LIB(?,00000000), ref: 069B2A43
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Frame@@$D@@@Field$Contains@Field@Field@@FrameString@dami@@U?$char_traits@_V?$allocator@_V?$basic_string@_W@2@@std@@W@std@@
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2937434019-0
                                                                                                                                          • Opcode ID: 3fc11171c61c7e86c815081267f2b21cbb9b979683891c88f6303bfff750c801
                                                                                                                                          • Instruction ID: 5ccc989033a2f81894b1c5b32aeb0d8f0d5dd54ab4f3f83da8cddb950c4b7ca5
                                                                                                                                          • Opcode Fuzzy Hash: 3fc11171c61c7e86c815081267f2b21cbb9b979683891c88f6303bfff750c801
                                                                                                                                          • Instruction Fuzzy Hash: 68A14B716082029FC794EF18CA809AEB7E5FFC9210F60992DE49597B50D730EE45CFA2
                                                                                                                                          Function 06DDFBCA Relevance: 6.2, APIs: 4, Instructions: 241fileCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • CreateFileA.KERNEL32(00000001,80000000,00000005,0000000C,00000001,00000080,00000000,?,00000000,00000000), ref: 06DDFD7D
                                                                                                                                          • GetLastError.KERNEL32 ref: 06DDFD89
                                                                                                                                          • GetFileType.KERNEL32(00000000), ref: 06DDFD9E
                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 06DDFDA9
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361849390.0000000006DD1000.00000020.00000001.01000000.00000011.sdmp, Offset: 06DD0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361827332.0000000006DD0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361960118.0000000006DE2000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361980942.0000000006DE5000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3362017883.0000000006DE8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6dd0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: File$CloseCreateErrorHandleLastType
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1809617866-0
                                                                                                                                          • Opcode ID: b1e3fdde39e9dd614627ff1e8d58ffbe7b87ef1f59e4fb5d6a0cba74f6f1c731
                                                                                                                                          • Instruction ID: 43d27bae7c0506c892e35b9874924052eff18e53e91256b4d631c0a4ecf7ddcd
                                                                                                                                          • Opcode Fuzzy Hash: b1e3fdde39e9dd614627ff1e8d58ffbe7b87ef1f59e4fb5d6a0cba74f6f1c731
                                                                                                                                          • Instruction Fuzzy Hash: A1810431C042499AEFB0BBACCC847BD7B74AF41364F144619EDA3AB2D1D7B48694C791
                                                                                                                                          Function 069B1D90 Relevance: 6.2, APIs: 4, Instructions: 223COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 069922D9: LoadLibraryA.KERNEL32(?), ref: 069922DC
                                                                                                                                          • ?openWritableFile@dami@@YA?AW4ID3_Err@@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV?$basic_fstream@DU?$char_traits@D@std@@@4@@Z.ID3LIB ref: 069B1E23
                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 069B1E53
                                                                                                                                            • Part of subcall function 069C209D: std::ios_base::_Tidy.LIBCPMT ref: 069C20C2
                                                                                                                                          • ?getFileSize@dami@@YAIAAV?$basic_fstream@DU?$char_traits@D@std@@@std@@@Z.ID3LIB(?), ref: 069B1E67
                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 069B1F90
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: U?$char_traits@std::ios_base::_$Ios_base_dtorV?$basic_fstream@$?get?openD@2@@std@@D@std@@D@std@@@4@@D@std@@@std@@@Err@@FileFile@dami@@LibraryLoadSize@dami@@TidyV?$allocator@V?$basic_string@Writable
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 463377095-0
                                                                                                                                          • Opcode ID: fb1c4dca68bdcb9783eb2841dd9269fc4aa529e367ae31dc56e4e192887b9746
                                                                                                                                          • Instruction ID: fc7c2e81d2def9b4bc2ac20ca449ff705af8771c00b2b125226a80aa9973e52e
                                                                                                                                          • Opcode Fuzzy Hash: fb1c4dca68bdcb9783eb2841dd9269fc4aa529e367ae31dc56e4e192887b9746
                                                                                                                                          • Instruction Fuzzy Hash: 4381AF716187418FD7A4DF28C9A4BBBB3E4FF88314F144A1DE4AA83A90E734A545CB52
                                                                                                                                          Function 06DDE081 Relevance: 6.2, APIs: 4, Instructions: 170fileCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • ReadFile.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000100,00000000,00000000), ref: 06DDE0FB
                                                                                                                                          • GetLastError.KERNEL32 ref: 06DDE105
                                                                                                                                          • ReadFile.KERNEL32(?,?,00000001,00000000,00000000), ref: 06DDE1CB
                                                                                                                                          • GetLastError.KERNEL32 ref: 06DDE1D5
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361849390.0000000006DD1000.00000020.00000001.01000000.00000011.sdmp, Offset: 06DD0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361827332.0000000006DD0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361960118.0000000006DE2000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361980942.0000000006DE5000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3362017883.0000000006DE8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6dd0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ErrorFileLastRead
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1948546556-0
                                                                                                                                          • Opcode ID: 404bb02bd510b54acaa973afba5b7bf5d577aeeb1c3c863205d60e269973afe3
                                                                                                                                          • Instruction ID: 06a6e481df6a7750c20848ead7ea08b67220aab570e6af6dadf95ee461a06ebc
                                                                                                                                          • Opcode Fuzzy Hash: 404bb02bd510b54acaa973afba5b7bf5d577aeeb1c3c863205d60e269973afe3
                                                                                                                                          • Instruction Fuzzy Hash: 9F51F430A0438ADFEFB5AF98C884BA97FF4AF06308F444199E8A58F291D770D641CB51
                                                                                                                                          Function 06DC10B0 Relevance: 6.1, APIs: 4, Instructions: 146threadCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • GetCurrentProcessId.KERNEL32 ref: 06DC10E4
                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 06DC1102
                                                                                                                                          • QueryPerformanceCounter.KERNEL32(?), ref: 06DC113E
                                                                                                                                          • GetTickCount.KERNEL32 ref: 06DC1158
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361628266.0000000006DC1000.00000020.00000001.01000000.00000010.sdmp, Offset: 06DC0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361583894.0000000006DC0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361695467.0000000006DC8000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361730827.0000000006DCB000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361760959.0000000006DCD000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361801698.0000000006DCF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6dc0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Current$CountCounterPerformanceProcessQueryThreadTick
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1503542204-0
                                                                                                                                          • Opcode ID: 4e36080c285e961d8c3285d7a0ba09662de1ff92bf38e0baeba230c0ecbc071d
                                                                                                                                          • Instruction ID: f8cf0da9490c186e6184387ad1ebfc7fd3bc9697268b9c97dca74001402d2b8f
                                                                                                                                          • Opcode Fuzzy Hash: 4e36080c285e961d8c3285d7a0ba09662de1ff92bf38e0baeba230c0ecbc071d
                                                                                                                                          • Instruction Fuzzy Hash: AF4141B141834A9BD390EBA0DC51EAFB7A8EB99714F444D1DF69483140FB75E608CBB2
                                                                                                                                          Function 069C3F0D Relevance: 6.1, APIs: 4, Instructions: 137COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • __flush.LIBCMT ref: 069C3FD1
                                                                                                                                          • __fileno.LIBCMT ref: 069C3FF1
                                                                                                                                          • __locking.LIBCMT ref: 069C3FF8
                                                                                                                                          • __flsbuf.LIBCMT ref: 069C4023
                                                                                                                                            • Part of subcall function 069CABDC: __getptd_noexit.LIBCMT ref: 069CABDC
                                                                                                                                            • Part of subcall function 069C3DF2: __decode_pointer.LIBCMT ref: 069C3DFD
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: __decode_pointer__fileno__flsbuf__flush__getptd_noexit__locking
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3240763771-0
                                                                                                                                          • Opcode ID: 58872212797755862838f334591c41724d94859e6d808bf0454a0638b2f2a989
                                                                                                                                          • Instruction ID: fbb4876f8ccc07872cb0485905de6f87c984dd085a86c19ba0598f607c194377
                                                                                                                                          • Opcode Fuzzy Hash: 58872212797755862838f334591c41724d94859e6d808bf0454a0638b2f2a989
                                                                                                                                          • Instruction Fuzzy Hash: 4841BF31A00605DFEBA4DF6988905AEBBBAEF80630F24892DE82597940D771DE41DB52
                                                                                                                                          Function 06DDD837 Relevance: 6.1, APIs: 4, Instructions: 135fileCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • WriteFile.KERNEL32(?,?,?,00000000,00000000,06DDFE59,00000000,00001000), ref: 06DDD8FE
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361849390.0000000006DD1000.00000020.00000001.01000000.00000011.sdmp, Offset: 06DD0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361827332.0000000006DD0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361960118.0000000006DE2000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361980942.0000000006DE5000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3362017883.0000000006DE8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6dd0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: FileWrite
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3934441357-0
                                                                                                                                          • Opcode ID: 79c67f8b69fefa54966baedfba3eb0aba502132d08eb2e066cd6fd99ba84d616
                                                                                                                                          • Instruction ID: f7f94d8932615456bf4781016573ffb2d3b2aa00fd56f1d591f7a5e48fbfddf2
                                                                                                                                          • Opcode Fuzzy Hash: 79c67f8b69fefa54966baedfba3eb0aba502132d08eb2e066cd6fd99ba84d616
                                                                                                                                          • Instruction Fuzzy Hash: 70519F71900208EFDF92EF68CC94BAD7BB6FF45340F1481A5E5669B290D771DA40CB60
                                                                                                                                          Function 069A0000 Relevance: 6.1, APIs: 4, Instructions: 130COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • std::exception::exception.LIBCMT ref: 069A003E
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 069A0055
                                                                                                                                            • Part of subcall function 069C2621: _malloc.LIBCMT ref: 069C263B
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Exception@8Throw_mallocstd::exception::exception
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 4063778783-0
                                                                                                                                          • Opcode ID: e1bcf8802f4a2e26e453d670d9e90786863d0a91c1e5104ccc00e0cb60359996
                                                                                                                                          • Instruction ID: 402315f647ae4904d1039a52b38d92db9257cabd50ff831501d03236f32a6c47
                                                                                                                                          • Opcode Fuzzy Hash: e1bcf8802f4a2e26e453d670d9e90786863d0a91c1e5104ccc00e0cb60359996
                                                                                                                                          • Instruction Fuzzy Hash: FE11A3B55043016AD7C8EF64E954B6F73D0BFD4654F108A1EF46A82580EB70DA1CC653
                                                                                                                                          Function 069B5F30 Relevance: 6.1, APIs: 4, Instructions: 114fileCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • GetVersion.KERNEL32(6E79B076), ref: 069B5F5A
                                                                                                                                          • CreateFileW.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 069B5FC2
                                                                                                                                          • __fdopen.LIBCMT ref: 069B5FE2
                                                                                                                                          • ??0ID3_IFileReader@@QAE@PAU_iobuf@@@Z.ID3LIB(00000000), ref: 069B605E
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: File$CreateReader@@U_iobuf@@@Version__fdopen
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3706323526-0
                                                                                                                                          • Opcode ID: 0fca1431e18c0102e8b7bdbfe91541a75943ffebd34d7364c4b1215089f64d8e
                                                                                                                                          • Instruction ID: 19939f135e9f444e008de608d9b11a549d2f9a22b57946e46d644b02ce9d197b
                                                                                                                                          • Opcode Fuzzy Hash: 0fca1431e18c0102e8b7bdbfe91541a75943ffebd34d7364c4b1215089f64d8e
                                                                                                                                          • Instruction Fuzzy Hash: 8A3126B1A08340ABE7D0EB688D45F5BB7E9AFD1710F05092CF51197A80E7B5E908C763
                                                                                                                                          Function 0731ECB2 Relevance: 6.1, APIs: 4, Instructions: 103COMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0731ECE6
                                                                                                                                          • __isleadbyte_l.LIBCMT ref: 0731ED1A
                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000009,?,?,?,00000000,?,?,?,00000000,?,?,00000000), ref: 0731ED4B
                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000009,?,00000001,?,00000000,?,?,?,00000000,?,?,00000000), ref: 0731EDB9
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3364461439.0000000007311000.00000020.00000001.01000000.00000012.sdmp, Offset: 07310000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3364405182.0000000007310000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364564894.0000000007320000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364633835.0000000007324000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364663478.0000000007327000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_7310000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3058430110-0
                                                                                                                                          • Opcode ID: fcff63cb043e15ca794295016e72eb9432fc946f3eb8c3bef61e392a388f77a7
                                                                                                                                          • Instruction ID: c1c5a322aad3d771a94b09ef0d0ee9e9fca8a2fc62a48ebd10850ee504505455
                                                                                                                                          • Opcode Fuzzy Hash: fcff63cb043e15ca794295016e72eb9432fc946f3eb8c3bef61e392a388f77a7
                                                                                                                                          • Instruction Fuzzy Hash: 0731C4F2640246EFFB28DFA4CC859A97BA5FF01312F194569E8988B1A0D732D940CB51
                                                                                                                                          Function 069DDFF2 Relevance: 6.1, APIs: 4, Instructions: 103COMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 069DE026
                                                                                                                                          • __isleadbyte_l.LIBCMT ref: 069DE05A
                                                                                                                                          • MultiByteToWideChar.KERNEL32(840FFFF8,00000009,00000109,75FF5003,00BFBBEF,00000000,?,?,?,069E3364,00000109,00BFBBEF,00000003), ref: 069DE08B
                                                                                                                                          • MultiByteToWideChar.KERNEL32(840FFFF8,00000009,00000109,00000001,00BFBBEF,00000000,?,?,?,069E3364,00000109,00BFBBEF,00000003), ref: 069DE0F9
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3058430110-0
                                                                                                                                          • Opcode ID: a45cf33ef0fa438e6b6ddf3b043f320b613c237a5d2f41bd88e70396a951920b
                                                                                                                                          • Instruction ID: 21ba0eef2be8b77fbbc37baadcf6d286ba775e17318c94a2e984187edb8e1d71
                                                                                                                                          • Opcode Fuzzy Hash: a45cf33ef0fa438e6b6ddf3b043f320b613c237a5d2f41bd88e70396a951920b
                                                                                                                                          • Instruction Fuzzy Hash: 7A31AE31A18246EFDB60DF64C880ABE7BB9FF02250F28C5B9E4658F590DB31D941DB51
                                                                                                                                          Function 06DDF856 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 103COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 06DDD4E4: InitializeCriticalSection.KERNEL32(00000000,00000000,?,?,06DDEA41,00000009,00000000,?,?,00000000,?,06DD32E9,?,?,?), ref: 06DDD521
                                                                                                                                            • Part of subcall function 06DDD4E4: EnterCriticalSection.KERNEL32(?,?,?,06DDEA41,00000009,00000000,?,?,00000000,?,06DD32E9,?,?,?), ref: 06DDD53C
                                                                                                                                          • InitializeCriticalSection.KERNEL32(00000068,00000100,00000080,?,00000000,?,?,06DDFD47,?,00000000,00000000), ref: 06DDF8A9
                                                                                                                                          • EnterCriticalSection.KERNEL32(00000068,00000100,00000080,?,00000000,?,?,06DDFD47,?,00000000,00000000), ref: 06DDF8BE
                                                                                                                                          • LeaveCriticalSection.KERNEL32(00000068,?,00000000,?,?,06DDFD47,?,00000000,00000000), ref: 06DDF8CB
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361849390.0000000006DD1000.00000020.00000001.01000000.00000011.sdmp, Offset: 06DD0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361827332.0000000006DD0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361960118.0000000006DE2000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361980942.0000000006DE5000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3362017883.0000000006DE8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6dd0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CriticalSection$EnterInitialize$Leave
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 713024617-3916222277
                                                                                                                                          • Opcode ID: 714bdee02d010a60fbb331997b6d536c88f9a3a8ff35957f6ef4889d3f999f25
                                                                                                                                          • Instruction ID: b40bb58be8dd0260c5dacd5c0d3518d4f2ac513ba1e5bc7c032b434cdff49986
                                                                                                                                          • Opcode Fuzzy Hash: 714bdee02d010a60fbb331997b6d536c88f9a3a8ff35957f6ef4889d3f999f25
                                                                                                                                          • Instruction Fuzzy Hash: 4D3137729013009FE7A4EF60DC84B5A77E5EF44328F148A2DE6A74B2C1D7B0E944C762
                                                                                                                                          Function 0B07DA74 Relevance: 6.1, APIs: 4, Instructions: 95threadCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • GetThreadUILanguage.KERNEL32(?,00000000), ref: 0B07DA85
                                                                                                                                          • SetThreadPreferredUILanguages.KERNEL32(00000004,?,000000FF), ref: 0B07DAE3
                                                                                                                                          • SetThreadPreferredUILanguages.KERNEL32(00000000,00000000,?), ref: 0B07DB40
                                                                                                                                          • SetThreadPreferredUILanguages.KERNEL32(00000008,00000000,?), ref: 0B07DB73
                                                                                                                                            • Part of subcall function 0B07DA30: GetThreadPreferredUILanguages.KERNEL32(00000038,?,00000000,?,?,00000000,?,?,0B07DAF1), ref: 0B07DA47
                                                                                                                                            • Part of subcall function 0B07DA30: GetThreadPreferredUILanguages.KERNEL32(00000038,?,00000000,?,?,?,0B07DAF1), ref: 0B07DA64
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3379869403.000000000B070000.00000040.00001000.00020000.00000000.sdmp, Offset: 0B070000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5AF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5B1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5BB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5F7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_b070000_CPPlayer.jbxd
                                                                                                                                          Yara matches
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Thread$LanguagesPreferred$Language
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2255706666-0
                                                                                                                                          • Opcode ID: 192502d89ae7f75ea1b5ce4a9402081e22618b44ab61bba43dca5e0f48025549
                                                                                                                                          • Instruction ID: 4fe2ab0792cf59f088a833cfefc3429d3161df3c3e562a11d264e4b6ede62dd5
                                                                                                                                          • Opcode Fuzzy Hash: 192502d89ae7f75ea1b5ce4a9402081e22618b44ab61bba43dca5e0f48025549
                                                                                                                                          • Instruction Fuzzy Hash: 58314B70E4021AABDB54EFA8C885AEEF3F9FF04310F4042B5D561E7290DB749A05CB94
                                                                                                                                          Function 069A9780 Relevance: 6.1, APIs: 4, Instructions: 85COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • ?CreateIterator@ID3_Tag@@QAEPAVIterator@1@XZ.ID3LIB ref: 069A9796
                                                                                                                                          • ?GetID@ID3_Frame@@QBE?AW4ID3_FrameID@@XZ.ID3LIB ref: 069A97B7
                                                                                                                                          • ?ID3_GetString@@YAPADPBVID3_Frame@@W4ID3_FieldID@@@Z.ID3LIB(00000000,00000005), ref: 069A97C8
                                                                                                                                          • ?RemoveFrame@ID3_Tag@@QAEPAVID3_Frame@@PBV2@@Z.ID3LIB(00000000), ref: 069A9810
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Frame@@$Tag@@$CreateD@@@FieldFrameFrame@Iterator@Iterator@1@RemoveString@@V2@@
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 31200758-0
                                                                                                                                          • Opcode ID: 60efca746d0578ef40c64f533603ccc02608d372d34692158ff6a0f572c7e302
                                                                                                                                          • Instruction ID: 0feec81f3e9a8213085b23a0418f04e19ef88c2467cffe488874951d7f899251
                                                                                                                                          • Opcode Fuzzy Hash: 60efca746d0578ef40c64f533603ccc02608d372d34692158ff6a0f572c7e302
                                                                                                                                          • Instruction Fuzzy Hash: A921D771B653511BDBD5EE3C886063F73D9AFC6150F28416CE89687B80EB21D801C3E1
                                                                                                                                          Function 069A9A20 Relevance: 6.1, APIs: 4, Instructions: 67COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • ?CreateIterator@ID3_Tag@@QAEPAVIterator@1@XZ.ID3LIB ref: 069A9A3B
                                                                                                                                          • ?GetID@ID3_Frame@@QBE?AW4ID3_FrameID@@XZ.ID3LIB ref: 069A9A57
                                                                                                                                          • ?GetField@ID3_Frame@@QBEPAVID3_Field@@W4ID3_FieldID@@@Z.ID3LIB(0000000B), ref: 069A9A65
                                                                                                                                          • ?RemoveFrame@ID3_Tag@@QAEPAVID3_Frame@@PBV2@@Z.ID3LIB(00000000), ref: 069A9A96
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Frame@@$Tag@@$CreateD@@@FieldField@Field@@FrameFrame@Iterator@Iterator@1@RemoveV2@@
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1001635619-0
                                                                                                                                          • Opcode ID: 4d4458a339a3610b716d70bde76b1dcadb0a958765ce428e1e98a981b78687b9
                                                                                                                                          • Instruction ID: a80ae944ec5a82cc6943e735fc30ba1c46e0cd970246d558e77a5ab63deee5e4
                                                                                                                                          • Opcode Fuzzy Hash: 4d4458a339a3610b716d70bde76b1dcadb0a958765ce428e1e98a981b78687b9
                                                                                                                                          • Instruction Fuzzy Hash: EE11A075B117115FCB90EB688890A3EB3DAAFC9620F20816AE91ACB740DB71DD0186E1
                                                                                                                                          Function 069A9C30 Relevance: 6.1, APIs: 4, Instructions: 64COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • ?CreateIterator@ID3_Tag@@QAEPAVIterator@1@XZ.ID3LIB ref: 069A9C3E
                                                                                                                                          • ?GetID@ID3_Frame@@QBE?AW4ID3_FrameID@@XZ.ID3LIB ref: 069A9C5A
                                                                                                                                          • ?GetField@ID3_Frame@@QBEPAVID3_Field@@W4ID3_FieldID@@@Z.ID3LIB(0000000B), ref: 069A9C68
                                                                                                                                          • ?GetField@ID3_Frame@@QBEPAVID3_Field@@W4ID3_FieldID@@@Z.ID3LIB(00000004), ref: 069A9C9A
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Frame@@$D@@@FieldField@Field@@$CreateFrameIterator@Iterator@1@Tag@@
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1374522970-0
                                                                                                                                          • Opcode ID: 81104eaecbf94f30a20e82460a5a2af1e8037aba7bd0850a50ab47723c6ff670
                                                                                                                                          • Instruction ID: 844f91321671f2c79a3f0ab66920b74288eb7be263b8c25c031d32f3fc02d064
                                                                                                                                          • Opcode Fuzzy Hash: 81104eaecbf94f30a20e82460a5a2af1e8037aba7bd0850a50ab47723c6ff670
                                                                                                                                          • Instruction Fuzzy Hash: 7811A535B11A219FCFA5EB18C890A3EB3EABFC9A50B254118D51ADB754DB20DD02C7D1
                                                                                                                                          Function 0699B820 Relevance: 6.1, APIs: 4, Instructions: 60COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 069C42A8: __fsopen.LIBCMT ref: 069C42B5
                                                                                                                                          • _fseek.LIBCMT ref: 0699B854
                                                                                                                                          • _ftell.LIBCMT ref: 0699B85A
                                                                                                                                          • _fseek.LIBCMT ref: 0699B866
                                                                                                                                            • Part of subcall function 069C369F: __lock_file.LIBCMT ref: 069C36EA
                                                                                                                                            • Part of subcall function 069C369F: __fseek_nolock.LIBCMT ref: 069C36FA
                                                                                                                                          • __fread_nolock.LIBCMT ref: 0699B87F
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: _fseek$__fread_nolock__fseek_nolock__fsopen__lock_file_ftell
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3434152431-0
                                                                                                                                          • Opcode ID: d4184a5b872b2e6619b87b3cfab94f21c31de1c749a368daa30f9085fc80e5ff
                                                                                                                                          • Instruction ID: 1b26b3fda66f0c7595651d9412158821d722e8f8c1213ba893f378eca0958f40
                                                                                                                                          • Opcode Fuzzy Hash: d4184a5b872b2e6619b87b3cfab94f21c31de1c749a368daa30f9085fc80e5ff
                                                                                                                                          • Instruction Fuzzy Hash: 9601F771B403103BEAD0B2299C82FAF369C9FC5B60F154028FD18AB641D969D90282B6
                                                                                                                                          Function 069A9CF0 Relevance: 6.1, APIs: 4, Instructions: 58COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • ?CreateIterator@ID3_Tag@@QAEPAVIterator@1@XZ.ID3LIB ref: 069A9D01
                                                                                                                                          • ?GetID@ID3_Frame@@QBE?AW4ID3_FrameID@@XZ.ID3LIB ref: 069A9D22
                                                                                                                                          • ?GetField@ID3_Frame@@QBEPAVID3_Field@@W4ID3_FieldID@@@Z.ID3LIB(0000000B), ref: 069A9D30
                                                                                                                                          • ?ID3_GetString@@YAPADPBVID3_Frame@@W4ID3_FieldID@@@Z.ID3LIB(00000000,0000000D), ref: 069A9D61
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Frame@@$D@@@Field$CreateField@Field@@FrameIterator@Iterator@1@String@@Tag@@
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3313133876-0
                                                                                                                                          • Opcode ID: 14be258a74c2299b17b428aade923da7a0eb31edc8c9b5754f403701f2922beb
                                                                                                                                          • Instruction ID: bae8add145ebb0f3ee97eeeb6f68a9dfeaae2c9b3b8a5857fa4334b8098c50f7
                                                                                                                                          • Opcode Fuzzy Hash: 14be258a74c2299b17b428aade923da7a0eb31edc8c9b5754f403701f2922beb
                                                                                                                                          • Instruction Fuzzy Hash: E501D831B257255FCBE1EAA89C90A3F73D9AFC9550B250129F619CBB50EB10DD41C2D1
                                                                                                                                          Function 069A9DA0 Relevance: 6.1, APIs: 4, Instructions: 58COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • ?CreateIterator@ID3_Tag@@QAEPAVIterator@1@XZ.ID3LIB ref: 069A9DB1
                                                                                                                                          • ?GetID@ID3_Frame@@QBE?AW4ID3_FrameID@@XZ.ID3LIB ref: 069A9DD2
                                                                                                                                          • ?GetField@ID3_Frame@@QBEPAVID3_Field@@W4ID3_FieldID@@@Z.ID3LIB(0000000B), ref: 069A9DE0
                                                                                                                                          • ?ID3_GetString@@YAPADPBVID3_Frame@@W4ID3_FieldID@@@Z.ID3LIB(00000000,00000005), ref: 069A9E11
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Frame@@$D@@@Field$CreateField@Field@@FrameIterator@Iterator@1@String@@Tag@@
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3313133876-0
                                                                                                                                          • Opcode ID: cba04aa058137e791e98e44058104b72490200acd0dc01f9fe11d88468eb97c5
                                                                                                                                          • Instruction ID: be086ffdc45b1eca409e09ac179767d59deb89d699a6e9e6984365f4e13985f9
                                                                                                                                          • Opcode Fuzzy Hash: cba04aa058137e791e98e44058104b72490200acd0dc01f9fe11d88468eb97c5
                                                                                                                                          • Instruction Fuzzy Hash: 77012831B217211FCBA1E6688C9063F73DABFC9610B250029E505CBB00EB11CD01C2D1
                                                                                                                                          Function 06DB33E0 Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • InterlockedCompareExchange.KERNEL32(5604C483,00000001,00000000), ref: 06DB3403
                                                                                                                                          • pthread_self.PTHREADVC2 ref: 06DB341B
                                                                                                                                            • Part of subcall function 06DB2DB0: EnterCriticalSection.KERNEL32(06DB8120,06DB526B,06DB30D7,06DB526B,?,?,06DB526B,?), ref: 06DB2DB8
                                                                                                                                            • Part of subcall function 06DB2DB0: pthread_mutex_init.PTHREADVC2(?,00000000), ref: 06DB2DCB
                                                                                                                                            • Part of subcall function 06DB2DB0: LeaveCriticalSection.KERNEL32(06DB8120), ref: 06DB2DDA
                                                                                                                                          • pthread_self.PTHREADVC2 ref: 06DB3430
                                                                                                                                            • Part of subcall function 06DB2A40: pthread_getspecific.PTHREADVC2(01BF0578,00000000,5604C483,?,06DB3435), ref: 06DB2A49
                                                                                                                                          • pthread_equal.PTHREADVC2(?,?,00000000), ref: 06DB343F
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361426622.0000000006DB1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 06DB0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361402305.0000000006DB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361483658.0000000006DB6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361523421.0000000006DB8000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361556198.0000000006DB9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6db0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CriticalSectionpthread_self$CompareEnterExchangeInterlockedLeavepthread_equalpthread_getspecificpthread_mutex_init
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2967958287-0
                                                                                                                                          • Opcode ID: 469d407448c7554f6f6c15f104127dc46f8f2b8ef26377d9f92d484490fb815f
                                                                                                                                          • Instruction ID: 8bc64c85324c1f5178472fea59e0c372549173cc929f7a7e4d813e9882214aab
                                                                                                                                          • Opcode Fuzzy Hash: 469d407448c7554f6f6c15f104127dc46f8f2b8ef26377d9f92d484490fb815f
                                                                                                                                          • Instruction Fuzzy Hash: D4019636B00700DFD7A19B19AC00BE773D9DFC4320F065829E5ABD3244D771E8459BA0
                                                                                                                                          Function 06DB542A Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 54COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361426622.0000000006DB1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 06DB0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361402305.0000000006DB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361483658.0000000006DB6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361523421.0000000006DB8000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361556198.0000000006DB9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6db0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: _inittermfreemalloc
                                                                                                                                          • String ID: k:v
                                                                                                                                          • API String ID: 1678931842-4078055367
                                                                                                                                          • Opcode ID: 7c1d154b83dc2a155d95572a97b4608d479406bc73a8281a4f73a0c1db8ac832
                                                                                                                                          • Instruction ID: ffb862c2c90a41660c63ec066936c3f88c1864dfceb096b2b2292ae5936c750a
                                                                                                                                          • Opcode Fuzzy Hash: 7c1d154b83dc2a155d95572a97b4608d479406bc73a8281a4f73a0c1db8ac832
                                                                                                                                          • Instruction Fuzzy Hash: 43115A31A16241EFE7948F26F844AA637AAF708796B14B01DEB17C634CDB31D810DB50
                                                                                                                                          Function 06DB1AE0 Relevance: 6.1, APIs: 4, Instructions: 53COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • sem_destroy.PTHREADVC2(?), ref: 06DB1AFE
                                                                                                                                            • Part of subcall function 06DB4660: pthread_mutex_lock.PTHREADVC2(?,00000010,00000000,?,?,06DB1AB5,00000010), ref: 06DB4677
                                                                                                                                            • Part of subcall function 06DB4660: pthread_mutex_unlock.PTHREADVC2(?,00000010), ref: 06DB468B
                                                                                                                                            • Part of subcall function 06DB4660: _errno.MSVCRT ref: 06DB4698
                                                                                                                                          • sem_destroy.PTHREADVC2(?), ref: 06DB1B10
                                                                                                                                            • Part of subcall function 06DB4660: CloseHandle.KERNEL32(00000000,00000010), ref: 06DB46AC
                                                                                                                                            • Part of subcall function 06DB4660: pthread_mutex_unlock.PTHREADVC2(?), ref: 06DB46B7
                                                                                                                                            • Part of subcall function 06DB4660: _errno.MSVCRT ref: 06DB46C4
                                                                                                                                          • free.MSVCRT ref: 06DB1B1F
                                                                                                                                          • sem_init.PTHREADVC2(?,?,00000000), ref: 06DB1B36
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361426622.0000000006DB1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 06DB0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361402305.0000000006DB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361483658.0000000006DB6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361523421.0000000006DB8000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361556198.0000000006DB9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6db0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: _errnopthread_mutex_unlocksem_destroy$CloseHandlefreepthread_mutex_locksem_init
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1208089974-0
                                                                                                                                          • Opcode ID: b333ce7089ec30666e9b098950370a0eae54a0e1741a3dbdb22b0c9dd3c039f5
                                                                                                                                          • Instruction ID: 952fad3700f3852c30ca9203b6c1f8cf26fe673a248245adfce09ea7bc574c99
                                                                                                                                          • Opcode Fuzzy Hash: b333ce7089ec30666e9b098950370a0eae54a0e1741a3dbdb22b0c9dd3c039f5
                                                                                                                                          • Instruction Fuzzy Hash: 7501F2B3A0121897C6609F94BC00BDBB398DBC1A71F144136E90683308EB32E50482A4
                                                                                                                                          Function 073167A0 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3364461439.0000000007311000.00000020.00000001.01000000.00000012.sdmp, Offset: 07310000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3364405182.0000000007310000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364564894.0000000007320000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364633835.0000000007324000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364663478.0000000007327000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_7310000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3016257755-0
                                                                                                                                          • Opcode ID: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                                                                                                                          • Instruction ID: 65648ec4a83c493fce861a6309fb19b31720c0496a83bed4d796c360b971cc59
                                                                                                                                          • Opcode Fuzzy Hash: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                                                                                                                          • Instruction Fuzzy Hash: 81114EB200014AFBEF1A5EC4DC42CEE3F26BB49250F498455FA2D59430DA36C5B1AB82
                                                                                                                                          Function 069D0DE9 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3016257755-0
                                                                                                                                          • Opcode ID: afc8384d7de5dc81d749eb2ef2e502e72940c946d5071aaa17129bf9d5fb4602
                                                                                                                                          • Instruction ID: c3b2fcad06cc5a03abad50cd5ed785bc28deab3d1f6162ba9b26e334d3a71192
                                                                                                                                          • Opcode Fuzzy Hash: afc8384d7de5dc81d749eb2ef2e502e72940c946d5071aaa17129bf9d5fb4602
                                                                                                                                          • Instruction Fuzzy Hash: EC118C3280014EBBCF926E84CC05CEE3F36BB58254F588824FA6859831C336C9B1EB91
                                                                                                                                          Function 06DB1710 Relevance: 6.0, APIs: 4, Instructions: 47COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • pthread_getspecific.PTHREADVC2(01BF0578,?,00000000,06DB1C9D,00000002,00000030,?,?,?,?,?,?,?,?), ref: 06DB1718
                                                                                                                                          • exit.MSVCRT ref: 06DB1732
                                                                                                                                          • _endthreadex.MSVCRT(?), ref: 06DB1758
                                                                                                                                          • longjmp.MSVCRT(-00000040,?), ref: 06DB1770
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361426622.0000000006DB1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 06DB0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361402305.0000000006DB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361483658.0000000006DB6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361523421.0000000006DB8000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361556198.0000000006DB9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6db0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: _endthreadexexitlongjmppthread_getspecific
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2658080107-0
                                                                                                                                          • Opcode ID: 4118951f9c7dff321227124a2e22e12337fc65f98485d18764228c44cf0509a3
                                                                                                                                          • Instruction ID: 2baf1781eecb386862868727b9eaa9dcc5a5d5198b021d22654562aeadf6c9af
                                                                                                                                          • Opcode Fuzzy Hash: 4118951f9c7dff321227124a2e22e12337fc65f98485d18764228c44cf0509a3
                                                                                                                                          • Instruction Fuzzy Hash: A9F0B471E01240D7D7B4072ADC29BDB3556EB42755F182218F95B972C8DAB1E445C2A2
                                                                                                                                          Function 069C4AAA Relevance: 6.0, APIs: 4, Instructions: 46memoryCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • __FF_MSGBANNER.LIBCMT ref: 069C4AB8
                                                                                                                                            • Part of subcall function 069C9E79: __set_error_mode.LIBCMT ref: 069C9E7B
                                                                                                                                            • Part of subcall function 069C9E79: __set_error_mode.LIBCMT ref: 069C9E88
                                                                                                                                            • Part of subcall function 069C9E79: __NMSG_WRITE.LIBCMT ref: 069C9EA0
                                                                                                                                            • Part of subcall function 069C9E79: __NMSG_WRITE.LIBCMT ref: 069C9EAA
                                                                                                                                          • __NMSG_WRITE.LIBCMT ref: 069C4ABF
                                                                                                                                            • Part of subcall function 069C9CA8: __set_error_mode.LIBCMT ref: 069C9CD9
                                                                                                                                            • Part of subcall function 069C9CA8: __set_error_mode.LIBCMT ref: 069C9CEA
                                                                                                                                            • Part of subcall function 069C9CA8: _strcpy_s.LIBCMT ref: 069C9D1E
                                                                                                                                            • Part of subcall function 069C9CA8: __invoke_watson.LIBCMT ref: 069C9D2F
                                                                                                                                            • Part of subcall function 069C9CA8: GetModuleFileNameA.KERNEL32(00000000,06A1EBC9,00000104), ref: 069C9D4B
                                                                                                                                            • Part of subcall function 069C9CA8: _strcpy_s.LIBCMT ref: 069C9D60
                                                                                                                                            • Part of subcall function 069C9CA8: __invoke_watson.LIBCMT ref: 069C9D73
                                                                                                                                            • Part of subcall function 069C9CA8: _strlen.LIBCMT ref: 069C9D7C
                                                                                                                                            • Part of subcall function 069C9CA8: _strlen.LIBCMT ref: 069C9D89
                                                                                                                                            • Part of subcall function 069C9CA8: __invoke_watson.LIBCMT ref: 069C9DB6
                                                                                                                                            • Part of subcall function 069CEF0E: ___crtCorExitProcess.LIBCMT ref: 069CEF16
                                                                                                                                            • Part of subcall function 069CEF0E: ExitProcess.KERNEL32 ref: 069CEF1F
                                                                                                                                          • HeapAlloc.KERNEL32(00000000,?), ref: 069C4AEB
                                                                                                                                          • HeapAlloc.KERNEL32(00000000,?), ref: 069C4B1B
                                                                                                                                            • Part of subcall function 069C4A5B: __lock.LIBCMT ref: 069C4A78
                                                                                                                                            • Part of subcall function 069C4A5B: ___sbh_alloc_block.LIBCMT ref: 069C4A83
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: __set_error_mode$__invoke_watson$AllocExitHeapProcess_strcpy_s_strlen$FileModuleName___crt___sbh_alloc_block__lock
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 913549098-0
                                                                                                                                          • Opcode ID: b9671763a774a152340012a70bcca89db29eb4454521eed75a023886c11be1ee
                                                                                                                                          • Instruction ID: 1057569c34cb8dbc316760734ee0dcdf1437a77a3adc409669877928756d5b90
                                                                                                                                          • Opcode Fuzzy Hash: b9671763a774a152340012a70bcca89db29eb4454521eed75a023886c11be1ee
                                                                                                                                          • Instruction Fuzzy Hash: 71F0F432F941556EDFA0A754FC14B6937DDEB41B31F200068FA2CDA8C0CB609C51828A
                                                                                                                                          Function 06DB4B80 Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • pthread_mutex_lock.PTHREADVC2(?), ref: 06DB4B9F
                                                                                                                                          • pthread_mutex_unlock.PTHREADVC2(?), ref: 06DB4BB4
                                                                                                                                            • Part of subcall function 06DB3360: InterlockedExchange.KERNEL32(?,00000000), ref: 06DB3376
                                                                                                                                          • _errno.MSVCRT ref: 06DB4BBC
                                                                                                                                          • pthread_mutex_unlock.PTHREADVC2(?), ref: 06DB4BD3
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361426622.0000000006DB1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 06DB0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361402305.0000000006DB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361483658.0000000006DB6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361523421.0000000006DB8000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361556198.0000000006DB9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6db0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: pthread_mutex_unlock$ExchangeInterlocked_errnopthread_mutex_lock
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1144193438-0
                                                                                                                                          • Opcode ID: 75112905391eed4a14558712f174db9da6e81fe15dcd578f85f474630fe46a6a
                                                                                                                                          • Instruction ID: 3803244c0d3091c6ecc92ebe783b1ba154353ed911f56ef30836d0d2fb7142fb
                                                                                                                                          • Opcode Fuzzy Hash: 75112905391eed4a14558712f174db9da6e81fe15dcd578f85f474630fe46a6a
                                                                                                                                          • Instruction Fuzzy Hash: 6BF0F472604208DFC740DF99AC407DF73E8EF81220F051169EA2247309EB71E51986E6
                                                                                                                                          Function 06DB37F0 Relevance: 6.0, APIs: 4, Instructions: 42COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • pthread_getspecific.PTHREADVC2(01BF0578), ref: 06DB3800
                                                                                                                                            • Part of subcall function 06DB14C0: pthread_mutex_lock.PTHREADVC2 ref: 06DB14F0
                                                                                                                                            • Part of subcall function 06DB14C0: pthread_mutex_unlock.PTHREADVC2(?), ref: 06DB1502
                                                                                                                                            • Part of subcall function 06DB14C0: pthread_mutex_lock.PTHREADVC2(?,?), ref: 06DB1508
                                                                                                                                            • Part of subcall function 06DB14C0: pthread_mutex_trylock.PTHREADVC2(?,?,?,00000000,?,?), ref: 06DB1525
                                                                                                                                            • Part of subcall function 06DB14C0: pthread_mutex_unlock.PTHREADVC2(?,?,?,?,00000000,?,?), ref: 06DB1533
                                                                                                                                            • Part of subcall function 06DB14C0: Sleep.KERNEL32(00000001,?,?,?,?,00000000,?,?), ref: 06DB153D
                                                                                                                                            • Part of subcall function 06DB14C0: pthread_mutex_lock.PTHREADVC2(?,?,00000000,?,?,?,?,00000000,?,?), ref: 06DB15B5
                                                                                                                                            • Part of subcall function 06DB14C0: pthread_mutex_unlock.PTHREADVC2(?,?,?,00000000,?,?), ref: 06DB15CC
                                                                                                                                          • pthread_mutex_lock.PTHREADVC2(00000030,?,?), ref: 06DB3820
                                                                                                                                          • pthread_mutex_unlock.PTHREADVC2(00000030), ref: 06DB382D
                                                                                                                                            • Part of subcall function 06DB3360: InterlockedExchange.KERNEL32(?,00000000), ref: 06DB3376
                                                                                                                                            • Part of subcall function 06DB1380: CloseHandle.KERNEL32(?,00000000), ref: 06DB13BE
                                                                                                                                            • Part of subcall function 06DB1380: pthread_mutex_destroy.PTHREADVC2(?,00000000), ref: 06DB13C5
                                                                                                                                            • Part of subcall function 06DB1380: pthread_mutex_destroy.PTHREADVC2(?,?,00000000), ref: 06DB13CF
                                                                                                                                            • Part of subcall function 06DB1380: CloseHandle.KERNEL32(?,?,?,?,00000000), ref: 06DB13E0
                                                                                                                                          • TlsSetValue.KERNEL32(00000000,00000000), ref: 06DB3859
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361426622.0000000006DB1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 06DB0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361402305.0000000006DB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361483658.0000000006DB6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361523421.0000000006DB8000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361556198.0000000006DB9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6db0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: pthread_mutex_lockpthread_mutex_unlock$CloseHandlepthread_mutex_destroy$ExchangeInterlockedSleepValuepthread_getspecificpthread_mutex_trylock
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 943836520-0
                                                                                                                                          • Opcode ID: 9c5a694ca4c0b2e27578c2b97596e57757fe3a2c1c63f41f7e174ff438d623ea
                                                                                                                                          • Instruction ID: eb55fe52c07fc5b1be35280b1ebf5cd7f32c5f930301dbbe45f3ed750665023b
                                                                                                                                          • Opcode Fuzzy Hash: 9c5a694ca4c0b2e27578c2b97596e57757fe3a2c1c63f41f7e174ff438d623ea
                                                                                                                                          • Instruction Fuzzy Hash: 64018135901600DBC2B0EB65DC80EAB73AAEF44750B01580CE91B8B708D674F84597B2
                                                                                                                                          Function 06DB1380 Relevance: 6.0, APIs: 4, Instructions: 37COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 06DB2C30: EnterCriticalSection.KERNEL32(06DB80E0,?,00000000,00000000,06DB2BC4,?,?), ref: 06DB2C38
                                                                                                                                            • Part of subcall function 06DB2C30: LeaveCriticalSection.KERNEL32(06DB80E0,06DB2BC4,?,?), ref: 06DB2C81
                                                                                                                                          • CloseHandle.KERNEL32(?,00000000), ref: 06DB13BE
                                                                                                                                          • pthread_mutex_destroy.PTHREADVC2(?,00000000), ref: 06DB13C5
                                                                                                                                          • pthread_mutex_destroy.PTHREADVC2(?,?,00000000), ref: 06DB13CF
                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,?,00000000), ref: 06DB13E0
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361426622.0000000006DB1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 06DB0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361402305.0000000006DB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361483658.0000000006DB6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361523421.0000000006DB8000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361556198.0000000006DB9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6db0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CloseCriticalHandleSectionpthread_mutex_destroy$EnterLeave
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 900476217-0
                                                                                                                                          • Opcode ID: e84800342a155d9355780d2c6fb0cdebe8db135d0d2c25951210acb949ba92bd
                                                                                                                                          • Instruction ID: 7d16e916e779c06a0e29ffc7e9ac81ec3d7f0745664020229d97aa6324dc1fce
                                                                                                                                          • Opcode Fuzzy Hash: e84800342a155d9355780d2c6fb0cdebe8db135d0d2c25951210acb949ba92bd
                                                                                                                                          • Instruction Fuzzy Hash: D4F01272904300DBEB50EB75DD94FABB3ECAF84341F44581DB955D3208EA35E904C6B1
                                                                                                                                          Function 06DB49B0 Relevance: 6.0, APIs: 4, Instructions: 36synchronizationCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • pthread_mutex_lock.PTHREADVC2(?), ref: 06DB49BD
                                                                                                                                          • WaitForSingleObject.KERNEL32(00000000,00000000), ref: 06DB49CE
                                                                                                                                          • pthread_mutex_unlock.PTHREADVC2(?), ref: 06DB49DE
                                                                                                                                            • Part of subcall function 06DB3360: InterlockedExchange.KERNEL32(?,00000000), ref: 06DB3376
                                                                                                                                          • pthread_mutex_unlock.PTHREADVC2(?), ref: 06DB49F0
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361426622.0000000006DB1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 06DB0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361402305.0000000006DB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361483658.0000000006DB6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361523421.0000000006DB8000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361556198.0000000006DB9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6db0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: pthread_mutex_unlock$ExchangeInterlockedObjectSingleWaitpthread_mutex_lock
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 330748577-0
                                                                                                                                          • Opcode ID: 726248bda8eaf86105518c2cc9614f9469918a9b2b6acb387db9b6bb0c097791
                                                                                                                                          • Instruction ID: 489f650a6f6b6d2d92a8bbbb1af95a05285e8ca0306b4c1a0cb12d1afc7b92d7
                                                                                                                                          • Opcode Fuzzy Hash: 726248bda8eaf86105518c2cc9614f9469918a9b2b6acb387db9b6bb0c097791
                                                                                                                                          • Instruction Fuzzy Hash: 71F082B7A04201DBCB90DFAAEC8198BB7E8EF95125304143DE65AC7219E730F0559762
                                                                                                                                          Function 0731A47F Relevance: 6.0, APIs: 4, Instructions: 31COMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • __getptd.LIBCMT ref: 0731A48B
                                                                                                                                            • Part of subcall function 07317F16: __getptd_noexit.LIBCMT ref: 07317F19
                                                                                                                                            • Part of subcall function 07317F16: __amsg_exit.LIBCMT ref: 07317F26
                                                                                                                                          • __getptd.LIBCMT ref: 0731A4A2
                                                                                                                                          • __amsg_exit.LIBCMT ref: 0731A4B0
                                                                                                                                          • __lock.LIBCMT ref: 0731A4C0
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3364461439.0000000007311000.00000020.00000001.01000000.00000012.sdmp, Offset: 07310000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3364405182.0000000007310000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364564894.0000000007320000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364633835.0000000007324000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364663478.0000000007327000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_7310000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: __amsg_exit__getptd$__getptd_noexit__lock
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3521780317-0
                                                                                                                                          • Opcode ID: d1de15c442a428623b6418f30167d4794d634932007eea5a4ea997055aa65b73
                                                                                                                                          • Instruction ID: dc55617b795510cf48dab552f671efeb71c571db525cda53b1a84acc03a10bd6
                                                                                                                                          • Opcode Fuzzy Hash: d1de15c442a428623b6418f30167d4794d634932007eea5a4ea997055aa65b73
                                                                                                                                          • Instruction Fuzzy Hash: 43F067F2A42725CBF638FB64840AB5D73A0AB80722F258269D40C97681CF3899018B53
                                                                                                                                          Function 069983E0 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • _ftell.LIBCMT ref: 069983F3
                                                                                                                                          • _fseek.LIBCMT ref: 06998402
                                                                                                                                          • _ftell.LIBCMT ref: 0699840B
                                                                                                                                            • Part of subcall function 069C3C03: __lock_file.LIBCMT ref: 069C3C3D
                                                                                                                                            • Part of subcall function 069C3C03: __ftell_nolock.LIBCMT ref: 069C3C49
                                                                                                                                          • _fseek.LIBCMT ref: 06998419
                                                                                                                                            • Part of subcall function 069C369F: __lock_file.LIBCMT ref: 069C36EA
                                                                                                                                            • Part of subcall function 069C369F: __fseek_nolock.LIBCMT ref: 069C36FA
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: __lock_file_fseek_ftell$__fseek_nolock__ftell_nolock
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3902883117-0
                                                                                                                                          • Opcode ID: 7687fc087e05a65295113471030f4dd89efd03ae05c04e4bf95d5d523c7bbdf6
                                                                                                                                          • Instruction ID: 93b46bc1e48536bea89b88b5eb02ba40c8a87a2592405234b49168288fc643d1
                                                                                                                                          • Opcode Fuzzy Hash: 7687fc087e05a65295113471030f4dd89efd03ae05c04e4bf95d5d523c7bbdf6
                                                                                                                                          • Instruction Fuzzy Hash: 3DF0C0B2640B106BD7A0EBA9CD89F1BF7E89FD8A11F11C81DB269CBA40D5B0EC008755
                                                                                                                                          Function 069C72C2 Relevance: 6.0, APIs: 4, Instructions: 31COMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • __getptd.LIBCMT ref: 069C72CE
                                                                                                                                            • Part of subcall function 069CA1D0: __getptd_noexit.LIBCMT ref: 069CA1D3
                                                                                                                                            • Part of subcall function 069CA1D0: __amsg_exit.LIBCMT ref: 069CA1E0
                                                                                                                                          • __getptd.LIBCMT ref: 069C72E5
                                                                                                                                          • __amsg_exit.LIBCMT ref: 069C72F3
                                                                                                                                          • __lock.LIBCMT ref: 069C7303
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: __amsg_exit__getptd$__getptd_noexit__lock
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3521780317-0
                                                                                                                                          • Opcode ID: 2b4e507bf41406f895ea826de996bb33bcfa42a9609972dfa9c613ffb8141105
                                                                                                                                          • Instruction ID: 5cd7a37272c5e9acc05265e523d0623cc362c8e51a8d1bd719602ac233363c44
                                                                                                                                          • Opcode Fuzzy Hash: 2b4e507bf41406f895ea826de996bb33bcfa42a9609972dfa9c613ffb8141105
                                                                                                                                          • Instruction Fuzzy Hash: 0EF06732D002189FE7E1FBA89801B5E73A06F80B70F50420D9862AFAC1CB749801EF93
                                                                                                                                          Function 06DB4540 Relevance: 6.0, APIs: 4, Instructions: 28COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • GetCurrentProcessId.KERNEL32 ref: 06DB4549
                                                                                                                                          • OpenProcess.KERNEL32(00000400,00000000,?), ref: 06DB455B
                                                                                                                                          • GetLastError.KERNEL32 ref: 06DB4565
                                                                                                                                          • _errno.MSVCRT ref: 06DB4578
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361426622.0000000006DB1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 06DB0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361402305.0000000006DB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361483658.0000000006DB6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361523421.0000000006DB8000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361556198.0000000006DB9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6db0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Process$CurrentErrorLastOpen_errno
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1035239118-0
                                                                                                                                          • Opcode ID: 636ef3d66586597c06426ed87d1231af99265f36dc0dd17609c0213c30a3820d
                                                                                                                                          • Instruction ID: 7906a7a96483ddd669b2c00fb8852cacc208d734de99cdc4c00ebab2b0265106
                                                                                                                                          • Opcode Fuzzy Hash: 636ef3d66586597c06426ed87d1231af99265f36dc0dd17609c0213c30a3820d
                                                                                                                                          • Instruction Fuzzy Hash: 0FE09232D14570CBC6605B7678087963BA9AF00A61B062310FE66E72CCEA209C4185D5
                                                                                                                                          Function 069970A0 Relevance: 6.0, APIs: 4, Instructions: 28COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • _ftell.LIBCMT ref: 069970A9
                                                                                                                                          • _fseek.LIBCMT ref: 069970B8
                                                                                                                                          • _ftell.LIBCMT ref: 069970C1
                                                                                                                                            • Part of subcall function 069C3C03: __lock_file.LIBCMT ref: 069C3C3D
                                                                                                                                            • Part of subcall function 069C3C03: __ftell_nolock.LIBCMT ref: 069C3C49
                                                                                                                                          • _fseek.LIBCMT ref: 069970CF
                                                                                                                                            • Part of subcall function 069C369F: __lock_file.LIBCMT ref: 069C36EA
                                                                                                                                            • Part of subcall function 069C369F: __fseek_nolock.LIBCMT ref: 069C36FA
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: __lock_file_fseek_ftell$__fseek_nolock__ftell_nolock
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3902883117-0
                                                                                                                                          • Opcode ID: 0af2ea4cd606ff8b0ec8b1b5cf17c34b64508c106e73ad76d8e7941e21ac4053
                                                                                                                                          • Instruction ID: 4173bdd78567f209d3b5c74e6a7ec11f65de4e057e43a8a9b3548065beabaa8c
                                                                                                                                          • Opcode Fuzzy Hash: 0af2ea4cd606ff8b0ec8b1b5cf17c34b64508c106e73ad76d8e7941e21ac4053
                                                                                                                                          • Instruction Fuzzy Hash: 79E04F76740B1037D6A0E6A89DC9F0B63DC9BC8B20F00881DB229CBA80D5A0EC004361
                                                                                                                                          Function 06DB38F0 Relevance: 6.0, APIs: 4, Instructions: 26COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • EnterCriticalSection.KERNEL32(06DB8160,?,06DB3BD4,?), ref: 06DB38F8
                                                                                                                                          • pthread_rwlock_init.PTHREADVC2(?,00000000), ref: 06DB390B
                                                                                                                                          • LeaveCriticalSection.KERNEL32(06DB8160), ref: 06DB391A
                                                                                                                                          • LeaveCriticalSection.KERNEL32(06DB8160), ref: 06DB3932
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361426622.0000000006DB1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 06DB0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361402305.0000000006DB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361483658.0000000006DB6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361523421.0000000006DB8000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361556198.0000000006DB9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6db0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CriticalSection$Leave$Enterpthread_rwlock_init
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1489824972-0
                                                                                                                                          • Opcode ID: 08dca45d326f1468fab9480d517764afc3abd11e3bb4e4c98357a18045c5852c
                                                                                                                                          • Instruction ID: 6bf271511862b3086aedac39ddb19155738eb9d9b7c49be757fbb6ede533d69b
                                                                                                                                          • Opcode Fuzzy Hash: 08dca45d326f1468fab9480d517764afc3abd11e3bb4e4c98357a18045c5852c
                                                                                                                                          • Instruction Fuzzy Hash: E3E04835F01224EBC6A01B76BC059DF7E99DF099B67052154F967E2348D620CC049691
                                                                                                                                          Function 06DB1FF0 Relevance: 6.0, APIs: 4, Instructions: 26COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • EnterCriticalSection.KERNEL32(06DB8100,?,06DB245E,?), ref: 06DB1FF8
                                                                                                                                          • pthread_cond_init.PTHREADVC2(00000000,00000000), ref: 06DB200B
                                                                                                                                          • LeaveCriticalSection.KERNEL32(06DB8100), ref: 06DB201A
                                                                                                                                          • LeaveCriticalSection.KERNEL32(06DB8100), ref: 06DB2032
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361426622.0000000006DB1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 06DB0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361402305.0000000006DB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361483658.0000000006DB6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361523421.0000000006DB8000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361556198.0000000006DB9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6db0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CriticalSection$Leave$Enterpthread_cond_init
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3948163319-0
                                                                                                                                          • Opcode ID: ebce45a20f4f4ec5f3f050bf11a7c2a03052eeb1af208a997b153c7fedc3a862
                                                                                                                                          • Instruction ID: 593fb2d59a7d3ed89136a7d87eeb872097d3aabc3a85cf810a587543293c31a9
                                                                                                                                          • Opcode Fuzzy Hash: ebce45a20f4f4ec5f3f050bf11a7c2a03052eeb1af208a997b153c7fedc3a862
                                                                                                                                          • Instruction Fuzzy Hash: 7AE0DF32F00260E7C2A01B36BC188EA3E98DF087F3B052218FA23D2348C221CD008B91
                                                                                                                                          Function 06DB4C00 Relevance: 6.0, APIs: 4, Instructions: 26COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • EnterCriticalSection.KERNEL32(06DB8140,?,06DB4E1A,?), ref: 06DB4C08
                                                                                                                                          • pthread_spin_init.PTHREADVC2(?,00000000), ref: 06DB4C1B
                                                                                                                                          • LeaveCriticalSection.KERNEL32(06DB8140), ref: 06DB4C2A
                                                                                                                                          • LeaveCriticalSection.KERNEL32(06DB8140), ref: 06DB4C42
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361426622.0000000006DB1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 06DB0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361402305.0000000006DB0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361483658.0000000006DB6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361523421.0000000006DB8000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361556198.0000000006DB9000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6db0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CriticalSection$Leave$Enterpthread_spin_init
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2251508969-0
                                                                                                                                          • Opcode ID: da600dc6c505f4feb495be81b720250159f9b38c136be0ee266474fa2ba67171
                                                                                                                                          • Instruction ID: b485f8623c735343a9dbcac7cf233d84284b528dd4751685b8f59503fb0a706a
                                                                                                                                          • Opcode Fuzzy Hash: da600dc6c505f4feb495be81b720250159f9b38c136be0ee266474fa2ba67171
                                                                                                                                          • Instruction Fuzzy Hash: ABE04F36F01324E786E05B77BC0ADDA3ED99F09EB6B092254F927D234DD624CC049A91
                                                                                                                                          Function 0731439B Relevance: 6.0, APIs: 4, Instructions: 19threadCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • __IsNonwritableInCurrentImage.LIBCMT ref: 073143AE
                                                                                                                                            • Part of subcall function 073182F0: __FindPESection.LIBCMT ref: 0731834B
                                                                                                                                          • __getptd_noexit.LIBCMT ref: 073143BE
                                                                                                                                          • __freeptd.LIBCMT ref: 073143C8
                                                                                                                                          • ExitThread.KERNEL32 ref: 073143D1
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3364461439.0000000007311000.00000020.00000001.01000000.00000012.sdmp, Offset: 07310000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3364405182.0000000007310000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364564894.0000000007320000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364633835.0000000007324000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3364663478.0000000007327000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_7310000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CurrentExitFindImageNonwritableSectionThread__freeptd__getptd_noexit
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3182216644-0
                                                                                                                                          • Opcode ID: a741bdfeb5bdef3927a76442ed76090beb97ad9e01a5fe77765eb61f0a8736b5
                                                                                                                                          • Instruction ID: 9850006d88cd4a73f658a9435b998a5523832c0cb0fc4090dde282d28bdbb08e
                                                                                                                                          • Opcode Fuzzy Hash: a741bdfeb5bdef3927a76442ed76090beb97ad9e01a5fe77765eb61f0a8736b5
                                                                                                                                          • Instruction Fuzzy Hash: FFD012F120065EA6F72C2666DA0B79537DD6B407B1F044418E40C810A2DF79E452D536
                                                                                                                                          Function 0B2DFB24 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 325COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 0B2DDBC4: OpenSCManagerW.ADVAPI32(00000000,00000000,00000015), ref: 0B2DDBF1
                                                                                                                                            • Part of subcall function 0B2DDBC4: OpenServiceW.ADVAPI32(00000000,00000000,80000080,00000000,0B2DDC99,?,00000000,00000000,00000015), ref: 0B2DDC22
                                                                                                                                            • Part of subcall function 0B2DDBC4: QueryServiceStatus.ADVAPI32(00000000,0B55EF05,00000000,0B2DDC7B,?,00000000,00000000,80000080,00000000,0B2DDC99,?,00000000,00000000,00000015), ref: 0B2DDC55
                                                                                                                                            • Part of subcall function 0B2DDBC4: CloseServiceHandle.ADVAPI32(00000000,0B2DDC82,0B2DDC7B,?,00000000,00000000,80000080,00000000,0B2DDC99,?,00000000,00000000,00000015), ref: 0B2DDC75
                                                                                                                                          • CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000004,00000003,00000000,00000000,00000000), ref: 0B2DFC2C
                                                                                                                                            • Part of subcall function 0B2DCE20: CoCreateInstance.COMBASE(0B55EFDA,00000000,00000005,0B2DCF3C,00000000), ref: 0B2DCE8E
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3379869403.000000000B089000.00000040.00001000.00020000.00000000.sdmp, Offset: 0B070000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B070000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5AF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5B1000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5BB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3379869403.000000000B5F7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_b070000_CPPlayer.jbxd
                                                                                                                                          Yara matches
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Service$Open$CloseCreateHandleInitializeInstanceManagerQuerySecurityStatus
                                                                                                                                          • String ID: Schedule.Service$schedule
                                                                                                                                          • API String ID: 1526959997-3918893109
                                                                                                                                          • Opcode ID: 5954fd9103f575762a27f7f305bc532611733333b3cefee23c079a7f7cd4594e
                                                                                                                                          • Instruction ID: 59d7002285376bf9d7f0d7ef7b67c5f5180249ac9d633fbffa848c807611ef5d
                                                                                                                                          • Opcode Fuzzy Hash: 5954fd9103f575762a27f7f305bc532611733333b3cefee23c079a7f7cd4594e
                                                                                                                                          • Instruction Fuzzy Hash: 00D1BE31D2425DEFDF21EBA0CD82BDDBBB9FB09300F4044A6E504A6191E7759A46CF64
                                                                                                                                          Function 06DC62AE Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 124COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361628266.0000000006DC1000.00000020.00000001.01000000.00000010.sdmp, Offset: 06DC0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361583894.0000000006DC0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361695467.0000000006DC8000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361730827.0000000006DCB000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361760959.0000000006DCD000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361801698.0000000006DCF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6dc0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Info
                                                                                                                                          • String ID: $
                                                                                                                                          • API String ID: 1807457897-3032137957
                                                                                                                                          • Opcode ID: ac927e9a2d99044338b59b2160d9752d5f69b6294ab9c7ce86a87f19bb78da04
                                                                                                                                          • Instruction ID: 01c2669bb680e67423abdd5b0f4bc8e66c54bf8f1e609f636c72d708bf5f41da
                                                                                                                                          • Opcode Fuzzy Hash: ac927e9a2d99044338b59b2160d9752d5f69b6294ab9c7ce86a87f19bb78da04
                                                                                                                                          • Instruction Fuzzy Hash: D24158714081DF5EEB528724CD59BE6BFEAEF05720F1800E9D689CB182C276C914CBA2
                                                                                                                                          Function 06DE025E Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 124COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361849390.0000000006DD1000.00000020.00000001.01000000.00000011.sdmp, Offset: 06DD0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361827332.0000000006DD0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361960118.0000000006DE2000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361980942.0000000006DE5000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3362017883.0000000006DE8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6dd0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Info
                                                                                                                                          • String ID: $
                                                                                                                                          • API String ID: 1807457897-3032137957
                                                                                                                                          • Opcode ID: b433e45db0c63640c231afc348c2dbc5ef4329ff6aa53ed23f7f7488cf8d82fc
                                                                                                                                          • Instruction ID: e220594b09afbc6cd5f44e952fa63f447d770bb6895dfa7343b31cd387a78473
                                                                                                                                          • Opcode Fuzzy Hash: b433e45db0c63640c231afc348c2dbc5ef4329ff6aa53ed23f7f7488cf8d82fc
                                                                                                                                          • Instruction Fuzzy Hash: 81416B314042985FD766B754DC4AFEE7FEADB11704F4400E5D685DB142C2F18A64CBA2
                                                                                                                                          Function 0699F990 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 107COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 0699FA00
                                                                                                                                            • Part of subcall function 069C3E33: RaiseException.KERNEL32(?,?,069C2685,?,?,?,?,?,069C2685,?,06A06B84,06A1EB6C), ref: 069C3E75
                                                                                                                                          • std::exception::exception.LIBCMT ref: 0699FA5E
                                                                                                                                            • Part of subcall function 069C2B95: _strlen.LIBCMT ref: 069C2BBA
                                                                                                                                            • Part of subcall function 069C2B95: _malloc.LIBCMT ref: 069C2BC3
                                                                                                                                            • Part of subcall function 069C2B95: _strcpy_s.LIBCMT ref: 069C2BD6
                                                                                                                                          Strings
                                                                                                                                          • invalid bitset<N> position, xrefs: 0699F9B5
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ExceptionException@8RaiseThrow_malloc_strcpy_s_strlenstd::exception::exception
                                                                                                                                          • String ID: invalid bitset<N> position
                                                                                                                                          • API String ID: 3160936874-1955209009
                                                                                                                                          • Opcode ID: 20bce13e2adba0179d704a593af0b1b81a1bb7f2b018634d6793f37d758c0963
                                                                                                                                          • Instruction ID: 1ba17365af9eedfee2ec86798eb62c05228fa922231278cbde4c4228761f7fb4
                                                                                                                                          • Opcode Fuzzy Hash: 20bce13e2adba0179d704a593af0b1b81a1bb7f2b018634d6793f37d758c0963
                                                                                                                                          • Instruction Fuzzy Hash: 272183B1148340AFD344DF18C940F6BBBE8FB89B24F104A1DF16997A90D774D505CB62
                                                                                                                                          Function 0699275C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(?,C0104754), ref: 069927A6
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ?getCharEnd@Reader@io@dami@@
                                                                                                                                          • String ID: OleAut32
                                                                                                                                          • API String ID: 495049384-3615908411
                                                                                                                                          • Opcode ID: e88d174eef88a353b7be26520727d3f4e664bcfced7b78a05700a64ffd0bf0a9
                                                                                                                                          • Instruction ID: c06c423cc1138b83c615579956cb0f3608a57876e83a288775e32e2fbc91e1ad
                                                                                                                                          • Opcode Fuzzy Hash: e88d174eef88a353b7be26520727d3f4e664bcfced7b78a05700a64ffd0bf0a9
                                                                                                                                          • Instruction Fuzzy Hash: ED015E70C08289EEEF01DFA8D805BEDBFB1AF15314F144099E5947A291D7BA4B44CB69
                                                                                                                                          Function 06992766 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: OleAut32
                                                                                                                                          • API String ID: 0-3615908411
                                                                                                                                          • Opcode ID: 3f0b58a0082850dc2da36c52e1d143403e686307812a961f5eda2167e8748965
                                                                                                                                          • Instruction ID: 732cefdd6d58f80600c9224a38e3822576ecf38ff95a6334ccc276ab512bbfbb
                                                                                                                                          • Opcode Fuzzy Hash: 3f0b58a0082850dc2da36c52e1d143403e686307812a961f5eda2167e8748965
                                                                                                                                          • Instruction Fuzzy Hash: 22012D70C08289EEEF01CBA8D804BEDBFB5AF15314F144099E5547A291D7BA4B44CB69
                                                                                                                                          Function 069C8AF9 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 069C2A53: __getptd.LIBCMT ref: 069C2A59
                                                                                                                                            • Part of subcall function 069C2A53: __getptd.LIBCMT ref: 069C2A69
                                                                                                                                          • __getptd.LIBCMT ref: 069C8B08
                                                                                                                                            • Part of subcall function 069CA1D0: __getptd_noexit.LIBCMT ref: 069CA1D3
                                                                                                                                            • Part of subcall function 069CA1D0: __amsg_exit.LIBCMT ref: 069CA1E0
                                                                                                                                          • __getptd.LIBCMT ref: 069C8B16
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: __getptd$__amsg_exit__getptd_noexit
                                                                                                                                          • String ID: csm
                                                                                                                                          • API String ID: 803148776-1018135373
                                                                                                                                          • Opcode ID: e46a7b107cce8ffc371107e4b2234d61d796c4ace5c89d25cd2bdc83ec9514c3
                                                                                                                                          • Instruction ID: 3b4011e5eee3da734f408b57f3887b3a66baed0c3702f48f64ddbd516f8abf7b
                                                                                                                                          • Opcode Fuzzy Hash: e46a7b107cce8ffc371107e4b2234d61d796c4ace5c89d25cd2bdc83ec9514c3
                                                                                                                                          • Instruction Fuzzy Hash: 16011AB4C002099ECBB9DF24CA406ADBBBABB40231F74442DE451569A0CB70C581DB56
                                                                                                                                          Function 069AADD0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • _sprintf.LIBCMT ref: 069AADF9
                                                                                                                                          • ?ID3_AddGenre@@YAPAVID3_Frame@@PAVID3_Tag@@PBD_N@Z.ID3LIB(?,?,?,?,(%lu),?), ref: 069AAE09
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Frame@@Genre@@Tag@@_sprintf
                                                                                                                                          • String ID: (%lu)
                                                                                                                                          • API String ID: 1749734782-4048087887
                                                                                                                                          • Opcode ID: c4ec198edf879f3776041eb8db7d689eb288742ae8668aebbb22ddc077770164
                                                                                                                                          • Instruction ID: 3dd95f292bcaaafa86d2a7e4ec39beefc18206049015368f59550b562bf59fdb
                                                                                                                                          • Opcode Fuzzy Hash: c4ec198edf879f3776041eb8db7d689eb288742ae8668aebbb22ddc077770164
                                                                                                                                          • Instruction Fuzzy Hash: 82F0E9B29142016BC784EF68EC519AF73D8AFCC650F81481DF449D7540E634DA08C7D3
                                                                                                                                          Function 06992743 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • ?getEnd@CharReader@io@dami@@UAEIXZ.ID3LIB(85557334,85557334), ref: 06992754
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3358912522.0000000006991000.00000040.00000001.01000000.00000017.sdmp, Offset: 06990000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3358856966.0000000006990000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359401965.00000000069F5000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359445621.00000000069FC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A14000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359620348.0000000006A21000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3359720442.0000000006A24000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6990000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ?getCharEnd@Reader@io@dami@@
                                                                                                                                          • String ID: OleAut32
                                                                                                                                          • API String ID: 495049384-3615908411
                                                                                                                                          • Opcode ID: 0d8ca9d35c539ebc4d1526a38cb7dccecaa33e5ddef90595d02e10bdf72bde97
                                                                                                                                          • Instruction ID: 3f3fad1a354e28146e771e6dc4e26b5acb727493f725264b8cd12b801ac8536c
                                                                                                                                          • Opcode Fuzzy Hash: 0d8ca9d35c539ebc4d1526a38cb7dccecaa33e5ddef90595d02e10bdf72bde97
                                                                                                                                          • Instruction Fuzzy Hash: 92F06D20C0C2C8D8EF02DBA889057DDBFF55F26314F244089D1A476292C7BA0B08DBBA
                                                                                                                                          Function 06DD3330 Relevance: 5.1, APIs: 4, Instructions: 147COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 06DDB0B0: WaitForSingleObject.KERNEL32(?,000000FF,06DD2BC9,?,?,?,?,?,06DD3056,?,00000000,?,06DD3021,?,?,06DD76A7), ref: 06DDB0B7
                                                                                                                                            • Part of subcall function 06DDB120: SetEvent.KERNEL32(?,06DD3070,?,?), ref: 06DDB127
                                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 06DD338F
                                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 06DD339C
                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 06DD33E0
                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 06DD33E3
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361849390.0000000006DD1000.00000020.00000001.01000000.00000011.sdmp, Offset: 06DD0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361827332.0000000006DD0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361960118.0000000006DE2000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361980942.0000000006DE5000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3362017883.0000000006DE8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6dd0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CriticalSection$EnterLeave$EventObjectSingleWait
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 497781136-0
                                                                                                                                          • Opcode ID: 29e24ae3c87cbbf0ad5099e3a4e45bea5e5fd140724de40544590ba850463cdf
                                                                                                                                          • Instruction ID: 203f8b455d4e44247febd052382fa862b730c8098cb169ff25ceb9310086854c
                                                                                                                                          • Opcode Fuzzy Hash: 29e24ae3c87cbbf0ad5099e3a4e45bea5e5fd140724de40544590ba850463cdf
                                                                                                                                          • Instruction Fuzzy Hash: A85192B5A00706AFC394EF68CD80A96B7E8FF49344F044629E46983701E735F915CBE1
                                                                                                                                          Function 06DC4102 Relevance: 5.1, APIs: 4, Instructions: 53memoryCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • HeapReAlloc.KERNEL32(00000000,00000050,?,00000000,06DC3ECA,?,?,?,06DC345C,?,?,?,?), ref: 06DC412A
                                                                                                                                          • HeapAlloc.KERNEL32(00000008,000041C4,?,00000000,06DC3ECA,?,?,?,06DC345C,?,?,?,?), ref: 06DC415E
                                                                                                                                          • VirtualAlloc.KERNEL32(00000000,00100000,00002000,00000004,?,00000000,06DC3ECA,?,?,?,06DC345C,?,?,?,?), ref: 06DC4178
                                                                                                                                          • HeapFree.KERNEL32(00000000,?,?,00000000,06DC3ECA,?,?,?,06DC345C,?,?,?,?), ref: 06DC418F
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361628266.0000000006DC1000.00000020.00000001.01000000.00000010.sdmp, Offset: 06DC0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361583894.0000000006DC0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361695467.0000000006DC8000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361730827.0000000006DCB000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361760959.0000000006DCD000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361801698.0000000006DCF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6dc0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: AllocHeap$FreeVirtual
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3499195154-0
                                                                                                                                          • Opcode ID: 97cc206d58ac958d006d57b990b573e85816bde18c02b8bf2e891ef22369ae4a
                                                                                                                                          • Instruction ID: 1b6d8b1bf631f6401186d82af846ea696792ae041a5a01822bfe1368dffe1762
                                                                                                                                          • Opcode Fuzzy Hash: 97cc206d58ac958d006d57b990b573e85816bde18c02b8bf2e891ef22369ae4a
                                                                                                                                          • Instruction Fuzzy Hash: 391158B020020B9FD7308F19E859F22BBB3FB94331B104619F2A6C72E0D7389852DB50
                                                                                                                                          Function 06DDCC7F Relevance: 5.1, APIs: 4, Instructions: 53memoryCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • HeapReAlloc.KERNEL32(00000000,?,00000000,00000000,06DDCA47,00000000,?,00000000,06DDB32C,?,00000000,?,00000000,00000000,?), ref: 06DDCCA7
                                                                                                                                          • HeapAlloc.KERNEL32(00000008,000041C4,00000000,00000000,06DDCA47,00000000,?,00000000,06DDB32C,?,00000000,?,00000000,00000000,?), ref: 06DDCCDB
                                                                                                                                          • VirtualAlloc.KERNEL32(00000000,00100000,00002000,00000004), ref: 06DDCCF5
                                                                                                                                          • HeapFree.KERNEL32(00000000,?), ref: 06DDCD0C
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361849390.0000000006DD1000.00000020.00000001.01000000.00000011.sdmp, Offset: 06DD0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361827332.0000000006DD0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361960118.0000000006DE2000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361980942.0000000006DE5000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3362017883.0000000006DE8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6dd0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: AllocHeap$FreeVirtual
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3499195154-0
                                                                                                                                          • Opcode ID: 617eb340507428b498219fc5685eb21286f3fd4888746097fc314206f9255f44
                                                                                                                                          • Instruction ID: ade735f7472ecdcd28a95dfff03a223e17fbf7f2e0ee6b8ee217e2933714254c
                                                                                                                                          • Opcode Fuzzy Hash: 617eb340507428b498219fc5685eb21286f3fd4888746097fc314206f9255f44
                                                                                                                                          • Instruction Fuzzy Hash: 46113A306002019FD7E1AF59EC45A667BBBFB85754B100A1DF662CA690C3B19942CB60
                                                                                                                                          Function 06DC48D2 Relevance: 5.0, APIs: 4, Instructions: 12COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • InitializeCriticalSection.KERNEL32(?,06DC4CD4,?,06DC3676), ref: 06DC48DF
                                                                                                                                          • InitializeCriticalSection.KERNEL32 ref: 06DC48E7
                                                                                                                                          • InitializeCriticalSection.KERNEL32 ref: 06DC48EF
                                                                                                                                          • InitializeCriticalSection.KERNEL32 ref: 06DC48F7
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361628266.0000000006DC1000.00000020.00000001.01000000.00000010.sdmp, Offset: 06DC0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361583894.0000000006DC0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361695467.0000000006DC8000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361730827.0000000006DCB000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361760959.0000000006DCD000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361801698.0000000006DCF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6dc0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CriticalInitializeSection
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 32694325-0
                                                                                                                                          • Opcode ID: 12cb44f74eaeef200da876316830c839ae8965b3fb17c98d86e87a9b20d40af6
                                                                                                                                          • Instruction ID: 9443941a83790338a78a48df7ea450edee5dfe1345ee8f568cbd4cdce6458ec9
                                                                                                                                          • Opcode Fuzzy Hash: 12cb44f74eaeef200da876316830c839ae8965b3fb17c98d86e87a9b20d40af6
                                                                                                                                          • Instruction Fuzzy Hash: 2BC0E93180142F9ACA512B67FF0784E3F27EB462703010063A71453230C62A5811FF80
                                                                                                                                          Function 06DDD44F Relevance: 5.0, APIs: 4, Instructions: 12COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • InitializeCriticalSection.KERNEL32(?,06DDE805,?,06DDC1F3), ref: 06DDD45C
                                                                                                                                          • InitializeCriticalSection.KERNEL32 ref: 06DDD464
                                                                                                                                          • InitializeCriticalSection.KERNEL32 ref: 06DDD46C
                                                                                                                                          • InitializeCriticalSection.KERNEL32 ref: 06DDD474
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.3361849390.0000000006DD1000.00000020.00000001.01000000.00000011.sdmp, Offset: 06DD0000, based on PE: true
                                                                                                                                          • Associated: 00000003.00000002.3361827332.0000000006DD0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361960118.0000000006DE2000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3361980942.0000000006DE5000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          • Associated: 00000003.00000002.3362017883.0000000006DE8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_6dd0000_CPPlayer.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CriticalInitializeSection
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 32694325-0
                                                                                                                                          • Opcode ID: a4a21b9d57a804e484627c320408fec643b7cacdfe64cd6397459df413c587a3
                                                                                                                                          • Instruction ID: 2fe6c7288536b73e4adb209d4a8782adf4091e404613274d53d905fdffd7efce
                                                                                                                                          • Opcode Fuzzy Hash: a4a21b9d57a804e484627c320408fec643b7cacdfe64cd6397459df413c587a3
                                                                                                                                          • Instruction Fuzzy Hash: 2CC0EA31801128AACA623B67FE0684A3F27EB452FD3010062B3085E2748AA31920EFD1