Edit tour

Windows Analysis Report
setup.msi

Overview

General Information

Sample name:	setup.msi
Analysis ID:	1584512
MD5:	7c1483f7e76fd97ecae77db49c8bc689
SHA1:	5e0bf8b4995aab4bc3f1abb17b673d6656598d67
SHA256:	f371f210de8c0e127feec5e3b9f52592656ec82cabff42dd6c32f38a28fe7e32
Tags:	caliandentistry-comLegionLoadermsiRobotDropperuser-aachum
Infos:

Detection

Score:	68
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Suricata IDS alerts for network traffic

AI detected suspicious sample

Bypasses PowerShell execution policy

Potentially malicious time measurement code found

Sigma detected: Script Interpreter Execution From Suspicious Folder

Sigma detected: Suspicious Script Execution From Temp Folder

Binary contains a suspicious time stamp

Checks for available system drives (often done to infect USB drives)

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to dynamically determine API calls

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Deletes files inside the Windows folder

Detected potential crypto function

Drops PE files

Drops PE files to the windows directory (C:\Windows)

Enables debug privileges

Extensive use of GetProcAddress (often used to hide API calls)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found inlined nop instructions (likely shell or obfuscated code)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

Launches processes in debugging mode, may be used to hinder debugging

May sleep (evasive loops) to hinder dynamic analysis

PE file contains more sections than normal

PE file contains sections with non-standard names

PE file does not import any functions

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Sigma detected: Change PowerShell Policies to an Insecure Level

Sigma detected: Msiexec Initiated Connection

Sigma detected: Suspicious MsiExec Embedding Parent

Uses code obfuscation techniques (call, push, ret)

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Yara detected AdvancedInstaller

Classification

Process Tree

System is w10x64

msiexec.exe (PID: 1368 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\setup.msi" MD5: E5DA170027542E25EDE42FC54C929077)

msiexec.exe (PID: 4324 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)

msiexec.exe (PID: 6112 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 8BAE8D3C6383EE8791BC1BB779B3FCD0 MD5: 9D09DC1EDA745A5F87553048E57620CF)

powershell.exe (PID: 7072 cmdline: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss3499.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi3486.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr3497.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr3498.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue." MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)

conhost.exe (PID: 6880 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 4956 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\suriqk.bat" "C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 4124 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

obs-ffmpeg-mux.exe (PID: 1816 cmdline: "C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe" MD5: D3CAC4D7B35BACAE314F48C374452D71)

conhost.exe (PID: 2044 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

createdump.exe (PID: 744 cmdline: "C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\createdump.exe" MD5: 71F796B486C7FAF25B9B16233A7CE0CD)

conhost.exe (PID: 2640 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cleanup

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
sslproxydump.pcap	JoeSecurity_AdvancedInstaller	Yara detected AdvancedInstaller	Joe Security

Sigma Signatures

System Summary

Sigma detected: Script Interpreter Execution From Suspicious Folder

Source: Process started

Author: Florian Roth (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss3499.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi3486.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr3497.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr3498.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", CommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss3499.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi3486.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr3497.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr3498.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\syswow64\MsiExec.exe -Embedding 8BAE8D3C6383EE8791BC1BB779B3FCD0, ParentImage: C:\Windows\SysWOW64\msiexec.exe, ParentProcessId: 6112, ParentProcessName: msiexec.exe, ProcessCommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss3499.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi3486.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr3497.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr3498.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", ProcessId: 7072, ProcessName: powershell.exe

Sigma detected: Suspicious Script Execution From Temp Folder

Source: Process started

Author: Florian Roth (Nextron Systems), Max Altgelt (Nextron Systems), Tim Shelton: Data: Command: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss3499.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi3486.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr3497.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr3498.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", CommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss3499.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi3486.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr3497.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr3498.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\syswow64\MsiExec.exe -Embedding 8BAE8D3C6383EE8791BC1BB779B3FCD0, ParentImage: C:\Windows\SysWOW64\msiexec.exe, ParentProcessId: 6112, ParentProcessName: msiexec.exe, ProcessCommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss3499.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi3486.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr3497.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr3498.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", ProcessId: 7072, ProcessName: powershell.exe

Sigma detected: Change PowerShell Policies to an Insecure Level

Source: Process started

Author: frack113: Data: Command: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss3499.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi3486.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr3497.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr3498.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", CommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss3499.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi3486.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr3497.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr3498.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\syswow64\MsiExec.exe -Embedding 8BAE8D3C6383EE8791BC1BB779B3FCD0, ParentImage: C:\Windows\SysWOW64\msiexec.exe, ParentProcessId: 6112, ParentProcessName: msiexec.exe, ProcessCommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss3499.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi3486.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr3497.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr3498.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", ProcessId: 7072, ProcessName: powershell.exe

Sigma detected: Msiexec Initiated Connection

Source: Network Connection

Author: frack113: Data: DestinationIp: 104.21.32.1, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Windows\SysWOW64\msiexec.exe, Initiated: true, ProcessId: 6112, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49730

Sigma detected: Suspicious MsiExec Embedding Parent

Source: Process started

Sigma detected: Non Interactive PowerShell Process Spawned

Source: Process started

Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss3499.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi3486.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr3497.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr3498.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", CommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss3499.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi3486.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr3497.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr3498.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\syswow64\MsiExec.exe -Embedding 8BAE8D3C6383EE8791BC1BB779B3FCD0, ParentImage: C:\Windows\SysWOW64\msiexec.exe, ParentProcessId: 6112, ParentProcessName: msiexec.exe, ProcessCommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss3499.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi3486.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr3497.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr3498.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", ProcessId: 7072, ProcessName: powershell.exe

Suricata Signatures

ETPRO MALWARE MSIL/Zbrain PUP/Stealer Installer UA

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-05T18:13:16.856398+0100	2829202	1	A Network Trojan was detected	192.168.2.4	49730	104.21.32.1	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 98.4% probability

Source: C:\Windows\System32\msiexec.exe

Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BA2FC2FA-8AD1-483C-BAA6-EAEE13985C74}

Jump to behavior

Source: unknown

HTTPS traffic detected: 104.21.32.1:443 -> 192.168.2.4:49730 version: TLS 1.2

Source:	Binary string: C:\ReleaseAI\win\Release\custact\x86\DataUploader.pdb source: setup.msi, 6403f4.msi.1.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\debug\createdump\createdump.pdb source: createdump.exe, 00000007.00000002.1867274755.00007FF6F82F8000.00000002.00000001.01000000.00000006.sdmp, createdump.exe, 00000007.00000000.1864085778.00007FF6F82F8000.00000002.00000001.01000000.00000006.sdmp
Source:	Binary string: C:\ReleaseAI\win\Release\bin\x86\embeddeduiproxy.pdb= source: setup.msi, 6403f4.msi.1.dr
Source:	Binary string: C:\ReleaseAI\win\Release\WinUiBootstrapperEui\WinUiBootstrapperEui.pdb)) source: setup.msi, 6403f4.msi.1.dr
Source:	Binary string: ucrtbase.pdb source: setup.msi, 6403f4.msi.1.dr
Source:	Binary string: api-ms-win-core-file-l1-2-0.pdb source: api-ms-win-core-file-l1-2-0.dll.1.dr
Source:	Binary string: api-ms-win-core-synch-l1-2-0.pdb source: api-ms-win-core-synch-l1-2-0.dll.1.dr
Source:	Binary string: C:\ReleaseAI\win\Release\custact\x86\PowerShellScriptLauncher.pdbk source: setup.msi, MSI33F3.tmp.1.dr, 6403f4.msi.1.dr
Source:	Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: api-ms-win-core-sysinfo-l1-1-0.dll.1.dr
Source:	Binary string: Microsoft.Web.WebView2.Core.pdbGCTL source: setup.msi, 6403f4.msi.1.dr
Source:	Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: api-ms-win-core-processenvironment-l1-1-0.dll.1.dr
Source:	Binary string: C:\ReleaseAI\win\Release\custact\x86\DataUploader.pdbj source: setup.msi, 6403f4.msi.1.dr
Source:	Binary string: C:\ReleaseAI\win\Release\custact\x86\SoftwareDetector.pdbm source: setup.msi, 6403f4.msi.1.dr
Source:	Binary string: E:\BA\201\s\140_release\vcrt_fwd_x86_release\Release\vcamp140_app.pdb source: setup.msi, 6403f4.msi.1.dr
Source:	Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: setup.msi, 6403f4.msi.1.dr
Source:	Binary string: E:\BA\201\s\140_release\vcrt_fwd_x86_release\Release\vccorlib140_app.pdb source: setup.msi, 6403f4.msi.1.dr
Source:	Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdbGCTL source: setup.msi, 6403f4.msi.1.dr
Source:	Binary string: C:\ReleaseAI\win\Release\WinUiBootstrapperEui\WinUiBootstrapperEui.pdb source: setup.msi, 6403f4.msi.1.dr
Source:	Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: api-ms-win-crt-conio-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-core-localization-l1-2-0.pdb source: api-ms-win-core-localization-l1-2-0.dll.1.dr
Source:	Binary string: C:\ReleaseAI\win\Release\stubs\x86\ExternalUi.pdb source: setup.msi, 6403f4.msi.1.dr
Source:	Binary string: D:\a\_work\1\s\140_release\vcrt_fwd_x86_release\Release\msvcp140_app.pdb source: setup.msi, 6403f4.msi.1.dr
Source:	Binary string: api-ms-win-core-synch-l1-1-0.pdb source: api-ms-win-core-synch-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: api-ms-win-core-namedpipe-l1-1-0.dll.1.dr
Source:	Binary string: C:\ReleaseAI\win\Release\custact\x86\PowerShellScriptLauncher.pdb source: setup.msi, MSI33F3.tmp.1.dr, 6403f4.msi.1.dr
Source:	Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: api-ms-win-crt-environment-l1-1-0.dll.1.dr
Source:	Binary string: E:\BA\201\s\140_release\vcrt_fwd_x86_release\Release\vcomp140_app.pdb source: setup.msi, 6403f4.msi.1.dr
Source:	Binary string: D:\a\1\s\Win32\Release\Microsoft.Toolkit.Win32.UI.XamlApplication\Microsoft.Toolkit.Win32.UI.XamlHost.pdb!! source: setup.msi, 6403f4.msi.1.dr
Source:	Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: obs-ffmpeg-mux.exe, 0000000A.00000002.1880871127.00007FFE1A531000.00000002.00000001.01000000.0000000C.sdmp
Source:	Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: api-ms-win-core-timezone-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: api-ms-win-core-errorhandling-l1-1-0.dll.1.dr
Source:	Binary string: C:\a\_work\1\s\BuildOutput\Release\x86\Microsoft.UI.Xaml\Microsoft.UI.Xaml.pdb source: setup.msi, 6403f4.msi.1.dr
Source:	Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: api-ms-win-core-processthreads-l1-1-0.dll.1.dr
Source:	Binary string: D:\a\_work\1\s\140_release\vcrt_fwd_x86_release\Release\vcruntime140_app.pdb source: setup.msi, 6403f4.msi.1.dr
Source:	Binary string: api-ms-win-core-file-l1-1-0.pdb source: api-ms-win-core-file-l1-1-0.dll.1.dr
Source:	Binary string: obs-ffmpeg-mux.pdb source: obs-ffmpeg-mux.exe, 0000000A.00000002.1869595077.00007FF7E74D5000.00000004.00000001.01000000.00000007.sdmp, obs-ffmpeg-mux.exe, 0000000A.00000000.1867134959.00007FF7E74D5000.00000002.00000001.01000000.00000007.sdmp
Source:	Binary string: D:\a\1\s\Win32\Release\Microsoft.Toolkit.Win32.UI.XamlApplication\Microsoft.Toolkit.Win32.UI.XamlHost.pdb source: setup.msi, 6403f4.msi.1.dr
Source:	Binary string: C:\ReleaseAI\win\Release\bin\x86\embeddeduiproxy.pdb source: setup.msi, 6403f4.msi.1.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\debug\createdump\createdump.pdb;;;GCTL source: createdump.exe, 00000007.00000002.1867274755.00007FF6F82F8000.00000002.00000001.01000000.00000006.sdmp, createdump.exe, 00000007.00000000.1864085778.00007FF6F82F8000.00000002.00000001.01000000.00000006.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: setup.msi, 6403f4.msi.1.dr
Source:	Binary string: C:\ReleaseAI\win\Release\custact\x86\SoftwareDetector.pdb source: setup.msi, 6403f4.msi.1.dr
Source:	Binary string: Microsoft.Web.WebView2.Core.pdb source: setup.msi, 6403f4.msi.1.dr
Source:	Binary string: ucrtbase.pdbUGP source: setup.msi, 6403f4.msi.1.dr
Source:	Binary string: api-ms-win-core-profile-l1-1-0.pdb source: api-ms-win-core-profile-l1-1-0.dll.1.dr
Source:	Binary string: w32-pthreads.pdb source: obs-ffmpeg-mux.exe, 0000000A.00000002.1880971811.00007FFE1A548000.00000002.00000001.01000000.0000000B.sdmp
Source:	Binary string: C:\ReleaseAI\win\Release\custact\x86\AICustAct.pdb source: setup.msi, MSIE92.tmp.1.dr, MSIE52.tmp.1.dr, 6403f4.msi.1.dr
Source:	Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdbGCTL source: setup.msi, 6403f4.msi.1.dr

Source: C:\Windows\System32\msiexec.exe	File opened: z:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: x:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: v:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: t:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: r:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: p:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: n:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: l:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: j:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: h:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: f:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: b:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: y:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: w:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: u:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: s:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: q:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: o:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: m:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: k:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: i:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: g:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: e:	Jump to behavior
Source: C:\Windows\System32\cmd.exe	File opened: c:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: a:	Jump to behavior

Source: Yara match

File source: sslproxydump.pcap, type: PCAP

Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe

Code function: 4x nop then push rbx

10_2_00007FFDFB9446C0

Networking

Suricata IDS alerts for network traffic

Source: Network traffic

Suricata IDS: 2829202 - Severity 1 - ETPRO MALWARE MSIL/Zbrain PUP/Stealer Installer UA : 192.168.2.4:49730 -> 104.21.32.1:443

Source: Joe Sandbox View

IP Address: 104.21.32.1 104.21.32.1

Source: Joe Sandbox View

ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

DNS traffic detected: DNS query: caliandentistry.com

Source: unknown

HTTP traffic detected: POST /updater.php HTTP/1.1Content-Type: application/x-www-form-urlencoded; charset=utf-8User-Agent: AdvancedInstallerHost: caliandentistry.comContent-Length: 71Cache-Control: no-cache

Source: setup.msi, 6403f4.msi.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: avformat-60.dll.1.dr, zlib.dll.1.dr, swresample-4.dll.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: setup.msi, 6403f4.msi.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: avformat-60.dll.1.dr, zlib.dll.1.dr, swresample-4.dll.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: avformat-60.dll.1.dr, zlib.dll.1.dr, swresample-4.dll.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: avformat-60.dll.1.dr, zlib.dll.1.dr, swresample-4.dll.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: setup.msi, 6403f4.msi.1.dr	String found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA.crt0
Source: powershell.exe, 00000003.00000002.1812622404.0000000006DA0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.micro
Source: powershell.exe, 00000003.00000002.1812904972.0000000006E45000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.microsoft
Source: avformat-60.dll.1.dr, zlib.dll.1.dr, swresample-4.dll.1.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: setup.msi, 6403f4.msi.1.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: setup.msi, 6403f4.msi.1.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
Source: avformat-60.dll.1.dr, zlib.dll.1.dr, swresample-4.dll.1.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: avformat-60.dll.1.dr, zlib.dll.1.dr, swresample-4.dll.1.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: swresample-4.dll.1.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: setup.msi, 6403f4.msi.1.dr	String found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA.crl0E
Source: setup.msi, 6403f4.msi.1.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: setup.msi, 6403f4.msi.1.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: avformat-60.dll.1.dr, zlib.dll.1.dr, swresample-4.dll.1.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: setup.msi, 6403f4.msi.1.dr	String found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA.crl0K
Source: setup.msi, 6403f4.msi.1.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: obs-ffmpeg-mux.exe, obs-ffmpeg-mux.exe, 0000000A.00000002.1870093179.00007FFDF78DB000.00000002.00000001.01000000.0000000A.sdmp, avformat-60.dll.1.dr	String found in binary or memory: http://dashif.org/guidelines/trickmode
Source: powershell.exe, 00000003.00000002.1811625836.00000000056BA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://nuget.org/NuGet.exe
Source: avformat-60.dll.1.dr, zlib.dll.1.dr, swresample-4.dll.1.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: avformat-60.dll.1.dr, zlib.dll.1.dr, swresample-4.dll.1.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: setup.msi, avformat-60.dll.1.dr, zlib.dll.1.dr, swresample-4.dll.1.dr, 6403f4.msi.1.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: setup.msi, 6403f4.msi.1.dr	String found in binary or memory: http://ocsp.digicert.com0K
Source: setup.msi, 6403f4.msi.1.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: setup.msi, 6403f4.msi.1.dr	String found in binary or memory: http://ocsp.digicert.com0O
Source: avformat-60.dll.1.dr, zlib.dll.1.dr, swresample-4.dll.1.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: powershell.exe, 00000003.00000002.1809208577.00000000047A6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: setup.msi, 6403f4.msi.1.dr	String found in binary or memory: http://schemas.micj
Source: powershell.exe, 00000003.00000002.1809208577.0000000004651000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: obs-ffmpeg-mux.exe, 0000000A.00000002.1870093179.00007FFDF78DB000.00000002.00000001.01000000.0000000A.sdmp, avformat-60.dll.1.dr	String found in binary or memory: http://standards.iso.org/ittf/PubliclyAvailableStandards/MPEG-DASH_schema_files/DASH-MPD.xsd
Source: powershell.exe, 00000003.00000002.1809208577.00000000047A6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: setup.msi, avformat-60.dll.1.dr, zlib.dll.1.dr, swresample-4.dll.1.dr, 6403f4.msi.1.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: obs-ffmpeg-mux.exe, 0000000A.00000002.1878649695.00007FFDF9AB0000.00000002.00000001.01000000.00000009.sdmp	String found in binary or memory: http://www.videolan.org/x264.html
Source: zlib.dll.1.dr	String found in binary or memory: http://www.zlib.net/D
Source: powershell.exe, 00000003.00000002.1809208577.0000000004651000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/pscore6lBkq
Source: setup.msi, 6403f4.msi.1.dr	String found in binary or memory: https://aka.ms/winui2/webview2download/Reload():
Source: setup.msi, 6403f4.msi.1.dr	String found in binary or memory: https://caliandentistry.com/updater.phpx
Source: powershell.exe, 00000003.00000002.1811625836.00000000056BA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/
Source: powershell.exe, 00000003.00000002.1811625836.00000000056BA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/Icon
Source: powershell.exe, 00000003.00000002.1811625836.00000000056BA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/License
Source: powershell.exe, 00000003.00000002.1809208577.00000000047A6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Pester/Pester
Source: powershell.exe, 00000003.00000002.1809208577.0000000004AAE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://go.micro
Source: powershell.exe, 00000003.00000002.1811625836.00000000056BA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://nuget.org/nuget.exe
Source: obs-ffmpeg-mux.exe, obs-ffmpeg-mux.exe, 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: https://streams.videolan.org/upload/
Source: setup.msi, 6403f4.msi.1.dr	String found in binary or memory: https://www.digicert.com/CPS0

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443

Source: unknown

HTTPS traffic detected: 104.21.32.1:443 -> 192.168.2.4:49730 version: TLS 1.2

Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\6403f1.msi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIDD4.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIE52.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIE92.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIEB2.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIEF1.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIF21.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIF51.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI2ED1.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\inprogressinstallinfo.ipi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\SourceHash{BA2FC2FA-8AD1-483C-BAA6-EAEE13985C74}	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI33E3.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI33F3.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\6403f4.msi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\6403f4.msi	Jump to behavior

Source: C:\Windows\System32\msiexec.exe

File deleted: C:\Windows\Installer\MSIDD4.tmp

Jump to behavior

Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 10_2_00007FF7E74D2EE0	10_2_00007FF7E74D2EE0
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 10_2_00007FF7E74D2A10	10_2_00007FF7E74D2A10
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 10_2_00007FFDFB8E2BF0	10_2_00007FFDFB8E2BF0
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 10_2_00007FFDFB90CBE0	10_2_00007FFDFB90CBE0
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 10_2_00007FFDFB8F3C00	10_2_00007FFDFB8F3C00
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 10_2_00007FFDFB8C1C30	10_2_00007FFDFB8C1C30
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 10_2_00007FFDFB922B80	10_2_00007FFDFB922B80
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 10_2_00007FFDFB902B60	10_2_00007FFDFB902B60
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 10_2_00007FFDFB8C3B87	10_2_00007FFDFB8C3B87
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 10_2_00007FFDFB905B00	10_2_00007FFDFB905B00
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 10_2_00007FFDFB8F2B40	10_2_00007FFDFB8F2B40
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 10_2_00007FFDFB8CBA70	10_2_00007FFDFB8CBA70
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 10_2_00007FFDFB96DAA0	10_2_00007FFDFB96DAA0
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 10_2_00007FFDFB8C9A50	10_2_00007FFDFB8C9A50
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 10_2_00007FFDFB8C1990	10_2_00007FFDFB8C1990
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 10_2_00007FFDFB8E5980	10_2_00007FFDFB8E5980
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 10_2_00007FFDFB8F09B0	10_2_00007FFDFB8F09B0
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 10_2_00007FFDFB8CD9B0	10_2_00007FFDFB8CD9B0
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 10_2_00007FFDFB8CE9A0	10_2_00007FFDFB8CE9A0
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 10_2_00007FFDFB8C99C0	10_2_00007FFDFB8C99C0
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 10_2_00007FFDFB8F4920	10_2_00007FFDFB8F4920
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 10_2_00007FFDFB8F28B0	10_2_00007FFDFB8F28B0
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 10_2_00007FFDFB8CB8D0	10_2_00007FFDFB8CB8D0
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 10_2_00007FFDFB8CD8D0	10_2_00007FFDFB8CD8D0
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 10_2_00007FFDFB8CD030	10_2_00007FFDFB8CD030
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 10_2_00007FFDFB8CB030	10_2_00007FFDFB8CB030
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 10_2_00007FFDFB8CDEF0	10_2_00007FFDFB8CDEF0
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 10_2_00007FFDFB8E2F20	10_2_00007FFDFB8E2F20
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 10_2_00007FFDFB8C6E70	10_2_00007FFDFB8C6E70
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 10_2_00007FFDFB8DFDF0	10_2_00007FFDFB8DFDF0
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 10_2_00007FFDFB901E10	10_2_00007FFDFB901E10
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 10_2_00007FFDFB8CBE20	10_2_00007FFDFB8CBE20
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 10_2_00007FFDFB8F2D90	10_2_00007FFDFB8F2D90
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 10_2_00007FFDFB8CCCE0	10_2_00007FFDFB8CCCE0
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 10_2_00007FFDFB8E2D20	10_2_00007FFDFB8E2D20
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 10_2_00007FFDFB8C9D50	10_2_00007FFDFB8C9D50
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 10_2_00007FFDFB8E4C80	10_2_00007FFDFB8E4C80
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 10_2_00007FFDFB902CC0	10_2_00007FFDFB902CC0
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 10_2_00007FFDFB8E33E0	10_2_00007FFDFB8E33E0
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 10_2_00007FFDFB8CB380	10_2_00007FFDFB8CB380
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 10_2_00007FFDFB8C13A0	10_2_00007FFDFB8C13A0
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 10_2_00007FFDFB8CC2F0	10_2_00007FFDFB8CC2F0
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 10_2_00007FFDFB904330	10_2_00007FFDFB904330
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 10_2_00007FFDFB905350	10_2_00007FFDFB905350
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 10_2_00007FFDFB906350	10_2_00007FFDFB906350
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 10_2_00007FFDFB8C7260	10_2_00007FFDFB8C7260
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 10_2_00007FFDFB8EF2C0	10_2_00007FFDFB8EF2C0
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 10_2_00007FFDFB8CD210	10_2_00007FFDFB8CD210
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 10_2_00007FFDFB8F1160	10_2_00007FFDFB8F1160
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 10_2_00007FFDFB8CA1B0	10_2_00007FFDFB8CA1B0
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 10_2_00007FFDFB8CC1A0	10_2_00007FFDFB8CC1A0
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 10_2_00007FFDFB8CB150	10_2_00007FFDFB8CB150
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 10_2_00007FFDFB8F30A0	10_2_00007FFDFB8F30A0
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 10_2_00007FFDFB8E87F0	10_2_00007FFDFB8E87F0
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 10_2_00007FFDFB944840	10_2_00007FFDFB944840
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 10_2_00007FFDFB8E6820	10_2_00007FFDFB8E6820
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 10_2_00007FFDFB8CE820	10_2_00007FFDFB8CE820
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 10_2_00007FFDFB8CB790	10_2_00007FFDFB8CB790
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 10_2_00007FFDFB8CD700	10_2_00007FFDFB8CD700
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 10_2_00007FFDFB8C1730	10_2_00007FFDFB8C1730
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 10_2_00007FFDFB8CB6A0	10_2_00007FFDFB8CB6A0
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 10_2_00007FFDFB970640	10_2_00007FFDFB970640
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 10_2_00007FFDFB8EC650	10_2_00007FFDFB8EC650
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 10_2_00007FFDFB903560	10_2_00007FFDFB903560
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 10_2_00007FFDFB8E3580	10_2_00007FFDFB8E3580
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 10_2_00007FFDFB8CD5C0	10_2_00007FFDFB8CD5C0
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 10_2_00007FFDFB8CB5C0	10_2_00007FFDFB8CB5C0
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 10_2_00007FFDFB8CA520	10_2_00007FFDFB8CA520
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 10_2_00007FFDFB8CB460	10_2_00007FFDFB8CB460
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 10_2_00007FFDFB9044D0	10_2_00007FFDFB9044D0
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 10_2_00007FFDFB8E24D0	10_2_00007FFDFB8E24D0
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 10_2_00007FFDFB8CE4C0	10_2_00007FFDFB8CE4C0
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 10_2_00007FFE1A503AA7	10_2_00007FFE1A503AA7
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 10_2_00007FFE1A504B4A	10_2_00007FFE1A504B4A
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 10_2_00007FFE1A4F68B0	10_2_00007FFE1A4F68B0
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 10_2_00007FFE1A4F8DB0	10_2_00007FFE1A4F8DB0
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 10_2_00007FFE1A527508	10_2_00007FFE1A527508

Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: String function: 00007FFDFB8E56C0 appears 288 times
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: String function: 00007FFE1A502038 appears 32 times

Source: avcodec-60.dll.1.dr	Static PE information: Number of sections : 13 > 10
Source: avutil-58.dll.1.dr	Static PE information: Number of sections : 12 > 10
Source: swresample-4.dll.1.dr	Static PE information: Number of sections : 12 > 10
Source: swscale-7.dll.1.dr	Static PE information: Number of sections : 12 > 10
Source: zlib.dll.1.dr	Static PE information: Number of sections : 12 > 10
Source: avformat-60.dll.1.dr	Static PE information: Number of sections : 12 > 10

Source: api-ms-win-core-handle-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-string-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-2-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-sysinfo-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-memory-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-debug-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-environment-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-heap-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-console-l1-2-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-console-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l2-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-2-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-profile-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-libraryloader-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-localization-l1-2-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-datetime-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-1.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-namedpipe-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-filesystem-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-util-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-errorhandling-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-processenvironment-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-interlocked-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-rtlsupport-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-conio-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-timezone-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-convert-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found

Source: setup.msi	Binary or memory string: OriginalFilenameAICustAct.dllF vs setup.msi
Source: setup.msi	Binary or memory string: OriginalFilenameSoftwareDetector.dllF vs setup.msi
Source: setup.msi	Binary or memory string: OriginalFilenameDataUploader.dllF vs setup.msi
Source: setup.msi	Binary or memory string: OriginalFilenamePowerShellScriptLauncher.dllF vs setup.msi
Source: setup.msi	Binary or memory string: OriginalFilenameucrtbase.dllj% vs setup.msi
Source: setup.msi	Binary or memory string: OriginalFilenamevcruntime140.dllT vs setup.msi
Source: setup.msi	Binary or memory string: OriginalFilenamemsvcp140.dllT vs setup.msi
Source: setup.msi	Binary or memory string: OriginalFilenameMicrosoft.Web.WebView2.Core.dll vs setup.msi
Source: setup.msi	Binary or memory string: OriginalFilenameMicrosoft.UI.Xaml.dllD vs setup.msi
Source: setup.msi	Binary or memory string: OriginalFilenameembeddeduiproxy.dllF vs setup.msi

Source: classification engine

Classification label: mal68.evad.winMSI@17/88@1/1

Source: C:\Windows\System32\msiexec.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\CML3D8F.tmp

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4124:120:WilError_03
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2640:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6880:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2044:120:WilError_03

Source: C:\Windows\System32\msiexec.exe

File created: C:\Windows\TEMP\~DF7C6BE008681A81A7.TMP

Jump to behavior

Source: C:\Windows\System32\msiexec.exe

Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\suriqk.bat" "C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe""

Source: C:\Windows\SysWOW64\msiexec.exe

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TenantRestrictions\Payload

Jump to behavior

Source: obs-ffmpeg-mux.exe	String found in binary or memory: #EXT-X-START:
Source: obs-ffmpeg-mux.exe	String found in binary or memory: #EXT-X-START value isinvalid, it will be ignored
Source: obs-ffmpeg-mux.exe	String found in binary or memory: prefer to use #EXT-X-START if it's in playlist instead of live_start_index
Source: obs-ffmpeg-mux.exe	String found in binary or memory: start/stop audio
Source: obs-ffmpeg-mux.exe	String found in binary or memory: start/stop audio

Source: unknown	Process created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\setup.msi"
Source: unknown	Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 8BAE8D3C6383EE8791BC1BB779B3FCD0
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss3499.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi3486.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr3497.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr3498.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\suriqk.bat" "C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe""
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\createdump.exe "C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\createdump.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\createdump.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe "C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe"
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 8BAE8D3C6383EE8791BC1BB779B3FCD0	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\suriqk.bat" "C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe""	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\createdump.exe "C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\createdump.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss3499.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi3486.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr3497.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr3498.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe "C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe"	Jump to behavior

Source: C:\Windows\System32\msiexec.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: srpapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: tsappcmp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: tsappcmp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: windows.ui.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: windowmanagementapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: inputhost.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: windows.ui.immersive.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\createdump.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\createdump.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\createdump.exe	Section loaded: dbgcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\createdump.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Section loaded: obs.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Section loaded: avcodec-60.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Section loaded: avutil-58.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Section loaded: avformat-60.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Section loaded: w32-pthreads.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Section loaded: swresample-4.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Section loaded: sspicli.dll	Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Windows\System32\msiexec.exe

Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BA2FC2FA-8AD1-483C-BAA6-EAEE13985C74}

Jump to behavior

Source: setup.msi

Static file information: File size 60712448 > 1048576

Source:	Binary string: C:\ReleaseAI\win\Release\custact\x86\DataUploader.pdb source: setup.msi, 6403f4.msi.1.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\debug\createdump\createdump.pdb source: createdump.exe, 00000007.00000002.1867274755.00007FF6F82F8000.00000002.00000001.01000000.00000006.sdmp, createdump.exe, 00000007.00000000.1864085778.00007FF6F82F8000.00000002.00000001.01000000.00000006.sdmp
Source:	Binary string: C:\ReleaseAI\win\Release\bin\x86\embeddeduiproxy.pdb= source: setup.msi, 6403f4.msi.1.dr
Source:	Binary string: C:\ReleaseAI\win\Release\WinUiBootstrapperEui\WinUiBootstrapperEui.pdb)) source: setup.msi, 6403f4.msi.1.dr
Source:	Binary string: ucrtbase.pdb source: setup.msi, 6403f4.msi.1.dr
Source:	Binary string: api-ms-win-core-file-l1-2-0.pdb source: api-ms-win-core-file-l1-2-0.dll.1.dr
Source:	Binary string: api-ms-win-core-synch-l1-2-0.pdb source: api-ms-win-core-synch-l1-2-0.dll.1.dr
Source:	Binary string: C:\ReleaseAI\win\Release\custact\x86\PowerShellScriptLauncher.pdbk source: setup.msi, MSI33F3.tmp.1.dr, 6403f4.msi.1.dr
Source:	Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: api-ms-win-core-sysinfo-l1-1-0.dll.1.dr
Source:	Binary string: Microsoft.Web.WebView2.Core.pdbGCTL source: setup.msi, 6403f4.msi.1.dr
Source:	Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: api-ms-win-core-processenvironment-l1-1-0.dll.1.dr
Source:	Binary string: C:\ReleaseAI\win\Release\custact\x86\DataUploader.pdbj source: setup.msi, 6403f4.msi.1.dr
Source:	Binary string: C:\ReleaseAI\win\Release\custact\x86\SoftwareDetector.pdbm source: setup.msi, 6403f4.msi.1.dr
Source:	Binary string: E:\BA\201\s\140_release\vcrt_fwd_x86_release\Release\vcamp140_app.pdb source: setup.msi, 6403f4.msi.1.dr
Source:	Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: setup.msi, 6403f4.msi.1.dr
Source:	Binary string: E:\BA\201\s\140_release\vcrt_fwd_x86_release\Release\vccorlib140_app.pdb source: setup.msi, 6403f4.msi.1.dr
Source:	Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdbGCTL source: setup.msi, 6403f4.msi.1.dr
Source:	Binary string: C:\ReleaseAI\win\Release\WinUiBootstrapperEui\WinUiBootstrapperEui.pdb source: setup.msi, 6403f4.msi.1.dr
Source:	Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: api-ms-win-crt-conio-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-core-localization-l1-2-0.pdb source: api-ms-win-core-localization-l1-2-0.dll.1.dr
Source:	Binary string: C:\ReleaseAI\win\Release\stubs\x86\ExternalUi.pdb source: setup.msi, 6403f4.msi.1.dr
Source:	Binary string: D:\a\_work\1\s\140_release\vcrt_fwd_x86_release\Release\msvcp140_app.pdb source: setup.msi, 6403f4.msi.1.dr
Source:	Binary string: api-ms-win-core-synch-l1-1-0.pdb source: api-ms-win-core-synch-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: api-ms-win-core-namedpipe-l1-1-0.dll.1.dr
Source:	Binary string: C:\ReleaseAI\win\Release\custact\x86\PowerShellScriptLauncher.pdb source: setup.msi, MSI33F3.tmp.1.dr, 6403f4.msi.1.dr
Source:	Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: api-ms-win-crt-environment-l1-1-0.dll.1.dr
Source:	Binary string: E:\BA\201\s\140_release\vcrt_fwd_x86_release\Release\vcomp140_app.pdb source: setup.msi, 6403f4.msi.1.dr
Source:	Binary string: D:\a\1\s\Win32\Release\Microsoft.Toolkit.Win32.UI.XamlApplication\Microsoft.Toolkit.Win32.UI.XamlHost.pdb!! source: setup.msi, 6403f4.msi.1.dr
Source:	Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: obs-ffmpeg-mux.exe, 0000000A.00000002.1880871127.00007FFE1A531000.00000002.00000001.01000000.0000000C.sdmp
Source:	Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: api-ms-win-core-timezone-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: api-ms-win-core-errorhandling-l1-1-0.dll.1.dr
Source:	Binary string: C:\a\_work\1\s\BuildOutput\Release\x86\Microsoft.UI.Xaml\Microsoft.UI.Xaml.pdb source: setup.msi, 6403f4.msi.1.dr
Source:	Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: api-ms-win-core-processthreads-l1-1-0.dll.1.dr
Source:	Binary string: D:\a\_work\1\s\140_release\vcrt_fwd_x86_release\Release\vcruntime140_app.pdb source: setup.msi, 6403f4.msi.1.dr
Source:	Binary string: api-ms-win-core-file-l1-1-0.pdb source: api-ms-win-core-file-l1-1-0.dll.1.dr
Source:	Binary string: obs-ffmpeg-mux.pdb source: obs-ffmpeg-mux.exe, 0000000A.00000002.1869595077.00007FF7E74D5000.00000004.00000001.01000000.00000007.sdmp, obs-ffmpeg-mux.exe, 0000000A.00000000.1867134959.00007FF7E74D5000.00000002.00000001.01000000.00000007.sdmp
Source:	Binary string: D:\a\1\s\Win32\Release\Microsoft.Toolkit.Win32.UI.XamlApplication\Microsoft.Toolkit.Win32.UI.XamlHost.pdb source: setup.msi, 6403f4.msi.1.dr
Source:	Binary string: C:\ReleaseAI\win\Release\bin\x86\embeddeduiproxy.pdb source: setup.msi, 6403f4.msi.1.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\debug\createdump\createdump.pdb;;;GCTL source: createdump.exe, 00000007.00000002.1867274755.00007FF6F82F8000.00000002.00000001.01000000.00000006.sdmp, createdump.exe, 00000007.00000000.1864085778.00007FF6F82F8000.00000002.00000001.01000000.00000006.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: setup.msi, 6403f4.msi.1.dr
Source:	Binary string: C:\ReleaseAI\win\Release\custact\x86\SoftwareDetector.pdb source: setup.msi, 6403f4.msi.1.dr
Source:	Binary string: Microsoft.Web.WebView2.Core.pdb source: setup.msi, 6403f4.msi.1.dr
Source:	Binary string: ucrtbase.pdbUGP source: setup.msi, 6403f4.msi.1.dr
Source:	Binary string: api-ms-win-core-profile-l1-1-0.pdb source: api-ms-win-core-profile-l1-1-0.dll.1.dr
Source:	Binary string: w32-pthreads.pdb source: obs-ffmpeg-mux.exe, 0000000A.00000002.1880971811.00007FFE1A548000.00000002.00000001.01000000.0000000B.sdmp
Source:	Binary string: C:\ReleaseAI\win\Release\custact\x86\AICustAct.pdb source: setup.msi, MSIE92.tmp.1.dr, MSIE52.tmp.1.dr, 6403f4.msi.1.dr
Source:	Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdbGCTL source: setup.msi, 6403f4.msi.1.dr

Source: api-ms-win-core-synch-l1-2-0.dll.1.dr

Static PE information: 0x8A188CB0 [Tue Jun 2 13:31:28 2043 UTC]

Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe

Code function: 10_2_00007FFDFB8DED32 LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,

10_2_00007FFDFB8DED32

Source: vcruntime140.dll.1.dr	Static PE information: section name: _RDATA
Source: BCUninstaller.exe.1.dr	Static PE information: section name: _RDATA
Source: createdump.exe.1.dr	Static PE information: section name: _RDATA
Source: UnRar.exe.1.dr	Static PE information: section name: _RDATA
Source: avformat-60.dll.1.dr	Static PE information: section name: .xdata
Source: avutil-58.dll.1.dr	Static PE information: section name: .xdata
Source: swresample-4.dll.1.dr	Static PE information: section name: .xdata
Source: swscale-7.dll.1.dr	Static PE information: section name: .xdata
Source: zlib.dll.1.dr	Static PE information: section name: .xdata
Source: avcodec-60.dll.1.dr	Static PE information: section name: .rodata
Source: avcodec-60.dll.1.dr	Static PE information: section name: .xdata
Source: MSI33F3.tmp.1.dr	Static PE information: section name: .fptable
Source: MSIDD4.tmp.1.dr	Static PE information: section name: .fptable
Source: MSIE52.tmp.1.dr	Static PE information: section name: .fptable
Source: MSIE92.tmp.1.dr	Static PE information: section name: .fptable
Source: MSIEB2.tmp.1.dr	Static PE information: section name: .fptable
Source: MSIEF1.tmp.1.dr	Static PE information: section name: .fptable
Source: MSIF21.tmp.1.dr	Static PE information: section name: .fptable
Source: MSIF51.tmp.1.dr	Static PE information: section name: .fptable
Source: MSI2ED1.tmp.1.dr	Static PE information: section name: .fptable

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Code function: 3_2_0452BD83 push esp; ret

3_2_0452BD93

Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIF51.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-handle-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI33F3.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-processthreads-l1-1-1.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-synch-l1-2-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-processenvironment-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIEB2.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\vcruntime140_1.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-file-l1-2-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-timezone-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\w32-pthreads.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIE52.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\avutil-58.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\swresample-4.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\utest.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-processthreads-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-crt-convert-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-namedpipe-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-rtlsupport-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-interlocked-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-crt-filesystem-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIDD4.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\UnRar.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-console-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-file-l2-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-sysinfo-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\createdump.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIF21.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-console-l1-2-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-libraryloader-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-datetime-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIE92.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-profile-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIEF1.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-util-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\avformat-60.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-memory-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-localization-l1-2-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-string-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\vcruntime140.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\BCUninstaller.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\zlib.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-crt-conio-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\avcodec-60.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI2ED1.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-errorhandling-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-file-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-synch-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\msvcp140.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\swscale-7.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-debug-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-crt-environment-l1-1-0.dll	Jump to dropped file

Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIF21.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIF51.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI33F3.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI2ED1.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIE92.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIEF1.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIDD4.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIEB2.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIE52.tmp	Jump to dropped file

Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe

Code function: 10_2_00007FFDFB8DB840 FreeLibrary,free,calloc,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,GetModuleHandleW,GetProcAddress,GetProcAddress,LoadLibraryExW,_aligned_free,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,_errno,GetModuleHandleW,GetProcAddress,GetProcAddress,LoadLibraryExA,FreeLibrary,free,wcslen,GetModuleFileNameW,_aligned_free,_aligned_free,_aligned_free,wcscpy,LoadLibraryExW,LoadLibraryExW,_aligned_free,_aligned_free,_aligned_free,_aligned_free,_aligned_free,_aligned_free,_aligned_free,GetSystemDirectoryW,GetSystemDirectoryW,GetSystemDirectoryW,wcscpy,LoadLibraryExW,_aligned_free,_aligned_free,_aligned_free,_aligned_free,

10_2_00007FFDFB8DB840

Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior

Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe

Code function: 10_2_00007FFDFB8F2D90 rdtsc

10_2_00007FFDFB8F2D90

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477			Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 2500			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 1096			Jump to behavior

Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-sysinfo-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIF21.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-console-l1-2-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIF51.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-handle-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI33F3.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-libraryloader-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-datetime-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIE92.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-profile-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIEF1.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-processthreads-l1-1-1.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-util-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-memory-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-processenvironment-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-synch-l1-2-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-localization-l1-2-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIEB2.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-string-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\vcruntime140_1.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-file-l1-2-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-timezone-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIE52.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\BCUninstaller.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\zlib.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-crt-conio-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-processthreads-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\utest.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-crt-convert-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-rtlsupport-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-namedpipe-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI2ED1.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-interlocked-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-crt-filesystem-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-errorhandling-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-file-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-synch-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\msvcp140.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIDD4.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\swscale-7.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-debug-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\UnRar.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-console-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-crt-environment-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-file-l2-1-0.dll	Jump to dropped file

Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\createdump.exe

API coverage: 8.2 %

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2688	Thread sleep count: 2500 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2692	Thread sleep count: 1096 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7092	Thread sleep time: -1844674407370954s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2044	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior

Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477			Jump to behavior

Source: 6403f4.msi.1.dr	Binary or memory string: HKEY_USERSRegOpenKeyTransactedW::NetUserGetInfo() failed with error: \@invalid string_view positionVMware, Inc.VMware Virtual PlatformVMware7,1VMware20,1innotek GmbHVirtualBoxMicrosoft CorporationVirtual MachineVRTUALACRSYSA M IGetting system informationManufacturer [Model [BIOS [\\?\UNC\\\?\shim_clone%d.%d.%d.%dDllGetVersion[%!]%!ProgramFilesFolderCommonFilesFolderDesktopFolderAllUsersDesktopFolderAppDataFolderFavoritesFolderStartMenuFolderProgramMenuFolderStartupFolderFontsFolderLocalAppDataFolderCommonAppDataFolderProgramFiles64FolderProgramFilesProgramW6432SystemFolderSystem32FolderWindowsFolderWindowsVolumeTempFolderSETUPEXEDIRshfolder.dllSHGetFolderPathWProgramFilesAPPDATAPROGRAMFILES&+
Source: obs-ffmpeg-mux.exe, 0000000A.00000002.1878649695.00007FFDF969A000.00000002.00000001.01000000.00000009.sdmp	Binary or memory string: vmncVMware Screen Codec / VMware Video @
Source: obs-ffmpeg-mux.exe, 0000000A.00000002.1878649695.00007FFDF969A000.00000002.00000001.01000000.00000009.sdmp	Binary or memory string: VMware Screen Codec / VMware Video

Source: C:\Windows\System32\msiexec.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Potentially malicious time measurement code found

Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe

Code function: 10_2_00007FFDFB8F2D90 Start: 00007FFDFB8F300F End: 00007FFDFB8F2E85

10_2_00007FFDFB8F2D90

Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe

Code function: 10_2_00007FFDFB8F2D90 rdtsc

10_2_00007FFDFB8F2D90

Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\createdump.exe

Code function: 7_2_00007FF6F82F2ECC IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

7_2_00007FF6F82F2ECC

Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe

Code function: 10_2_00007FFDFB8DED32 LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,

10_2_00007FFDFB8DED32

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Windows\System32\msiexec.exe

Jump to behavior

Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\createdump.exe	Code function: 7_2_00007FF6F82F2984 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	7_2_00007FF6F82F2984
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\createdump.exe	Code function: 7_2_00007FF6F82F3074 SetUnhandledExceptionFilter,	7_2_00007FF6F82F3074
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\createdump.exe	Code function: 7_2_00007FF6F82F2ECC IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	7_2_00007FF6F82F2ECC
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 10_2_00007FF7E74D3774 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	10_2_00007FF7E74D3774
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 10_2_00007FF7E74D3C5C IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	10_2_00007FF7E74D3C5C
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 10_2_00007FF7E74D3E04 SetUnhandledExceptionFilter,	10_2_00007FF7E74D3E04
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 10_2_00007FFE1A53004C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	10_2_00007FFE1A53004C
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 10_2_00007FFE1A546CBC IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	10_2_00007FFE1A546CBC
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 10_2_00007FFE1A546710 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	10_2_00007FFE1A546710

HIPS / PFW / Operating System Protection Evasion

Bypasses PowerShell execution policy

Source: C:\Windows\SysWOW64\msiexec.exe

Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss3499.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi3486.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr3497.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr3498.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."

Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss3499.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi3486.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr3497.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr3498.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."			Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe "C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe"			Jump to behavior

Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -noprofile -noninteractive -executionpolicy bypass -file "c:\users\user\appdata\local\temp\pss3499.ps1" -propfile "c:\users\user\appdata\local\temp\msi3486.txt" -scriptfile "c:\users\user\appdata\local\temp\scr3497.ps1" -scriptargsfile "c:\users\user\appdata\local\temp\scr3498.txt" -propsep " :<->: " -linesep " <<:>> " -testprefix "_testvalue."
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -noprofile -noninteractive -executionpolicy bypass -file "c:\users\user\appdata\local\temp\pss3499.ps1" -propfile "c:\users\user\appdata\local\temp\msi3486.txt" -scriptfile "c:\users\user\appdata\local\temp\scr3497.ps1" -scriptargsfile "c:\users\user\appdata\local\temp\scr3498.txt" -propsep " :<->: " -linesep " <<:>> " -testprefix "_testvalue."			Jump to behavior

Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior

Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\createdump.exe

Code function: 7_2_00007FF6F82F2DA0 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

7_2_00007FF6F82F2DA0

Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe

Code function: 10_2_00007FFDFB969720 GetTimeZoneInformation,GetSystemTimeAsFileTime,

10_2_00007FFDFB969720

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	1 Replication Through Removable Media	12 Command and Scripting Interpreter	1 Windows Service	1 Windows Service	21 Masquerading	OS Credential Dumping	2 System Time Discovery	Remote Services	1 Archive Collected Data	11 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Native API	1 Scripting	11 Process Injection	1 Disable or Modify Tools	LSASS Memory	21 Security Software Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	1 PowerShell	1 DLL Side-Loading	1 DLL Side-Loading	21 Virtualization/Sandbox Evasion	Security Account Manager	1 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	11 Process Injection	NTDS	21 Virtualization/Sandbox Evasion	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Deobfuscate/Decode Files or Information	LSA Secrets	1 Application Window Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	3 Obfuscated Files or Information	Cached Domain Credentials	11 Peripheral Device Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 Timestomp	DCSync	13 System Information Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 DLL Side-Loading	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	1 File Deletion	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
setup.msi	5%	ReversingLabs

Dropped Files

Source	Detection	Scanner
C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\BCUninstaller.exe	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\UnRar.exe	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-console-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-console-l1-2-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-datetime-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-debug-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-errorhandling-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-file-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-file-l1-2-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-file-l2-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-handle-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-heap-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-interlocked-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-libraryloader-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-localization-l1-2-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-memory-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-namedpipe-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-processenvironment-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-processthreads-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-processthreads-l1-1-1.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-profile-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-rtlsupport-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-string-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-synch-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-synch-l1-2-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-sysinfo-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-timezone-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-util-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-crt-conio-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-crt-convert-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-crt-environment-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-crt-filesystem-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\avcodec-60.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\avformat-60.dll	3%	ReversingLabs
C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\avutil-58.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\createdump.exe	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\msvcp140.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\swresample-4.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\swscale-7.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\utest.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\vcruntime140.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\vcruntime140_1.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\w32-pthreads.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\zlib.dll	0%	ReversingLabs
C:\Windows\Installer\MSI2ED1.tmp	0%	ReversingLabs
C:\Windows\Installer\MSI33F3.tmp	0%	ReversingLabs
C:\Windows\Installer\MSIDD4.tmp	0%	ReversingLabs
C:\Windows\Installer\MSIE52.tmp	0%	ReversingLabs
C:\Windows\Installer\MSIE92.tmp	0%	ReversingLabs
C:\Windows\Installer\MSIEB2.tmp	0%	ReversingLabs
C:\Windows\Installer\MSIEF1.tmp	0%	ReversingLabs
C:\Windows\Installer\MSIF21.tmp	0%	ReversingLabs
C:\Windows\Installer\MSIF51.tmp	0%	ReversingLabs

Source	Detection	Scanner	Label
http://schemas.micj	0%	Avira URL Cloud	safe
https://caliandentistry.com/updater.phpx	0%	Avira URL Cloud	safe
https://caliandentistry.com/updater.php	0%	Avira URL Cloud	safe
http://dashif.org/guidelines/trickmode	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
caliandentistry.com	104.21.32.1	true	true		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://caliandentistry.com/updater.php	true	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://nuget.org/NuGet.exe	powershell.exe, 00000003.00000002.1811625836.00000000056BA000.00000004.00000800.00020000.00000000.sdmp	false		high
http://crl.micro	powershell.exe, 00000003.00000002.1812622404.0000000006DA0000.00000004.00000020.00020000.00000000.sdmp	false		high
http://pesterbdd.com/images/Pester.png	powershell.exe, 00000003.00000002.1809208577.00000000047A6000.00000004.00000800.00020000.00000000.sdmp	false		high
https://caliandentistry.com/updater.phpx	setup.msi, 6403f4.msi.1.dr	false	Avira URL Cloud: safe	unknown
https://streams.videolan.org/upload/	obs-ffmpeg-mux.exe, obs-ffmpeg-mux.exe, 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmp	false		high
http://crl.microsoft	powershell.exe, 00000003.00000002.1812904972.0000000006E45000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.apache.org/licenses/LICENSE-2.0.html	powershell.exe, 00000003.00000002.1809208577.00000000047A6000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.zlib.net/D	zlib.dll.1.dr	false		high
https://go.micro	powershell.exe, 00000003.00000002.1809208577.0000000004AAE000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.videolan.org/x264.html	obs-ffmpeg-mux.exe, 0000000A.00000002.1878649695.00007FFDF9AB0000.00000002.00000001.01000000.00000009.sdmp	false		high
https://contoso.com/	powershell.exe, 00000003.00000002.1811625836.00000000056BA000.00000004.00000800.00020000.00000000.sdmp	false		high
https://nuget.org/nuget.exe	powershell.exe, 00000003.00000002.1811625836.00000000056BA000.00000004.00000800.00020000.00000000.sdmp	false		high
https://contoso.com/License	powershell.exe, 00000003.00000002.1811625836.00000000056BA000.00000004.00000800.00020000.00000000.sdmp	false		high
http://dashif.org/guidelines/trickmode	obs-ffmpeg-mux.exe, obs-ffmpeg-mux.exe, 0000000A.00000002.1870093179.00007FFDF78DB000.00000002.00000001.01000000.0000000A.sdmp, avformat-60.dll.1.dr	false	Avira URL Cloud: safe	unknown
https://contoso.com/Icon	powershell.exe, 00000003.00000002.1811625836.00000000056BA000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.micj	setup.msi, 6403f4.msi.1.dr	false	Avira URL Cloud: safe	unknown
http://standards.iso.org/ittf/PubliclyAvailableStandards/MPEG-DASH_schema_files/DASH-MPD.xsd	obs-ffmpeg-mux.exe, 0000000A.00000002.1870093179.00007FFDF78DB000.00000002.00000001.01000000.0000000A.sdmp, avformat-60.dll.1.dr	false		high
https://aka.ms/pscore6lBkq	powershell.exe, 00000003.00000002.1809208577.0000000004651000.00000004.00000800.00020000.00000000.sdmp	false		high
https://aka.ms/winui2/webview2download/Reload():	setup.msi, 6403f4.msi.1.dr	false		high
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	powershell.exe, 00000003.00000002.1809208577.0000000004651000.00000004.00000800.00020000.00000000.sdmp	false		high
https://github.com/Pester/Pester	powershell.exe, 00000003.00000002.1809208577.00000000047A6000.00000004.00000800.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
104.21.32.1	caliandentistry.com	United States		13335	CLOUDFLARENETUS	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1584512
Start date and time:	2025-01-05 18:12:14 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 7m 7s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	15
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	setup.msi
Detection:	MAL
Classification:	mal68.evad.winMSI@17/88@1/1
EGA Information:	Successful, ratio: 33.3%
HCA Information:	Successful, ratio: 100% Number of executed functions: 15 Number of non-executed functions: 273
Cookbook Comments:	Found application associated with file extension: .msi

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
Excluded IPs from analysis (whitelisted): 172.202.163.200, 13.107.246.45
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target obs-ffmpeg-mux.exe, PID 1816 because there are no executed function
Execution Graph export aborted for target powershell.exe, PID 7072 because it is empty
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing disassembly code.

Simulations

Behavior and APIs

Time	Type	Description
12:13:17	API Interceptor	7x Sleep call for process: powershell.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
104.21.32.1	SH8ZyOWNi2.exe	Get hash	malicious	CMSBrute	Browse	redroomaudio.com/administrator/index.php

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	Set-up.exe	Get hash	malicious	LummaC	Browse	104.21.21.63
	SET_UP.exe	Get hash	malicious	LummaC	Browse	188.114.96.3
	Setup.exe	Get hash	malicious	LummaC	Browse	172.67.208.58
	Setup.exe	Get hash	malicious	LummaC	Browse	104.21.90.109
	Full_Setup.exe	Get hash	malicious	LummaC	Browse	172.67.196.191
	momo.spc.elf	Get hash	malicious	Mirai	Browse	1.1.1.1
	momo.ppc.elf	Get hash	malicious	Mirai	Browse	1.1.1.1
	momo.sh4.elf	Get hash	malicious	Mirai	Browse	1.1.1.1
	momo.x86.elf	Get hash	malicious	Mirai	Browse	1.1.1.1
	momo.m68k.elf	Get hash	malicious	Mirai	Browse	1.1.1.1

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
37f463bf4616ecd445d4a1937da06e19	drop1.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	104.21.32.1
	2b687482300.6345827638.08.exe	Get hash	malicious	Unknown	Browse	104.21.32.1
	2b687482300.6345827638.08.exe	Get hash	malicious	Unknown	Browse	104.21.32.1
	K27Yg4V48M.exe	Get hash	malicious	LummaC	Browse	104.21.32.1
	IH5XqCdf06.exe	Get hash	malicious	LummaC	Browse	104.21.32.1
	Tax_Refund_Claim_2024_Australian_Taxation_Office.js	Get hash	malicious	Remcos	Browse	104.21.32.1
	c2.hta	Get hash	malicious	Remcos	Browse	104.21.32.1
	file.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	104.21.32.1
	J18zxRjOes.exe	Get hash	malicious	LummaC	Browse	104.21.32.1
	HGwpjJUqhW.exe	Get hash	malicious	GhostRat	Browse	104.21.32.1

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\UnRar.exe	Setup.msi	Get hash	malicious	Unknown	Browse
	6a7e35.msi	Get hash	malicious	Unknown	Browse
	setup.msi	Get hash	malicious	Unknown	Browse
	setup.msi	Get hash	malicious	Unknown	Browse
	setup.msi	Get hash	malicious	Unknown	Browse
	setup.msi	Get hash	malicious	Unknown	Browse
	setup.msi	Get hash	malicious	Unknown	Browse
	48.252.190.9.zip	Get hash	malicious	Unknown	Browse
	setup.msi	Get hash	malicious	Unknown	Browse
	TrdIE26br9.msi	Get hash	malicious	Unknown	Browse
C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\BCUninstaller.exe	Setup.msi	Get hash	malicious	Unknown	Browse
	6a7e35.msi	Get hash	malicious	Unknown	Browse
	setup.msi	Get hash	malicious	Unknown	Browse
	setup.msi	Get hash	malicious	Unknown	Browse
	setup.msi	Get hash	malicious	Unknown	Browse
	setup.msi	Get hash	malicious	Unknown	Browse
	setup.msi	Get hash	malicious	Unknown	Browse
	48.252.190.9.zip	Get hash	malicious	Unknown	Browse
	setup.msi	Get hash	malicious	Unknown	Browse
	TrdIE26br9.msi	Get hash	malicious	Unknown	Browse

Created / dropped Files

C:\Config.Msi\6403f3.rbs

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	modified
Size (bytes):	19986
Entropy (8bit):	5.832948164514123
Encrypted:	false
SSDEEP:	384:TLm0OKtN4lfn8htv1W9ccW+WNvCi1E2wTfmezH5xwfMHLkgWtzFCbfZ52AkXYA1x:TLm0OKtN4lfn8htv1W9ccW+WNvCi1E2P
MD5:	7613CA01CDA2D583A67F291EA2019CFA
SHA1:	5421A0C04AA194FB892E92EADF7DFD42A7C65F93
SHA-256:	3BC9E705CD1DEFF8675A1C123DABE3248B6061726E3F3DB11660AAEA796CE021
SHA-512:	982BC88AE9B6D7EB7F8EEB4231704BBABAA0586CBBCD773C521348A21658956FA022D509100BD3CD237F3619709000A181DD4E3FA0A6E9580027A65D730B2859
Malicious:	false
Preview:	...@IXOS.@.....@.a%Z.@.....@.....@.....@.....@.....@......&.{BA2FC2FA-8AD1-483C-BAA6-EAEE13985C74}..Weisx App..setup.msi.@.....@.....@.....@......icon_24.exe..&.{D05681A8-619D-49FA-B1D9-9A8F2B5CF66C}.....@.....@.....@.....@.......@.....@.....@.......@......Weisx App......Rollback..Rolling back action:....RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{F39C344E-A83E-4760-8DA8-F27602095B4F}&.{BA2FC2FA-8AD1-483C-BAA6-EAEE13985C74}.@......&.{BC83E781-7DE2-47A8-97C3-2E6CC9BCAD82}&.{BA2FC2FA-8AD1-483C-BAA6-EAEE13985C74}.@......&.{279C32E3-A00A-4513-9A8B-D3984A41A6FB}&.{BA2FC2FA-8AD1-483C-BAA6-EAEE13985C74}.@......&.{B61B35E4-8BE1-4171-B69B-E2423CE9179F}&.{BA2FC2FA-8AD1-483C-BAA6-EAEE13985C74}.@......&.{FDDB96EE-847D-4B25-85B1-65E662CF63A8}&.{BA2FC2FA-8AD1-483C-BAA6-EAEE13985C74}.@......&.{9608D8ED-8EC6-4540-B232-4A823606F862}&.{BA2FC2FA-8AD1-483C-BAA6-EAEE13985C74}.@......&.{17B6E8D6-C004-40DB-BB2D-125D7C1CC21E}&.{BA2FC2FA-8AD1-483C

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	5.413197223328133
Encrypted:	false
SSDEEP:	24:3UWSKco4KmBs4RPT6BmFoUebIKomjKcmZ9t7J0gt/NK3R82r6SVbu:EWSU4y4RQmFoUeWmfmZ9tK8NWR823Vbu
MD5:	4EE98ECBC11472A5F2C270505F6B3879
SHA1:	8522F7DA43966CA85A15553AB079EE3877350FF3
SHA-256:	E2BD932F23DB7A52BE4921DB1C3D25BCDC2E9AA6CEEF34D68596CA2A6D97D454
SHA-512:	D48EDFA575431893A668FED2BC500529D41BF3583C48B8C3080296CAE41F1657B8715A40BFA8565436F31685EC25C0A93903D3E3532426178C9890C16D35BF1D
Malicious:	false
Preview:	@...e.................................,..............@..........P................1]...E...........(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..\|f........System.Core.D...............4..7..D.#V.............System.Management.AutomationL.................gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices4.................%...K... ...........System.Xml..8..................1...L..U;V.<}........System.Numerics.4.....................@.[8]'.\........System.Data.<...............i..VdqF...\|...........System.ConfigurationH................WY..2.M.&..g(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0p2nwqev.3bl.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vacd1dsv.mvj.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\msi3486.txt

Download File

Process:	C:\Windows\SysWOW64\msiexec.exe
File Type:	Unicode text, UTF-16, little-endian text, with no line terminators
Category:	dropped
Size (bytes):	100
Entropy (8bit):	3.0073551160284637
Encrypted:	false
SSDEEP:	3:Q0JUINRYplflrOdlVWNlANf5Yplf955:Q0JB0LJOn03ANqLN
MD5:	7A131AC8F407D08D1649D8B66D73C3B0
SHA1:	D93E1B78B1289FB51E791E524162D69D19753F22
SHA-256:	9ACBF0D3EEF230CC2D5A394CA5657AE42F3E369292DA663E2537A278A811FF5B
SHA-512:	47B6FF38B4DF0845A83F17E0FE889747A478746E1E7F17926A5CCAC1DD39C71D93F05A88E0EC176C1E5D752F85D4BDCFFB5C64125D1BA92ACC91D03D6031848D
Malicious:	true
Preview:	..Q.u.i.t.e.S.e.s. .:.<.-.>.:. . .<.<.:.>.>. .E.x.t.e.n.d.E.x.p.i.r.e. .:.<.-.>.:. .0. .<.<.:.>.>. .

C:\Users\user\AppData\Local\Temp\pss3499.ps1

Download File

Process:	C:\Windows\SysWOW64\msiexec.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	6668
Entropy (8bit):	3.5127462716425657
Encrypted:	false
SSDEEP:	96:5Wb5VNkKmeHn/V2BVrIovmgNlGjxcj6BngOcvjb:5WbyZ/gVyvb
MD5:	30C30EF2CB47E35101D13402B5661179
SHA1:	25696B2AAB86A9233F19017539E2DD83B2F75D4E
SHA-256:	53094DF6FA4E57A3265FF04BC1E970C10BCDB3D4094AD6DD610C05B7A8B79E0F
SHA-512:	882BE2768138BB75FF7DDE7D5CA4C2E024699398BAACD0CE1D4619902402E054297E4F464D8CB3C22B2F35D3DABC408122C207FACAD64EC8014F2C54834CF458
Malicious:	true
Preview:	..p.a.r.a.m.(..... . .[.a.l.i.a.s.(.".p.r.o.p.F.i.l.e.".).]. . . . . . .[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.t.r.u.e.).]. .[.s.t.r.i.n.g.]. .$.m.s.i.P.r.o.p.O.u.t.F.i.l.e.P.a.t.h..... .,.[.a.l.i.a.s.(.".p.r.o.p.S.e.p.".).]. . . . . . . .[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.t.r.u.e.).]. .[.s.t.r.i.n.g.]. .$.m.s.i.P.r.o.p.K.V.S.e.p.a.r.a.t.o.r..... .,.[.a.l.i.a.s.(.".l.i.n.e.S.e.p.".).]. . . . . . . .[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.t.r.u.e.).]. .[.s.t.r.i.n.g.]. .$.m.s.i.P.r.o.p.L.i.n.e.S.e.p.a.r.a.t.o.r..... .,.[.a.l.i.a.s.(.".s.c.r.i.p.t.F.i.l.e.".).]. . . . .[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.t.r.u.e.).]. .[.s.t.r.i.n.g.]. .$.u.s.e.r.S.c.r.i.p.t.F.i.l.e.P.a.t.h..... .,.[.a.l.i.a.s.(.".s.c.r.i.p.t.A.r.g.s.F.i.l.e.".).].[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.f.a.l.s.e.).].[.s.t.r.i.n.g.]. .$.u.s.e.r.S.c.r.i.p.t.A.r.g.s.F.i.l.e.P.a.t.h..... .,.[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.t.r.u.e.).]. . . . . . . . . . . . . . . . . . . . . . . . . .

C:\Users\user\AppData\Local\Temp\scr3497.ps1

Download File

Process:	C:\Windows\SysWOW64\msiexec.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	266
Entropy (8bit):	3.500405439723985
Encrypted:	false
SSDEEP:	6:Q1AGYNk79idK3fOlFoulk+KiV64AGIArMTlP1LlG7JidK3falnUOn03AnfGR:Q1F3Kvoq3VFVrMTQNeFUr3ZR
MD5:	A18EA6E053D5061471852A4151A7D4D0
SHA1:	AEA460891F599C4484F04A3BC5ACC62E9D5AD9F7
SHA-256:	C4EF109DD1FEF1A7E4AF385377801EEA0E7936D207EBCEBBE078BAD56FB1F4AB
SHA-512:	7530E2974622BB6649C895C062C151AC7C496CCC0BDAE4EB53C6F29888FA7B1E184026FBB39DDB5D8741378BEE969DD70B34AC7459F3387D92D21DBCFE28DC9A
Malicious:	true
Preview:	..$.s.k.g.i.e.h.g. .=. .A.I._.G.e.t.M.s.i.P.r.o.p.e.r.t.y. .".Q.u.i.t.e.S.e.s.".....$.o.i.g.s.e.i.g.j. .=. .[.u.i.n.t.3.2.].(.$.s.k.g.i.e.h.g. .-.r.e.p.l.a.c.e. .'.t.'.,. .'.'.).....A.I._.S.e.t.M.s.i.P.r.o.p.e.r.t.y. .".E.x.t.e.n.d.E.x.p.i.r.e.". .$.o.i.g.s.e.i.g.j.

C:\Users\user\AppData\Roaming\Microsoft\Installer\{BA2FC2FA-8AD1-483C-BAA6-EAEE13985C74}\icon_24.exe

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	MS Windows icon resource - 9 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, -128x-128, 32 bits/pixel
Category:	dropped
Size (bytes):	195906
Entropy (8bit):	4.669224805215773
Encrypted:	false
SSDEEP:	1536:k1Z0Ceau0a/r3NLZZOjjDcC7uFFy9Z8YJNs9Z7E9ykl:k1Z0vZXJZYDFufyXbJNCcr
MD5:	E40B08C6FF5F07916B45741B7D0C5E87
SHA1:	94C2357A59BAA3B537993F570CEA03EC51C1917B
SHA-256:	131ABD59B7D4B6177F2815E8CEB0F3DA325CB1074AEFBE99F61A382F1895AF44
SHA-512:	FA8453DD4936F772381E50533CD91DB8857F1A608CEB91F225300FC4E9DE8475EB416A3682D0C85829058570EBB9BBDF18CC650D36FA87E13BC262C827D0C695
Malicious:	false
Preview:	............ .............. .(.......``.... .........HH.... ..T..R"..@@.... .(B...v..00.... ..%...... .... ............... .....R......... .h........PNG........IHDR.............\r.f....pHYs..........o.d.. .IDATx..yx.e.>\|.Ug?Y.N..d%...6M."....".=......v..f....5}..3.b.h#v..".....b.(...@.}..........8kr...}]\".N.[u.y.g....\|....\|....\|....\|....\|....\|....\|...[..F/......h4..h$...5.....Z.f..J%322...... .p...\HH.l6.a..c.............rC>.8\|..&..;....f.Y.q....a.?.e.x..eY6F....a..DBH...F....@..R.\v.!...QJ[....(...Z.!.@#!d.R..l'!.3..V........s3..\|..\|.`.b..LSS...._A.Q.....@. ...2.o...J)C.a(...B.a.s.B......>N.......PB.O..(.m...t..P.0L...^&..p.g.....<x..g...S......2.L..h4..a.y..#.,..A.I..@)..`.!.!.qv>W...D...Z.R...cLA..Z.\|G)..p.a.J..8..t..9......S.7.EEEZ..Q.I..;.AXJ.Y.0L....0......8Z#.....B,..J...e...p..~???...n..+...)...7.[[[.4.M0.%..{(........jA.m..)...A.x.).+.."....\|E...y.p..q..Y.m....a....CBB.,..0.s/...q.^.@1Q@nvaw.W./..#.p...J.Q.e..B..,;..._.o.Ro.....`...^....ls.!......

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\BCUninstaller.exe

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	310928
Entropy (8bit):	6.001677789306043
Encrypted:	false
SSDEEP:	3072:Zczkitvo4BpYN/6mBPry8TXROLdW5m4mURs9OOGC0kvxVCd7wANmSrvlPSIB0P+4:ZA4NCmBPry/N24OOjVxM7RNrrvEc0a
MD5:	147B71C906F421AC77F534821F80A0C6
SHA1:	3381128CA482A62333E20D0293FDA50DC5893323
SHA-256:	7DCD48CEF4CC4C249F39A373A63BBA97C66F4D8AFDBE3BAB196FD452A58290B2
SHA-512:	2FCD2127D9005D66431DD8C9BD5BC60A148D6F3DFE4B80B82672AFD0D148F308377A0C38D55CA58002E5380D412CE18BD0061CB3B12F4DAA90E0174144EA20C8
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: Setup.msi, Detection: malicious, Browse Filename: 6a7e35.msi, Detection: malicious, Browse Filename: setup.msi, Detection: malicious, Browse Filename: setup.msi, Detection: malicious, Browse Filename: setup.msi, Detection: malicious, Browse Filename: setup.msi, Detection: malicious, Browse Filename: setup.msi, Detection: malicious, Browse Filename: 48.252.190.9.zip, Detection: malicious, Browse Filename: setup.msi, Detection: malicious, Browse Filename: TrdIE26br9.msi, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......8.}\|...\|...\|....../p....../v....../1...u.a.l....../u...\|........./v....../}...Rich\|...........PE..d...i..d..........".................`<.........@..........................................`.................................................t$...........S...`..@........(..............T.......................(.......8............................................text............................... ..`.rdata..............................@..@.data........@......................@....pdata..@....`.......&..............@..@_RDATA...............<..............@..@.rsrc....S.......T...>..............@..@.reloc..............................@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\UnRar.exe

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	506008
Entropy (8bit):	6.4284173495366845
Encrypted:	false
SSDEEP:	6144:yY8mmN3YWYGAj9JwXScp39ioIKzKVEKfr01//bbh3S62Wt3A3ksFqXqjh6AusDyn:yY8XiWYGAkXh3Qqia/zAot3A6AhezSpK
MD5:	98CCD44353F7BC5BAD1BC6BA9AE0CD68
SHA1:	76A4E5BF8D298800C886D29F85EE629E7726052D
SHA-256:	E51021F6CB20EFBD2169F2A2DA10CE1ABCA58B4F5F30FBF4BAE931E4ECAAC99B
SHA-512:	D6E8146A1055A59CBA5E2AAF47F6CB184ACDBE28E42EC3DAEBF1961A91CEC5904554D9D433EBF943DD3639C239EF11560FA49F00E1CFF02E11CD8D3506C4125F
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: Setup.msi, Detection: malicious, Browse Filename: 6a7e35.msi, Detection: malicious, Browse Filename: setup.msi, Detection: malicious, Browse Filename: setup.msi, Detection: malicious, Browse Filename: setup.msi, Detection: malicious, Browse Filename: setup.msi, Detection: malicious, Browse Filename: setup.msi, Detection: malicious, Browse Filename: 48.252.190.9.zip, Detection: malicious, Browse Filename: setup.msi, Detection: malicious, Browse Filename: TrdIE26br9.msi, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........g.}............\|.&.....\|.$.J...\|.%.....H}*.....H}./....H}./.....~P.....H}./.....~D.........z...F}./....F}(.....F}./....Rich............PE..d.....@f.........."....!.b.....................@.....................................'....`.................................................\|...........H........4.......(......8...0I..T....................J..(....G..@............................................text....a.......b.................. ..`.rdata...3.......4...f..............@..@.data...............................@....pdata...4.......6..................@..@_RDATA..\...........................@..@.rsrc...H...........................@..@.reloc..8...........................@..B................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-console-l1-1-0.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	12224
Entropy (8bit):	6.596101286914553
Encrypted:	false
SSDEEP:	192:4nWYhWxWWFYg7VWQ4uWjXUtpwBqnajrmaaGJ:2WYhWvZqlQGJ
MD5:	919E653868A3D9F0C9865941573025DF
SHA1:	EFF2D4FF97E2B8D7ED0E456CB53B74199118A2E2
SHA-256:	2AFBFA1D77969D0F4CEE4547870355498D5C1DA81D241E09556D0BD1D6230F8C
SHA-512:	6AEC9D7767EB82EBC893EBD97D499DEBFF8DA130817B6BB4BCB5EB5DE1B074898F87DB4F6C48B50052D4F8A027B3A707CAD9D7ED5837A6DD9B53642B8A168932
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...Y.=i.........." .........................................................0......a.....`.........................................`...,............ ...................!..............T............................................................................rdata..P...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-console-l1-2-0.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	12224
Entropy (8bit):	6.640081558424349
Encrypted:	false
SSDEEP:	192:iTWYhWyWWFYg7VWQ4uWq6Cu87ZqnajgnLSyu:sWYhWi1XHllk2yu
MD5:	7676560D0E9BC1EE9502D2F920D2892F
SHA1:	4A7A7A99900E41FF8A359CA85949ACD828DDB068
SHA-256:	00942431C2D3193061C7F4DC340E8446BFDBF792A7489F60349299DFF689C2F9
SHA-512:	F1E8DB9AD44CD1AA991B9ED0E000C58978EB60B3B7D9908B6EB78E8146E9E12590B0014FC4A97BC490FFE378C0BF59A6E02109BFD8A01C3B6D0D653A5B612D15
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d....y1..........." .........................................................0...........`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-datetime-l1-1-0.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	11712
Entropy (8bit):	6.6023398138369505
Encrypted:	false
SSDEEP:	192:5WYhWYWWFYg7VWQ4SWSS/njxceXqnajLJ35H:5WYhW4gjmAlnJpH
MD5:	AC51E3459E8FCE2A646A6AD4A2E220B9
SHA1:	60CF810B7AD8F460D0B8783CE5E5BBCD61C82F1A
SHA-256:	77577F35D3A61217EA70F21398E178F8749455689DB52A2B35A85F9B54C79638
SHA-512:	6239240D4F4FA64FC771370FB25A16269F91A59A81A99A6A021B8F57CA93D6BB3B3FCECC8DEDE0EF7914652A2C85D84D774F13A4143536A3F986487A776A2EAE
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d.....Ab.........." .........................................................0......d.....`.........................................`................ ...................!..............T............................................................................rdata..4...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-debug-l1-1-0.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	11720
Entropy (8bit):	6.614262942006268
Encrypted:	false
SSDEEP:	192:4WYhWFsWWFYg7VWQ4eWZzAR/BVrqnajcJH:4WYhWFMJRLlA5
MD5:	B0E0678DDC403EFFC7CDC69AE6D641FB
SHA1:	C1A4CE4DED47740D3518CD1FF9E9CE277D959335
SHA-256:	45E48320ABE6E3C6079F3F6B84636920A367989A88F9BA6847F88C210D972CF1
SHA-512:	2BADF761A0614D09A60D0ABB6289EBCBFA3BF69425640EB8494571AFD569C8695AE20130AAC0E1025E8739D76A9BFF2EFC9B4358B49EFE162B2773BE9C3E2AD4
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................." .........................................................0............`.........................................`................ ...................!..............T............................................................................rdata..@...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-errorhandling-l1-1-0.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	11720
Entropy (8bit):	6.654155040985372
Encrypted:	false
SSDEEP:	192:imxD3vEWYhWnWWFYg7VWQ4eWMOwNbDXbBqnaj0qJm8:iIEWYhWFpLbBlwqJm
MD5:	94788729C9E7B9C888F4E323A27AB548
SHA1:	B0BA0C4CF1D8B2B94532AA1880310F28E87756EC
SHA-256:	ACCDD7455FB6D02FE298B987AD412E00D0B8E6F5FB10B52826367E7358AE1187
SHA-512:	AB65495B1D0DD261F2669E04DC18A8DA8F837B9AC622FC69FDE271FF5E6AA958B1544EDD8988F017D3DD83454756812C927A7702B1ED71247E506530A11F21C6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d....:.[.........." .........................................................0......~.....`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-file-l1-1-0.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	15304
Entropy (8bit):	6.548897063441128
Encrypted:	false
SSDEEP:	192:+AuVYPvVX8rFTsRWYhWyWWFYg7VWQ4eWQBAW+JSdqnajeMoLR9au:TBPvVXLWYhWiBdlaLFAu
MD5:	580D9EA2308FC2D2D2054A79EA63227C
SHA1:	04B3F21CBBA6D59A61CD839AE3192EA111856F65
SHA-256:	7CB0396229C3DA434482A5EF929D3A2C392791712242C9693F06BAA78948EF66
SHA-512:	97C1D3F4F9ADD03F21C6B3517E1D88D1BF9A8733D7BDCA1AECBA9E238D58FF35780C4D865461CC7CD29E9480B3B3B60864ABB664DCDC6F691383D0B281C33369
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................." .........................................................@............`.........................................`................0...................!..............T............................................................................rdata..(...........................@..@.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-file-l1-2-0.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	11712
Entropy (8bit):	6.622041192039296
Encrypted:	false
SSDEEP:	192:dzWYhW1sWWFYg7VWQ4yWL3sQlmqnajlD4h1N:BWYhW2e6l94h1N
MD5:	35BC1F1C6FBCCEC7EB8819178EF67664
SHA1:	BBCAD0148FF008E984A75937AADDF1EF6FDA5E0C
SHA-256:	7A3C5167731238CF262F749AA46AB3BFB2AE1B22191B76E28E1D7499D28C24B7
SHA-512:	9AB9B5B12215E57AF5B3C588ED5003D978071DC591ED18C78C4563381A132EDB7B2C508A8B75B4F1ED8823118D23C88EDA453CD4B42B9020463416F8F6832A3D
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................." .........................................................0......./....`.........................................`...L............ ...................!..............T............................................................................rdata..l...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-file-l2-1-0.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	11720
Entropy (8bit):	6.730719514840594
Encrypted:	false
SSDEEP:	192:/VyWYhWjAWWFYg7VWQ4eWiuNwzNbDXbBqnaj0q:/VyWYhW8g+LbBlwq
MD5:	3BF4406DE02AA148F460E5D709F4F67D
SHA1:	89B28107C39BB216DA00507FFD8ADB7838D883F6
SHA-256:	349A79FA1572E3538DFBB942610D8C47D03E8A41B98897BC02EC7E897D05237E
SHA-512:	5FF6E8AD602D9E31AC88E06A6FBB54303C57D011C388F46D957AEE8CD3B7D7CCED8B6BFA821FF347ADE62F7359ACB1FBA9EE181527F349C03D295BDB74EFBACE
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................" .........................................................0............`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-handle-l1-1-0.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	11720
Entropy (8bit):	6.626458901834476
Encrypted:	false
SSDEEP:	192:P9RWYhWEWWFYg7VWQ4eWncTjxceXqnajLJS:LWYhWk3TjmAlnJS
MD5:	BBAFA10627AF6DFAE5ED6E4AEAE57B2A
SHA1:	3094832B393416F212DB9107ADD80A6E93A37947
SHA-256:	C78A1217F8DCB157D1A66B80348DA48EBDBBEDCEA1D487FC393191C05AAD476D
SHA-512:	D5FCBA2314FFE7FF6E8B350D65A2CDD99CA95EA36B71B861733BC1ED6B6BB4D85D4B1C4C4DE2769FBF90D4100B343C250347D9ED1425F4A6C3FE6A20AED01F17
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...>G.j.........." .........................................................0............`.........................................`...`............ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-heap-l1-1-0.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	12232
Entropy (8bit):	6.577869728469469
Encrypted:	false
SSDEEP:	192:5t6DjZlTIWYhWsWWFYg7VWQ4eW4MtkR/BVrqnajc:5t6Dll0WYhWMqkRLlA
MD5:	3A4B6B36470BAD66621542F6D0D153AB
SHA1:	5005454BA8E13BAC64189C7A8416ECC1E3834DC6
SHA-256:	2E981EE04F35C0E0B7C58282B70DCC9FC0318F20F900607DAE7A0D40B36E80AF
SHA-512:	84B00167ABE67F6B58341045012723EF4839C1DFC0D8F7242370C4AD9FABBE4FEEFE73F9C6F7953EAE30422E0E743DC62503A0E8F7449E11C5820F2DFCA89294
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................" .........................................................0......M.....`.........................................`................ ...................!..............T............................................................................rdata..(...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-interlocked-l1-1-0.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	11712
Entropy (8bit):	6.6496318655699795
Encrypted:	false
SSDEEP:	192:nWYhWNWWFYg7VWQ4uWtGDlR/BVrqnajcU8:nWYhWLJDlRLlAU8
MD5:	A038716D7BBD490378B26642C0C18E94
SHA1:	29CD67219B65339B637A1716A78221915CEB4370
SHA-256:	B02324C49DD039FA889B4647331AA9AC65E5ADC0CC06B26F9F086E2654FF9F08
SHA-512:	43CB12D715DDA4DCDB131D99127417A71A16E4491BC2D5723F63A1C6DFABE578553BC9DC8CF8EFFAE4A6BE3E65422EC82079396E9A4D766BF91681BDBD7837B1
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...*............." .........................................................0......-.....`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-libraryloader-l1-1-0.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	12736
Entropy (8bit):	6.587452239016064
Encrypted:	false
SSDEEP:	192:FvuBL3BBLZWYhWxWWFYg7VWQ4uW4g0jrQYcunYqnajv9Ml:FvuBL3BPWYhWv8jYulhMl
MD5:	D75144FCB3897425A855A270331E38C9
SHA1:	132C9ADE61D574AA318E835EB78C4CCCDDEFDEA2
SHA-256:	08484ED55E43584068C337281E2C577CF984BB504871B3156DE11C7CC1EEC38F
SHA-512:	295A6699529D6B173F686C9BBB412F38D646C66AAB329EAC4C36713FDD32A3728B9C929F9DCADDE562F625FB80BC79026A52772141AD2080A0C9797305ADFF2E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d......c.........." .........................................................0......V`....`.........................................`................ ...................!..............T............................................................................rdata..<...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-localization-l1-2-0.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	14280
Entropy (8bit):	6.658205945107734
Encrypted:	false
SSDEEP:	384:NOMw3zdp3bwjGzue9/0jCRrndbwNWYhW6WAulh2:NOMwBprwjGzue9/0jCRrndbw5D
MD5:	8ACB83D102DABD9A5017A94239A2B0C6
SHA1:	9B43A40A7B498E02F96107E1524FE2F4112D36AE
SHA-256:	059CB23FDCF4D80B92E3DA29E9EF4C322EDF6FBA9A1837978FD983E9BDFC7413
SHA-512:	B7ECF60E20098EA509B76B1CC308A954A6EDE8D836BF709790CE7D4BD1B85B84CF5F3AEDF55AF225D2D21FBD3065D01AA201DAE6C131B8E1E3AA80ED6FC910A4
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................" .........................................................0......._....`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-memory-l1-1-0.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	12224
Entropy (8bit):	6.621310788423453
Encrypted:	false
SSDEEP:	96:qo1aCFEWYhWwp/DEs39DHDs35FrsvYgmr0DD0ADEs3TDL2L4m2grMWaLNpDEs3OC:teWYhWVWWFYg7VWQ4yWwAKZRqnajl6x7
MD5:	808F1CB8F155E871A33D85510A360E9E
SHA1:	C6251ABFF887789F1F4FC6B9D85705788379D149
SHA-256:	DADBD2204B015E81F94C537AC7A36CD39F82D7C366C193062210C7288BAA19E3
SHA-512:	441F36CA196E1C773FADF17A0F64C2BBDC6AF22B8756A4A576E6B8469B4267E942571A0AE81F4B2230B8DE55702F2E1260E8D0AFD5447F2EA52F467F4CAA9BC6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...f092.........." .........................................................0............`.........................................`...l............ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-namedpipe-l1-1-0.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	11720
Entropy (8bit):	6.7263193693903345
Encrypted:	false
SSDEEP:	192:cWYhWZSWWFYg7VWQ4eWkcc7ZqnajgnLSp:cWYhW84cllk2p
MD5:	CFF476BB11CC50C41D8D3BF5183D07EC
SHA1:	71E0036364FD49E3E535093E665F15E05A3BDE8F
SHA-256:	B57E70798AF248F91C8C46A3F3B2952EFFAE92CA8EF9640C952467BC6726F363
SHA-512:	7A87E4EE08169E9390D0DFE607E9A220DC7963F9B4C2CDC2F8C33D706E90DC405FBEE00DDC4943794FB502D9882B21FAAE3486BC66B97348121AE665AE58B01C
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d.....%..........." .........................................................0......[.....`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-processenvironment-l1-1-0.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	12744
Entropy (8bit):	6.601327134572443
Encrypted:	false
SSDEEP:	192:qKWYhWbWWFYg7VWQ4eWYoWjxceXqnajLJe:qKWYhWJ4WjmAlnJe
MD5:	F43286B695326FC0C20704F0EEBFDEA6
SHA1:	3E0189D2A1968D7F54E721B1C8949487EF11B871
SHA-256:	AA415DB99828F30A396CBD4E53C94096DB89756C88A19D8564F0EED0674ADD43
SHA-512:	6EAD35348477A08F48A9DEB94D26DA5F4E4683E36F0A46117B078311235C8B9B40C17259C2671A90D1A210F73BF94C9C063404280AC5DD5C7F9971470BEAF8B7
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................" .........................................................0.......Z....`.........................................`...H............ ...................!..............T............................................................................rdata..x...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-processthreads-l1-1-0.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	14272
Entropy (8bit):	6.519411559704781
Encrypted:	false
SSDEEP:	192:AWXk1JzX9cKSIvWYhWLWWFYg7VWQ4SWW0uI7oinEqnajxMyqY:AWXk1JzNcKSIvWYhW5+uOEle6
MD5:	E173F3AB46096482C4361378F6DCB261
SHA1:	7922932D87D3E32CE708F071C02FB86D33562530
SHA-256:	C9A686030E073975009F993485D362CC31C7F79B683DEF713E667D13E9605A14
SHA-512:	3AAFEFD8A9D7B0C869D0C49E0C23086115FD550B7DC5C75A5B8A8620AD37F36A4C24D2BF269043D81A7448C351FF56CB518EC4E151960D4F6BD655C38AFF547F
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...j............." .........................................................0......%C....`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-processthreads-l1-1-1.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	12232
Entropy (8bit):	6.659079053710614
Encrypted:	false
SSDEEP:	192:NtxDfIeA6WYhW7WWFYg7VWQ4eWpB5ABzR/BVrqnajcb:NtxDfIeA6WYhWp28RLlA
MD5:	9C9B50B204FCB84265810EF1F3C5D70A
SHA1:	0913AB720BD692ABCDB18A2609DF6A7F85D96DB3
SHA-256:	25A99BDF8BF4D16077DC30DD9FFEF7BB5A2CEAF9AFCEE7CF52AD408355239D40
SHA-512:	EA2D22234E587AD9FA255D9F57907CC14327EAD917FDEDE8B0A38516E7C7A08C4172349C8A7479EC55D1976A37E520628006F5C362F6A3EC76EC87978C4469CD
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................" .........................................................0......6y....`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-profile-l1-1-0.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	11200
Entropy (8bit):	6.7627840671368835
Encrypted:	false
SSDEEP:	192:clIHyZ36WYhWulWWFYg7VWQ4yWqeQDbLtsQlmqnajlDC:clIHyZKWYhWKhlbp6l9C
MD5:	0233F97324AAAA048F705D999244BC71
SHA1:	5427D57D0354A103D4BB8B655C31E3189192FC6A
SHA-256:	42F4E84073CF876BBAB9DD42FD87124A4BA10BB0B59D2C3031CB2B2DA7140594
SHA-512:	8339F3C0D824204B541AECBD5AD0D72B35EAF6717C3F547E0FD945656BCB2D52E9BD645E14893B3F599ED8F2DE6D3BCBEBF3B23ED43203599AF7AFA5A4000311
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d....f............" .........................................................0.......>....`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-rtlsupport-l1-1-0.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	12224
Entropy (8bit):	6.590253878523919
Encrypted:	false
SSDEEP:	192:4GeVvXK9WYhW1WWFYg7VWQ4yWj6k50IsQlmqnajlDl:4GeVy9WYhWzVk6l9l
MD5:	E1BA66696901CF9B456559861F92786E
SHA1:	D28266C7EDE971DC875360EB1F5EA8571693603E
SHA-256:	02D987EBA4A65509A2DF8ED5DD0B1A0578966E624FCF5806614ECE88A817499F
SHA-512:	08638A0DD0FB6125F4AB56E35D707655F48AE1AA609004329A0E25C13D2E71CB3EDB319726F10B8F6D70A99F1E0848B229A37A9AB5427BFEE69CD890EDFB89D2
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...._............" .........................................................0.......S....`.........................................`................ ...................!..............T............................................................................rdata..<...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-string-l1-1-0.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	11720
Entropy (8bit):	6.672720452347989
Encrypted:	false
SSDEEP:	192:byMvQWYhW5fWWFYg7VWQ4eWio3gDwcunYqnajv9JS:byMvQWYhW/BXwulhw
MD5:	7A15B909B6B11A3BE6458604B2FF6F5E
SHA1:	0FEB824D22B6BEEB97BCE58225688CB84AC809C7
SHA-256:	9447218CC4AB1A2C012629AAAE8D1C8A428A99184B011BCC766792AF5891E234
SHA-512:	D01DD566FF906AAD2379A46516E6D060855558C3027CE3B991056244A8EDD09CE29EACEC5EE70CEEA326DED7FC2683AE04C87F0E189EBA0E1D38C06685B743C9
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d.....<.........." .........................................................0.......g....`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-synch-l1-1-0.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	13760
Entropy (8bit):	6.575688560984027
Encrypted:	false
SSDEEP:	192:L1dv3V0dfpkXc2MAvVaoKKDWYhWTJWWFYg7VWQ4uWoSUtpwBqnajrmaaGWpmJ:Zdv3V0dfpkXc0vVaeWYhWj/qlQGWpmJ
MD5:	6C3FCD71A6A1A39EAB3E5C2FD72172CD
SHA1:	15B55097E54028D1466E46FEBCA1DBB8DBEFEA4F
SHA-256:	A31A15BED26232A178BA7ECB8C8AA9487C3287BB7909952FC06ED0D2C795DB26
SHA-512:	EF1C14965E5974754CC6A9B94A4FA5107E89966CB2E584CE71BBBDD2D9DC0C0536CCC9D488C06FA828D3627206E7D9CC8065C45C6FB0C9121962CCBECB063D4F
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d......c.........." .........................................................0............`.........................................`...X............ ...................!..............T............................................................................rdata..\|...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-synch-l1-2-0.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	12232
Entropy (8bit):	6.70261983917014
Encrypted:	false
SSDEEP:	192:ztZ3XWYhW3WWFYg7VWQ4eWNnpit7ZqnajgnLSl:ztZ3XWYhWVg+llk2
MD5:	D175430EFF058838CEE2E334951F6C9C
SHA1:	7F17FBDCEF12042D215828C1D6675E483A4C62B1
SHA-256:	1C72AC404781A9986D8EDEB0EE5DD39D2C27CE505683CA3324C0ECCD6193610A
SHA-512:	6076086082E3E824309BA2C178E95570A34ECE6F2339BE500B8B0A51F0F316B39A4C8D70898C4D50F89F3F43D65C5EBBEC3094A47D91677399802F327287D43B
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................." .........................................................0......G.....`.........................................`...x............ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-sysinfo-l1-1-0.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	12744
Entropy (8bit):	6.599515320379107
Encrypted:	false
SSDEEP:	192:fKIMFFyWYhW6WWFYg7VWQ4eWoVjxceXqnajLJ4:fcyWYhWKRjmAlnJ4
MD5:	9D43B5E3C7C529425EDF1183511C29E4
SHA1:	07CE4B878C25B2D9D1C48C462F1623AE3821FCEF
SHA-256:	19C78EF5BA470C5B295DDDEE9244CBD07D0368C5743B02A16D375BFB494D3328
SHA-512:	C8A1C581C3E465EFBC3FF06F4636A749B99358CA899E362EA04B3706EAD021C69AE9EA0EFC1115EAE6BBD9CF6723E22518E9BEC21F27DDAAFA3CF18B3A0034A7
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...r............" .........................................................0............`.........................................`...H............ ...................!..............T............................................................................rdata..l...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-timezone-l1-1-0.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	12232
Entropy (8bit):	6.690164913578267
Encrypted:	false
SSDEEP:	192:4EWYhWdWWFYg7VWQ4eWvvJ6jxceXqnajLJn:4EWYhWbwYjmAlnJ
MD5:	43E1AE2E432EB99AA4427BB68F8826BB
SHA1:	EEE1747B3ADE5A9B985467512215CAF7E0D4CB9B
SHA-256:	3D798B9C345A507E142E8DACD7FB6C17528CC1453ABFEF2FFA9710D2FA9E032C
SHA-512:	40EC0482F668BDE71AEB4520A0709D3E84F093062BFBD05285E2CC09B19B7492CB96CDD6056281C213AB0560F87BD485EE4D2AEEFA0B285D2D005634C1F3AF0B
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d....Y$..........." .........................................................0.......d....`.........................................`...H............ ...................!..............T............................................................................rdata..l...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-util-l1-1-0.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	11720
Entropy (8bit):	6.615761482304143
Encrypted:	false
SSDEEP:	192:dZ89WYhWFWWFYg7VWQ4eW5QLyFqnajziMOci:dZ89WYhWDnolniMOP
MD5:	735636096B86B761DA49EF26A1C7F779
SHA1:	E51FFBDDBF63DDE1B216DCCC753AD810E91ABC58
SHA-256:	5EB724C51EECBA9AC7B8A53861A1D029BF2E6C62251D00F61AC7E2A5F813AAA3
SHA-512:	3D5110F0E5244A58F426FBB72E17444D571141515611E65330ECFEABDCC57AD3A89A1A8B2DC573DA6192212FB65C478D335A86678A883A1A1B68FF88ED624659
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................" .........................................................0......Xc....`.........................................`...<............ ...................!..............T............................................................................rdata..\...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-crt-conio-l1-1-0.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	12744
Entropy (8bit):	6.627282858694643
Encrypted:	false
SSDEEP:	192:R0WYhWRWWFYg7VWQ4eWLeNxUUtpwBqnajrmaaG:R0WYhWPzjqlQG
MD5:	031DC390780AC08F498E82A5604EF1EB
SHA1:	CF23D59674286D3DC7A3B10CD8689490F583F15F
SHA-256:	B119ADAD588EBCA7F9C88628010D47D68BF6E7DC6050B7E4B787559F131F5EDE
SHA-512:	1468AD9E313E184B5C88FFD79A17C7D458D5603722620B500DBA06E5B831037CD1DD198C8CE2721C3260AB376582F5791958763910E77AA718449B6622D023C7
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d..../}..........." .........................................................0......a.....`.........................................0................ ...................!..............T............................................................................rdata.. ...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-crt-convert-l1-1-0.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	15816
Entropy (8bit):	6.435326465651674
Encrypted:	false
SSDEEP:	192:JM0wd8dc9cydWYhWyWWFYg7VWQ4eW9jTXfH098uXqnajH/VCf:G0wd8xydWYhWi2bXuXlTV2
MD5:	285DCD72D73559678CFD3ED39F81DDAD
SHA1:	DF22928E43EA6A9A41C1B2B5BFCAB5BA58D2A83A
SHA-256:	6C008BE766C44BF968C9E91CDDC5B472110BEFFEE3106A99532E68C605C78D44
SHA-512:	84EF0A843798FD6BD6246E1D40924BE42550D3EF239DAB6DB4D423B142FA8F691C6F0603687901F1C52898554BF4F48D18D3AEBD47DE935560CDE4906798C39A
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...x............." .........................................................@.......5....`.........................................0................0...................!..............T............................................................................rdata..............................@..@.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-crt-environment-l1-1-0.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	12232
Entropy (8bit):	6.5874576656353145
Encrypted:	false
SSDEEP:	192:6KNMWYhW6WWFYg7VWQ4eWSA5lJSdqnajeMh3:6KNMWYhWKiKdlaW
MD5:	5CCE7A5ED4C2EBAF9243B324F6618C0E
SHA1:	FDB5954EE91583A5A4CBB0054FB8B3BF6235EED3
SHA-256:	AA3E3E99964D7F9B89F288DBE30FF18CBC960EE5ADD533EC1B8326FE63787AA3
SHA-512:	FC85A3BE23621145B8DC067290BD66416B6B1566001A799975BF99F0F526935E41A2C8861625E7CFB8539CA0621ED9F46343C04B6C41DB812F58412BE9C8A0DE
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...g P..........." .........................................................0............`.........................................0..."............ ...................!..............T............................................................................rdata..R...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-crt-filesystem-l1-1-0.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	13768
Entropy (8bit):	6.645869978118917
Encrypted:	false
SSDEEP:	192:CGnWlC0i5ClWYhWwWWFYg7VWQ4eWtOUtpwBqnajrmaaGN4P:9nWm5ClWYhWQ8qlQGN6
MD5:	41FBBB054AF69F0141E8FC7480D7F122
SHA1:	3613A572B462845D6478A92A94769885DA0843AF
SHA-256:	974AF1F1A38C02869073B4E7EC4B2A47A6CE8339FA62C549DA6B20668DE6798C
SHA-512:	97FB0A19227887D55905C2D622FBF5451921567F145BE7855F72909EB3027F48A57D8C4D76E98305121B1B0CC1F5F2667EF6109C59A83EA1B3E266934B2EB33C
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...r..x.........." .........................................................0.......(....`.........................................0................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\avcodec-60.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	37333152
Entropy (8bit):	6.632921864082428
Encrypted:	false
SSDEEP:	393216:LzyCmQCOCLheXbl4MEf+Eidgrpj3xO6FLzq2KHplhrX5:L5WLheXbl4MEf+HgrpjVF6PD5
MD5:	32F56F3E644C4AC8C258022C93E62765
SHA1:	06DFF5904EBBF69551DFA9F92E6CC2FFA9679BA1
SHA-256:	85AF2FB4836145098423E08218AC381110A6519CB559FF6FC7648BA310704315
SHA-512:	CAE2B9E40FF71DDAF76A346C20028867439B5726A16AE1AD5E38E804253DFCF6ED0741095A619D0999728D953F2C375329E86B8DE4A0FCE55A8CDC13946D5AD8
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d........(........&"...&............P........................................P.......3:...`... ......................................`...........A.....p.......t...X.9.H'.......M..............................(......................P............................text...............................`..`.rodata.0........................... ..`.data...............................@....rdata....X......X.................@..@.pdata..t...........................@..@.xdata..`...........................@..@.bss...................................edata.......`.......\|..............@..@.idata...A.......B..................@....CRT....`..........................@....tls...............................@....rsrc...p..........................@....reloc...M.......N..................@..B........................................................................................

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\avformat-60.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	5100112
Entropy (8bit):	6.374242928276845
Encrypted:	false
SSDEEP:	49152:WBUp8DPNkkup6GAx9HEekwEfG/66xcPiw+UgAnBM+sVf9d3PWKOyz/Omlc69kXOV:WB/Z16w8idUgfT0b6LnBSpytGyodUl
MD5:	01589E66D46ABCD9ACB739DA4B542CE4
SHA1:	6BF1BD142DF68FA39EF26E2CAE82450FED03ECB6
SHA-256:	9BB4A5F453DA85ACD26C35969C049592A71A7EF3060BFA4EB698361F2EDB37A3
SHA-512:	0527AF5C1E7A5017E223B3CC0343ED5D42EC236D53ECA30D6DECCEB2945AF0C1FBF8C7CE367E87BC10FCD54A77F5801A0D4112F783C3B7E829B2F40897AF8379
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.........D..,....&"...&.R4...D.....P.........................................E.....r}N...`... .......................................D.0-....D.hX...PE.......?.......M.H'...`E..e............................>.(.....................D.`............................text....P4......R4.................`..`.data....3...p4..4...V4.............@....rdata...&....4..(....4.............@..@.pdata........?.......?.............@..@.xdata..8{....A..\|...TA.............@..@.bss..........D..........................edata..0-....D.......C.............@..@.idata..hX....D..Z....C.............@....CRT....`....0E......XD.............@....tls.........@E......ZD.............@....rsrc........PE......\D.............@....reloc...e...`E..f...`D.............@..B................................................................................................................................

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\avutil-58.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	1089600
Entropy (8bit):	6.535744457220272
Encrypted:	false
SSDEEP:	24576:NFUq9wHzADwiB0Bm3k6gz0sA+wLDZyoFNRsKYw:TUdMDwIgm3kpzsNpyoFDsKYw
MD5:	3AAF57892F2D66F4A4F0575C6194F0F8
SHA1:	D65C9143603940EDE756D7363AB6750F6B45AB4E
SHA-256:	9E0D0A05B798DA5D6C38D858CE1AD855C6D68BA2F9822FA3DA16E148E97F9926
SHA-512:	A5F595D9C48B8D5191149D59896694C6DD0E9E1AF782366162D7E3C90C75B2914F6E7AFF384F4B59CA7C5A1ECCCDBF5758E90A6A2B14A8625858A599DCCA429B
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d........f..X.....&"...&.2...b......P......................................... ......?....`... ......................................0 .xC.... ....... .h.......@>...x..H'.... ............................. Z..(..................... .P............................text....1.......2..................`..`.data........P.......6..............@....rdata...,...`.......8..............@..@.pdata..@>.......@...f..............@..@.xdata...K.......L..................@..@.bss......... ...........................edata..xC...0 ..D..................@..@.idata........ ......6..............@....CRT....`..... ......N..............@....tls.......... ......P..............@....rsrc...h..... ......R..............@....reloc........ ......V..............@..B................................................................................................................................

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\createdump.exe

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	57488
Entropy (8bit):	6.382541157520703
Encrypted:	false
SSDEEP:	768:eQ6XULhGj8TzwsoeZwVAsuEIBh8v6H3eQdFyN+yghK3m5rR8vSoQuSd:ECVbTGkiE/c+XA3g2L7S
MD5:	71F796B486C7FAF25B9B16233A7CE0CD
SHA1:	21FFC41E62CD5F2EFCC94BAF71BD2659B76D28D3
SHA-256:	B2ACB555E6D5C6933A53E74581FD68D523A60BCD6BD53E4A12D9401579284FFD
SHA-512:	A82EA6FC7E7096C10763F2D821081F1B1AFFA391684B8B47B5071640C8A4772F555B953445664C89A7DFDB528C5D91A9ADDB5D73F4F5E7509C6D58697ED68432
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l............uU.....x.....x.....x....{...........ox....ox9....ox....Rich...........................PE..d......d.........."......f...N......p).........@....................................2.....`.....................................................................P........(......d.......T...............................8............................................text....e.......f.................. ..`.rdata...6.......8...j..............@..@.data...............................@....pdata..P...........................@..@_RDATA..............................@..@.rsrc...............................@..@.reloc..d...........................@..B................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\iwhgjds.rar

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	RAR archive data, v5
Category:	dropped
Size (bytes):	410590
Entropy (8bit):	7.999547756232906
Encrypted:	true
SSDEEP:	12288:3l0fYbqzpDHgtV9Tl9xuI6PDPEpSiGzsnX:3l0QW1TO9/WzEMdKX
MD5:	0B33355D156BFFEC45D5E5EA70BCD00A
SHA1:	EFF5144734606C666BDC347B6974F626A4228DC1
SHA-256:	C436228E77A9C12315A5E4E1CE8FDA264D2A9F5BFDA4E2E4EFA1F2808FF97147
SHA-512:	390946DAC4AA6ED5479E735F804798BADA1B1E549687DF08B1258103811B3EE7E91EC00CC919079ED8AD016AC67C85AE4EBF7169ADC4E77BF9F943054FFF1A3F
Malicious:	false
Preview:	Rar!.....n..!......n__.....8...<.XY..9_b&.u.. .I..,.C....b~.~..tP...d....'.m....c..]..(..\|r.gD.a\h^.B.......x...A^=.q.f_q$..l... F\h...\7.....!..M\|$.a..z...l(A..M.j.H.n...y......&a...<...\|.&.6.."..@3.R...`..y.i...7..d.............1...G.DT..;].[.$.GCo2/...e.......M..d..E..E$..v.8.(..........d<kN.R^..mF....H..I..C......S..Kx.m.8..vX.5.M.y....I..G.S...x-..L..SZx.....QXR.1.}.u.\|..7...=......$.`H...,...9Py..........P..O.......i..g..lL.l..J.f.b}X....CTo.<....y...d..@...]..>...^..........zq5....d8.....3.d......z..].`~.-.zX.8U'.......V6[2...B..'.Uk..."....;.7.!..4zB-..^......@......3...z.......f....^;z?.o./V..?.p<................P...Q....d.#.8.$..Il.2]6...I...g.....a!.e..........o.0.[)."G. .........AuI..b..4...Z.W4T..T..f.a..].^B...h....q..O......i^...&.y..........\|..g;...g..)'.}3...mk...j.._.!{V;..R..#...r........!!....^.X..z..Zl:\..XQ....O~..m.f%..k.%.:@m....7.n......d_.MK..<.{.E..!...6\|. <.........I=..}oR.2D..2....!..M..h.)..

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\msvcp140.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	566704
Entropy (8bit):	6.494428734965787
Encrypted:	false
SSDEEP:	12288:M/Wn7JnU0QUgqtLe1fqSKnqEXG6IOaaal7wC/QaDWxncycIW6zuyLQEKZm+jWodj:yN59IW6zuAQEKZm+jWodEEY1u
MD5:	6DA7F4530EDB350CF9D967D969CCECF8
SHA1:	3E2681EA91F60A7A9EF2407399D13C1CA6AA71E9
SHA-256:	9FEE6F36547D6F6EA7CA0338655555DBA6BB0F798BC60334D29B94D1547DA4DA
SHA-512:	1F77F900215A4966F7F4E5D23B4AAAD203136CB8561F4E36F03F13659FE1FF4B81CAA75FEF557C890E108F28F0484AD2BAA825559114C0DAA588CF1DE6C1AFAB
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Y...................Z.........O.....O.....O.....O.....O.....O.6....O.....Rich...........................PE..d...%\|.a.........." .....<...\.......)...................................................`A.........................................5..h...(...,............p...9...~...'......0.......T...............................8............P...............................text....;.......<.................. ..`.rdata..j....P.......@..............@..@.data...`:...0......................@....pdata...9...p...:...6..............@..@.rsrc................p..............@..@.reloc..0............t..............@..B................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	35656
Entropy (8bit):	6.370522595411868
Encrypted:	false
SSDEEP:	768:ixmeWkfdHAWcgj7Y7rEabyLcRwEpYinAMx1nyqaJ:pXUdg8jU7r4LcRZ7Hx1nyqa
MD5:	D3CAC4D7B35BACAE314F48C374452D71
SHA1:	95D2980786BC36FEC50733B9843FDE9EAB081918
SHA-256:	4233600651FB45B9E50D2EC8B98B9A76F268893B789A425B4159675B74F802AA
SHA-512:	21C8D73CC001EF566C1F3C7924324E553A6DCA68764ECB11C115846CA54E74BD1DFED12A65AF28D9B00DDABA04F987088AA30E91B96E050E4FC1A256FFF20880
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........D..D..D..M.3.J......F......W......N......G......F..D..l......A..D.........E...._.E......E..RichD..................PE..d................"....#.2...4......`7.........@..........................................`..................................................b..,....................d..H'......<....Z..p...........................`Y..@............P...............................text....1.......2.................. ..`.rdata..H"...P...$...6..............@..@.data...H............Z..............@....pdata...............\..............@..@.rsrc................`..............@..@.reloc..<............b..............@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\suriqk.bat

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	DOS batch file, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	22
Entropy (8bit):	3.879664004902594
Encrypted:	false
SSDEEP:	3:mKDDlR+7H6U:hOD6U
MD5:	D9324699E54DC12B3B207C7433E1711C
SHA1:	864EB0A68C2979DCFF624118C9C0618FF76FA76C
SHA-256:	EDFACD2D5328E4FFF172E0C21A54CC90BAF97477931B47B0A528BFE363EF7C7E
SHA-512:	E8CC55B04A744A71157FCCA040B8365473C1165B3446E00C61AD697427221BE11271144F93F853F22906D0FEB61BC49ADFE9CBA0A1F3B3905E7AD6BD57655EB8
Malicious:	false
Preview:	@echo off..Start "" %1

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\swresample-4.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	158968
Entropy (8bit):	6.4238235663554955
Encrypted:	false
SSDEEP:	1536:izN/1rbQ+rTccg/Lla75jjVBzYCDNzuDQr5whduOd7EKPuh9Aco6uAGUtQFUzcnX:8N/FQ+rejlaFhdrXORhjD6VGUtQWk
MD5:	7FB892E2AC9FF6981B6411FF1F932556
SHA1:	861B6A1E59D4CD0816F4FEC6FD4E31FDE8536C81
SHA-256:	A45A29AECB118FC1A27ECA103EAD50EDD5343F85365D1E27211FE3903643C623
SHA-512:	986672FBB14F3D61FFF0924801AAB3E9D6854BB3141B95EE708BF5B80F8552D5E0D57182226BABA0AE8995A6A6F613864AB0E5F26C4DCE4EB88AB82B060BDAC5
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...........O.....&"...&.h..........P.....................................................`... ...................................... .......0..T....`..........X....E..H'...p..................................(...................02...............................text....f.......h..................`..`.data................l..............@....rdata...Q.......R...n..............@..@.pdata..X...........................@..@.xdata..............................@..@.bss.....................................edata....... ......................@..@.idata..T....0......................@....CRT....X....@......................@....tls.........P......................@....rsrc........`......................@....reloc.......p......................@..B................................................................................................................................

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\swscale-7.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	707200
Entropy (8bit):	6.610520126248797
Encrypted:	false
SSDEEP:	12288:hTl8xt5jEuhuoWZz8Rt5brZcXVEZMbYwepVQ0G6ddTD8qevJMLf50555555555mj:hZ8xt5jEuhuoWZz8Rt5brZcXVEZMbYJz
MD5:	1144E36E0F8F739DB55A7CF9D4E21E1B
SHA1:	9FA49645C0E3BAE0EDD44726138D7C72EECE06DD
SHA-256:	65F8E4D76067C11F183C0E1670972D81E878E6208E501475DE514BC4ED8638FD
SHA-512:	A82290D95247A67C4D06E5B120415318A0524D00B9149DDDD8B32E21BBD0EE4D86BB397778C4F137BF60DDD4167EE2E9C6490B3018031053E9FE3C0D0B3250E7
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...........-.....&"...&............P.....................................................`... ......................................P.......`..........x....P......8...H'......................................(....................c..`............................text...(...........................`..`.data...............................@....rdata...s.......t..................@..@.pdata.......P...0...&..............@..@.xdata...9.......:...V..............@..@.bss.....................................edata.......P......................@..@.idata.......`......................@....CRT....`....p......................@....tls................................@....rsrc...x...........................@....reloc..............................@..B................................................................................................................................

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\una_front\classes.jsa

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	12124160
Entropy (8bit):	4.1175508751036585
Encrypted:	false
SSDEEP:	49152:opbNLHjtBKapOZoWPQ8MQvfyf3t+WpskQS+ZSZmpPwoe5GOSwleJiXACPQDk8p8j:o9NDU1eB1
MD5:	8A13CBE402E0BBF3DA56315F0EBA7F8E
SHA1:	EE8B33FA87D7FA04B9B7766BCF2E2C39C4F641EA
SHA-256:	7B5E6A18A805D030779757B5B9C62721200AD899710FF930FC1C72259383278C
SHA-512:	46B804321AB1642427572DD141761E559924AF5D015F3F1DD97795FB74B6795408DEAD5EA822D2EB8FBD88E747ECCAD9C3EE8F9884DFDB73E87FAD7B541391DA
Malicious:	false
Preview:	.................*.\.....................................+................................Ol.....................................">.............................d..3......................A.......@...... t.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................(#......(............... ................Java HotSpot(TM) 64-Bit Server VM (15.0.1+9-18) for windows-amd64 JRE (15.0.1+9-18), built on Sep 15 2020 14:43:54 by "mach5one" with unknown MS VC++:1925....................................................................................................................................................

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\una_front\java.datatransfer.jmod

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Java jmod module version 1.0
Category:	dropped
Size (bytes):	51389
Entropy (8bit):	7.916683616123071
Encrypted:	false
SSDEEP:	768:GO5DN7hkJDEnwQm0aCDOdC4Lk1eo8eNEyu/73vVjPx5S+3TYWFwSvZt6xdWDvw:GO5h7hkREnyvo8QBuDNjfvD1/3vw
MD5:	8F4C0388762CD566EAE3261FF8E55D14
SHA1:	B6C5AA0BBFDDE8058ABFD06637F7BEE055C79F4C
SHA-256:	AAEFACDD81ADEEC7DBF9C627663306EF6B8CDCDF8B66E0F46590CAA95CE09650
SHA-512:	1EF4D8A9D5457AF99171B0D70A330B702E275DCC842504579E24FC98CC0B276F8F3432782E212589FC52AA93BBBC00A236FE927BE0D832DD083E8F5EBDEB67C2
Malicious:	false
Preview:	JM..PK.........n/Q................classes/module-info.classeP.N.0..../.$...pAM.D.p..!!..X...m.d'.....P7...biw..Y.?._...pM.m..X.q..2.D8o...o.0.J.s...,...".'..>..F..r..M..G.L......!.je.BG....:v.;..a@...Y...3..?.Y....\.m.).CBwn......'.N..+G+^#.j...R.A..qV.1o...p.....\|._.-N$.!.;X....\|....G......qi.W{PK...^0.........PK.........n/Q............-...classes/java/awt/datatransfer/Clipboard.class.X.w.W....c...-.Ii...#.P..........@(`.......3.....R...........<....h..W.z......=.=~....l..DN..............;y.@7..#....2.P.._.WR.b.Km..f......9w1T...A.....d..b.r.Ie.Gq,..U+.kcC.be..eTe......K3.usU.2...Pe.4T.aYz....>!..q..3.dL.Q..fh/#..P.t.;.f,.."..7..v.(..K7}.2nZ;.Mg..OuzU..c.....!wR.xz....7...tG..d.ED..3...fs.{n\...x...r.!.#X.6.Ke.v........1n.P......#..P...J....)^.dt....k...k...F5...e$.d...=~Do.t.2....KX....B.#Ha..U2n.j...+fh&....&.zk,.....>...aQ......kj...:.h.Q.uTv.B ......N......r'..x..D.4.`k 76fZ....fG..#.....7.4.:w..6....#...x..>lfh.B'.....'l..V.....5..H..

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\una_front\java.instrument.jmod

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Java jmod module version 1.0
Category:	dropped
Size (bytes):	41127
Entropy (8bit):	7.961466748192397
Encrypted:	false
SSDEEP:	768:L0xH2Z5C7/c8GqFsHWShYYptTpmPSB4gTQSq4Yz1jHoAsbjX:wxH66/crqiH3tTVTsSVYz1jIAsfX
MD5:	D039093C051B1D555C8F9B245B3D7FA0
SHA1:	C81B0DAEDAB28354DEA0634B9AE9E10EE72C4313
SHA-256:	4A495FC5D119724F7D40699BB5D2B298B0B87199D09129AEC88BBBDBC279A68D
SHA-512:	334FD85ACE22C90F8D4F82886EEF1E6583184369A031DCEE6E0B6624291F231D406A2CEC86397C1B94D535B36A5CF7CB632BB9149B8518B794CBFA1D18A2478F
Malicious:	false
Preview:	JM..PK.........n/Q................classes/module-info.classU.M..0..../..........LL...A.$.t.\x..e,U.N.N..7o.....=B+..,.@..:.`.....`....L.,.".B.M......:...._..uBGf.5.M..g..."..8K\..B.".z..\|=6.=1.KB..v,.yJ0/......[.r..OU`....Q}...kP.94oh...b..K{...].'PK........#...PK.........n/Q............2...classes/java/lang/instrument/ClassDefinition.class.SMo.@.}.8q.4M.@.h..b;... ..d.RP$.c...#g...#@.....@.G..........7o.......@.-..J.T.eT..'.......tt.=.P9.C_t.J.5... ...Y...z\|.(..TE...e.....(.......v?pg....<...I.1.:....H.U...1.)..p...P.......\|...04..Q..2...%..8~.......#..p"...n..<.Uq..=..:.c..1.2...x.o.w..#....^?q.I..:..Y...6...N..c..>2.k.U...L..&V.H...%....y...[.~GJ...B/M......%...t....+.I.E....H..}....m..j_..8C...:.n...(*..z..Z.Q...$....a.}..T.xW.$....52...T.o..mSL_~.L.FM....W.z.I.]....)..e.....A..$..xH...Td...0i..."...0X....PK..X..~........PK.........n/Q............7...classes/java/lang/instrument/ClassFileTransformer.class.S.n.@.=.8.M.n..b^-/..G..

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\una_front\java.logging.jmod

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Java jmod module version 1.0
Category:	dropped
Size (bytes):	113725
Entropy (8bit):	7.928841651831531
Encrypted:	false
SSDEEP:	3072:6jB5A+VPT8IdtpHAUfEzhLpIrxbt2rlnH6:6ZRTPHgU2pItshH6
MD5:	3A03EF8F05A2D0472AE865D9457DAB32
SHA1:	7204170A08115A16A50D5A06C3DE7B0ADB6113B1
SHA-256:	584D15427F5B0AC0CE4BE4CAA2B3FC25030A0CF292F890C6D3F35836BC97FA6D
SHA-512:	1702C6231DAAB27700160B271C3D6171387F89DA0A97A3725B4B9D404C94713CB09BA175DE8E78A8F0CBD8DD0DD73836A38C59CE8D1BD38B4F57771CF9536E77
Malicious:	false
Preview:	JM..PK.........n/Q................classes/module-info.classuQ.N.1.=W......n\1.D.5$&....T...2%....\..~..3(......9.6...o....%..:L...x.=..p..L.......".Gm........Z9.R+...}x..$.Y,,..-..z..{.v.K..:9m[.dl....Q#t..F$:5c..h..^x".8 \N..A!....O....@.0.Z....p]......0_(.mB...=.J..<.k"4....g<......M$,....:Kz\|..^.........8q..{...}.G....p.S.W...l.M.....PK..R...).......PK.........n/Q................classes/java/util/logging/ConsoleHandler.class}S[o.A...KW..jk.....jy...K.b.R.mH\|.......2.K....h...G..,..K...s..r......7....d.u....C...y3..j..2...1..!wx..2T:.T...b.^..`.D[...0....n.cXy#C..e...=.E.....]..%L..<x.....W........z..u.s..a.e..Zq..-.E@n.!..)....F...\.E...<...[.;W..t.i%.mT".w.x..(.m,...r.....tZ..vPepFI_...D..b..0.U...S;....XP.@..C.#Cq..}aNy_..ZG...q#m<;..g2b.]"..Y.....[7."+..#"wOtb..-..."..@..(.>Y0......C.h...?.~..8A.Mp.....N....Z$ .E...."o.E.uz3;..m.P.z.....7...?.'.q>...2mN.gLv...q1..[}..@~..M.....K..sS.....PK....0w........PK.........n/Q............,...classes/ja

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\una_front\java.management.jmod

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Java jmod module version 1.0
Category:	dropped
Size (bytes):	896846
Entropy (8bit):	7.923431656723031
Encrypted:	false
SSDEEP:	12288:3xz+ej0yUGnip25kAyyrAm0G4hcpbLIWFWb4YNlgWUz4u5cnLXlAVz/Q+9Ec8zCU:3cZpcryy8mp4hpSxWUQuV//yDXX
MD5:	C6FBB7D49CAA027010C2A817D80CA77C
SHA1:	4191E275E1154271ABF1E54E85A4FF94F59E7223
SHA-256:	1C8D9EFAEB087AA474AD8416C3C2E0E415B311D43BCCA3B67CBF729065065F09
SHA-512:	FDDC31FA97AF16470EA2F93E3EF206FFB217E4ED8A5C379D69C512652987E345CB977DB84EDA233B190181C6E6E65C173062A93DB3E6BB9EE7E71472C9BBFE34
Malicious:	false
Preview:	JM..PK.........n/Q................classes/module-info.class.S.N.A.=-.............^PQP4F..\|..]{.........S\|...(cu/..i.d.z...[....'.M\|`.M.GrI.).1.4...8...V.b.EE.Rg...zV.K......Os.W.S?.e.GY.Q`.od..d..Zf....2>.B.29.D.3L7...M&....8.;..2...}..n..n.g...S. ?..._V..Q..9mBo0L..~dD.t.c.ric..2r5qLvr..V....Sm..I}.}.a..Od$2e..M.v.m..w....L..s.C.;...#.f..Ln.......5..9.2....5......P......M.$V.\|;...'mw.Vl.2....D..1%.l.a..o...O....!.......h...9V.L.x..?..n]/.6......iVe..{.4.K..s.[....y..\|2....3,`.a.....H69.a.;09.5K.C....a_.G.`Jm...ER......9I.D.n...Wp........%..WI...tf..pg5..SN.8y..Y'.:9....U.pq.....}.]X..aE....^t..x.l...^....m.#.......a."r.l.2..Lf).y.^.h..u....PK....N.i.......PK.........n/Q............0...classes/com/sun/jmx/defaults/JmxProperties.class.UMS#U.=.aH.4.4.....J2...h..6v.L2q.......tS.)F........\.....Y..h2...*...{.......w..8Ha.....p.C.c..C;..^+S...F.0..xNt....J5.$.b.og..9l.g....Q..k......"..I....b....-..^.n..<x..4.$pY.(..,\~.F..0...Z<`X[...(p...u^.

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\utest.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	639224
Entropy (8bit):	6.219852228773659
Encrypted:	false
SSDEEP:	12288:FgLcjQQPKZZK8aF4yBj3Fnx4DMDO8jalo:FggjQKuyDnxvOYaC
MD5:	01DACEA3CBE5F2557D0816FC64FAE363
SHA1:	566064A9CB1E33DB10681189A45B105CDD504FD4
SHA-256:	B4C96B1E5EEE34871D9AB43BCEE8096089742032C0669DF3C9234941AAC3D502
SHA-512:	C22BFE54894C26C0BD8A99848B33E1B9A9859B3C0C893CB6039F9486562C98AA4CEAB0D28C98C1038BD62160E03961A255B6F8627A7B2BB51B86CC7D6CBA9151
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........*...D..D..D.....D.1J...D...@..D...G..D...A..D...E..D..E..D...E..D..E.O.D...A..D...D..D......D.....D...F..D.Rich..D.........PE..d.....-a.........." ...............................................................E..... .....................................................,.......@....p..xK..................`...T.......................(.......................(............................text............................... ..`.rdata..H=.......>..................@..@.data....H... ...@..................@....pdata..xK...p...L...J..............@..@.rsrc...@...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\vcruntime140.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	98224
Entropy (8bit):	6.452201564717313
Encrypted:	false
SSDEEP:	1536:ywqHLG4SsAzAvadZw+1Hcx8uIYNUzUoHA4decbK/zJNuw6z5U:ytrfZ+jPYNzoHA4decbK/FNu51U
MD5:	F34EB034AA4A9735218686590CBA2E8B
SHA1:	2BC20ACDCB201676B77A66FA7EC6B53FA2644713
SHA-256:	9D2B40F0395CC5D1B4D5EA17B84970C29971D448C37104676DB577586D4AD1B1
SHA-512:	D27D5E65E8206BD7923CF2A3C4384FEC0FC59E8BC29E25F8C03D039F3741C01D1A8C82979D7B88C10B209DB31FBBEC23909E976B3EE593DC33481F0050A445AF
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......*..qn.."n.."n.."...#l.."g.."e.."n.."B.."<..#c.."<..#~.."<..#q.."<..#o.."<.g"o.."<..#o.."Richn.."................PE..d...%\|.a.........." .........`......p................................................{....`A.........................................B..4....J...............p..X....X...'..........h,..T............................,..8............................................text............................... ..`.rdata...@.......B..................@..@.data...@....`.......@..............@....pdata..X....p.......D..............@..@_RDATA...............P..............@..@.rsrc................R..............@..@.reloc...............V..............@..B........................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\vcruntime140_1.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	37256
Entropy (8bit):	6.297533243519742
Encrypted:	false
SSDEEP:	384:5hnvMCmWEKhUcSLt5a9k6KrOE5fY/ntz5txWE6Wc+Xf0+uncS7IO5WrCKWU/tQ0g:YCm5KhUcwrHY/ntTxT6ov07b4SwY1zl
MD5:	135359D350F72AD4BF716B764D39E749
SHA1:	2E59D9BBCCE356F0FECE56C9C4917A5CACEC63D7
SHA-256:	34048ABAA070ECC13B318CEA31425F4CA3EDD133D350318AC65259E6058C8B32
SHA-512:	CF23513D63AB2192C78CAE98BD3FEA67D933212B630BE111FA7E03BE3E92AF38E247EB2D3804437FD0FDA70FDC87916CD24CF1D3911E9F3BFB2CC4AB72B459BA
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......D_.O.>...>...>...N...>..RK...>...F^..>...>..1>..RK...>..RK...>..RK...>..RK...>..RK2..>..RK...>..Rich.>..........................PE..d...)\|.a.........." .....:...6......`A....................................................`A.........................................l.......m..x....................n...#......<...(b..T............................b..8............P..X............................text...e9.......:.................. ..`.rdata.. "...P...$...>..............@..@.data... ............b..............@....pdata...............d..............@..@.rsrc................h..............@..@.reloc..<............l..............@..B................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\w32-pthreads.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	53576
Entropy (8bit):	6.371750593889357
Encrypted:	false
SSDEEP:	1536:ij2SSS5nVoSiH/pOfv3Q3cY37Hx1nI6q:GhSSntiH/pOfvAf3
MD5:	E1EEBD44F9F4B52229D6E54155876056
SHA1:	052CEA514FC3DA5A23DE6541F97CD4D5E9009E58
SHA-256:	D96F2242444A334319B4286403D4BFADAF3F9FCCF390F3DD40BE32FB48CA512A
SHA-512:	235BB9516409A55FE7DDB49B4F3179BDCA406D62FD0EC1345ACDDF032B0F3F111C43FF957D4D09AD683D39449C0FFC4C050B387507FADF5384940BD973DAB159
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........*.<.K.o.K.o.K.o.3.o.K.oK7.n.K.oK7so.K.oK7.n.K.oK7.n.K.oK7.n.K.o'9.n.K.o.K.o.K.o,6.n.K.o,6.n.K.o,6qo.K.o.K.o.K.o,6.n.K.oRich.K.o........PE..d....Q............" ...#.b...J.......f............................................../.....`............................................X...(...........................H'......8.......p...........................P...@...............@............................text...ha.......b.................. ..`.rdata..P,...........f..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..8...........................@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\zlib.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	144200
Entropy (8bit):	6.592048391646652
Encrypted:	false
SSDEEP:	1536:GjxOs8gLeu4iSssNiTh9Yks32X3KqVy5SmBolzXfqLROJA0o1ZXMvr7Rn6dheIOI:I34iDsG5vm4bfqFKoDmr7h2MHTtwV6K
MD5:	3A0DBC5701D20AA87BE5680111A47662
SHA1:	BC581374CA1EBE8565DB182AC75FB37413220F03
SHA-256:	D53BC4348AD6355C20F75ED16A2F4F641D24881956A7AE8A0B739C0B50CF8091
SHA-512:	4740945606636C110AB6C365BD1BE6377A2A9AC224DE6A79AA506183472A9AD0641ECC63E5C5219EE8097ADEF6533AB35E2594D6F8A91788347FDA93CDB0440E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...&............P....................................................`... ......................................0..\|....@..8....p..................H'......................................(....................A..p............................text...............................`..`.data...............................@....rdata...W.......X..................@..@.pdata..............................@..@.xdata..............................@..@.bss......... ...........................edata..\|....0......................@..@.idata..8....@......................@....CRT....X....P......................@....tls.........`......................@....rsrc........p......................@....reloc..............................@..B................................................................................................................................

C:\Windows\Installer\6403f1.msi

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Security: 0, Code page: 1252, Revision Number: {D05681A8-619D-49FA-B1D9-9A8F2B5CF66C}, Number of Words: 10, Subject: Weisx App, Author: Trindo Coorp Sols, Name of Creating Application: Weisx App, Template: x64;2057, Comments: This installer database contains the logic and data required to install Weisx App., Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Sat Jan 4 12:36:06 2025, Last Saved Time/Date: Sat Jan 4 12:36:06 2025, Last Printed: Sat Jan 4 12:36:06 2025, Number of Pages: 450
Category:	dropped
Size (bytes):	60712448
Entropy (8bit):	7.214468459200748
Encrypted:	false
SSDEEP:	786432:srBpuVmrjV7eIAtenOTZCoh7Da6QUmsLquaPdBOfCPY:srSVmrjV7eIvnOTZCca6QUmsLLuOo
MD5:	7C1483F7E76FD97ECAE77DB49C8BC689
SHA1:	5E0BF8B4995AAB4BC3F1ABB17B673D6656598D67
SHA-256:	F371F210DE8C0E127FEEC5E3B9F52592656EC82CABFF42DD6C32F38A28FE7E32
SHA-512:	CEF7A5E2C4A2E51AC159322FC5F4571A5969C34019E5750986E148569FBC34FA7E6754E83B01D0B0C61C2853D982CD1EEFB8CF2DC05C492FB820E57A0CC2E138
Malicious:	false
Preview:	......................>............................................2..................................................................x...............................................................................................................................................%...&...'...(...)......................................................Z"..."..E#..F#..G#..H#..I#..J#..K#..L#..M#..N#..O#..P#..Q#..R#..S#..T#..U#...+...+...,...,...,...,...,...,...,..-0...0../0..00...2...2...2...2...2...2...2...2..............d...........................8...............B................................................................... ...!..."...#...$...%...&...'...(...)......+...,...-...7.../...0...1...2...3...4...5...6.......9...M...:...;...<...=...>...?...@...A...D...C...J...E...F...G...H...I...X...K...L...e...N...O...P...Q...R...S...T...U...V...W...("..""..Z...[...\...]...^..._...`...a...b...c.......~...f...g...h...i...j...k...l...m...n...o...p...q...r.......t...u...v...w...x...y...z...

C:\Windows\Installer\6403f4.msi

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Security: 0, Code page: 1252, Revision Number: {D05681A8-619D-49FA-B1D9-9A8F2B5CF66C}, Number of Words: 10, Subject: Weisx App, Author: Trindo Coorp Sols, Name of Creating Application: Weisx App, Template: x64;2057, Comments: This installer database contains the logic and data required to install Weisx App., Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Sat Jan 4 12:36:06 2025, Last Saved Time/Date: Sat Jan 4 12:36:06 2025, Last Printed: Sat Jan 4 12:36:06 2025, Number of Pages: 450
Category:	dropped
Size (bytes):	60712448
Entropy (8bit):	7.214468459200748
Encrypted:	false
SSDEEP:	786432:srBpuVmrjV7eIAtenOTZCoh7Da6QUmsLquaPdBOfCPY:srSVmrjV7eIvnOTZCca6QUmsLLuOo
MD5:	7C1483F7E76FD97ECAE77DB49C8BC689
SHA1:	5E0BF8B4995AAB4BC3F1ABB17B673D6656598D67
SHA-256:	F371F210DE8C0E127FEEC5E3B9F52592656EC82CABFF42DD6C32F38A28FE7E32
SHA-512:	CEF7A5E2C4A2E51AC159322FC5F4571A5969C34019E5750986E148569FBC34FA7E6754E83B01D0B0C61C2853D982CD1EEFB8CF2DC05C492FB820E57A0CC2E138
Malicious:	false
Preview:	......................>............................................2..................................................................x...............................................................................................................................................%...&...'...(...)......................................................Z"..."..E#..F#..G#..H#..I#..J#..K#..L#..M#..N#..O#..P#..Q#..R#..S#..T#..U#...+...+...,...,...,...,...,...,...,..-0...0../0..00...2...2...2...2...2...2...2...2..............d...........................8...............B................................................................... ...!..."...#...$...%...&...'...(...)......+...,...-...7.../...0...1...2...3...4...5...6.......9...M...:...;...<...=...>...?...@...A...D...C...J...E...F...G...H...I...X...K...L...e...N...O...P...Q...R...S...T...U...V...W...("..""..Z...[...\...]...^..._...`...a...b...c.......~...f...g...h...i...j...k...l...m...n...o...p...q...r.......t...u...v...w...x...y...z...

C:\Windows\Installer\MSI2ED1.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	380520
Entropy (8bit):	6.512348002260683
Encrypted:	false
SSDEEP:	6144:ZSXJmYiFGLzkhEFeCPGi5B8dZ6t+6bUSfcqKgAST:ZSXJ9khElPGvcttbxpAST
MD5:	FFDAACB43C074A8CB9A608C612D7540B
SHA1:	8F054A7F77853DE365A7763D93933660E6E1A890
SHA-256:	7484797EA4480BC71509FA28B16E607F82323E05C44F59FFA65DB3826ED1B388
SHA-512:	A9BD31377F7A6ECF75B1D90648847CB83D8BD65AD0B408C4F8DE6EB50764EEF1402E7ACDFF375B7C3B07AC9F94184BD399A10A22418DB474908B5E7A1ADFE263
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^..?{..?{..?{..x..?{..~..?{...x..?{......?{...~..?{.....?{..z..?{..?z..>{..r..?{..{..?{....?{..?.?{..y..?{.Rich.?{.........PE..L...>.$g.........."!...)..................... .......................................'....@A........................@3..X....3.......... ...............h:.......6..@...p...............................@............ ..(............................text...J........................... ..`.rdata...$... ...&..................@..@.data....!...P......................@....fptable.............@..............@....rsrc... ............B..............@..@.reloc...6.......8...\..............@..B........................................................................................................................................................................................................................................................

C:\Windows\Installer\MSI33E3.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	215279
Entropy (8bit):	4.944977192773313
Encrypted:	false
SSDEEP:	1536:UuY9WTY1Z0Ceau0a/r3NLZZOjjDcC7uFFy9Z8YJNs9Z7E9yk+N:Ut9z1Z0vZXJZYDFufyXbJNCc2
MD5:	B78BEBCF94584C8FA9BBA3E91CB0EF00
SHA1:	08CEB953F48A3794D4FBB31F5477C338B4262474
SHA-256:	804EA06BA4DBF3303ED2EDCF0B656DB6A656E8104CCB12F5E1E88DCD4F04756E
SHA-512:	42A170A1095055F9A4AECFEFDBB61F779C9DC5532A5494E897F87CA1EF9F56091D3BDAB51629F661830E4E8F0ADFF77F5DB633DC6F543DC81BDD9FEC4CC4DD40
Malicious:	false
Preview:	...@IXOS.@.....@.a%Z.@.....@.....@.....@.....@.....@......&.{BA2FC2FA-8AD1-483C-BAA6-EAEE13985C74}..Weisx App..setup.msi.@.....@.....@.....@......icon_24.exe..&.{D05681A8-619D-49FA-B1D9-9A8F2B5CF66C}.....@.....@.....@.....@.......@.....@.....@.......@......Weisx App......Rollback..Rolling back action:....RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration...@3....@.....@.]....&.{F39C344E-A83E-4760-8DA8-F27602095B4F};.C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\.@.......@.....@.....@......&.{BC83E781-7DE2-47A8-97C3-2E6CC9BCAD82}0.21:\Software\Trindo Coorp Sols\Weisx App\Version.@.......@.....@.....@......&.{279C32E3-A00A-4513-9A8B-D3984A41A6FB}D.C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\utest.dll.@.......@.....@.....@......&.{B61B35E4-8BE1-4171-B69B-E2423CE9179F}K.C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\vcruntime140.dll.@.......@.....@.....@......&.{FDDB96EE-847D-4B25-8

C:\Windows\Installer\MSI33F3.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	787808
Entropy (8bit):	6.693392695195763
Encrypted:	false
SSDEEP:	24576:aE33f8zyjmfyY43pNRmkL7mh0lhSMXlEeGXDMGz+:L3fSyjmfyY43pNRp7T0eGwGz+
MD5:	8CF47242B5DF6A7F6D2D7AF9CC3A7921
SHA1:	B51595A8A113CF889B0D1DD4B04DF16B3E18F318
SHA-256:	CCB57BDBB19E1AEB2C8DD3845CDC53880C1979284E7B26A1D8AE73BBEAF25474
SHA-512:	748C4767D258BFA6AD2664AA05EF7DC16F2D204FAE40530430EF5D1F38C8F61F074C6EC6501489053195B6B6F6E02D29FDE970D74C6AE97649D8FE1FD342A288
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............m..m..m.'n..m.'h.q.m.'i..m.."i..m.."n..m.."h..m.'l..m..l..m.#d..m.#m..m.#...m.....m.#o..m.Rich.m.........PE..L.....$g.........."!...).....4............................................... ............@A........................@J.......J..........................`=......4`...~..p........................... ~..@............................................text............................... ..`.rdata..Z...........................@..@.data...D-...`.......B..............@....fptable.............^..............@....rsrc................`..............@..@.reloc..4`.......b...f..............@..B........................................................................................................................................................................................................................................................

C:\Windows\Installer\MSIDD4.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1021792
Entropy (8bit):	6.608727172078022
Encrypted:	false
SSDEEP:	24576:2Nmq6KGDx4JYKcP/+h0lhSMXl+GGXo8Wea/xwuX:Ymq6KGk/cHrOGGY8Wea/xwuX
MD5:	EE09D6A1BB908B42C05FD0BEEB67DFD2
SHA1:	1EB7C1304B7BCA649C2A5902B18A1EA57CEAA532
SHA-256:	7BBF611F5E2A16439DC8CD11936F6364F6D5CC0044545C92775DA5646AFC7752
SHA-512:	2DD2E4E66D2F2277F031C5F3C829A31C3B29196AB27262C6A8F1896A2113A1BE1687C9E8CD9667B89157F099DFB969EF14AE3EA602D4C772E960BC41D39C3D05
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......ia.p-..#-..#-..#].."!..#].."...#=..":..#=.."<..#=.."b..#].."7..#]..",..#].."...#-..#...#e.."T..#e..",..#e..#,..#-.g#,..#e..",..#Rich-..#........................PE..L.....$g.........."!...).....`...... ........ ...........................................@A............................L...,...@....................Z..`=......\....K..p....................L...... K..@............ ...............................text............................... ..`.rdata....... ......................@..@.data....(..........................@....fptable............................@....rsrc...............................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................

C:\Windows\Installer\MSIE52.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1021792
Entropy (8bit):	6.608727172078022
Encrypted:	false
SSDEEP:	24576:2Nmq6KGDx4JYKcP/+h0lhSMXl+GGXo8Wea/xwuX:Ymq6KGk/cHrOGGY8Wea/xwuX
MD5:	EE09D6A1BB908B42C05FD0BEEB67DFD2
SHA1:	1EB7C1304B7BCA649C2A5902B18A1EA57CEAA532
SHA-256:	7BBF611F5E2A16439DC8CD11936F6364F6D5CC0044545C92775DA5646AFC7752
SHA-512:	2DD2E4E66D2F2277F031C5F3C829A31C3B29196AB27262C6A8F1896A2113A1BE1687C9E8CD9667B89157F099DFB969EF14AE3EA602D4C772E960BC41D39C3D05
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......ia.p-..#-..#-..#].."!..#].."...#=..":..#=.."<..#=.."b..#].."7..#]..",..#].."...#-..#...#e.."T..#e..",..#e..#,..#-.g#,..#e..",..#Rich-..#........................PE..L.....$g.........."!...).....`...... ........ ...........................................@A............................L...,...@....................Z..`=......\....K..p....................L...... K..@............ ...............................text............................... ..`.rdata....... ......................@..@.data....(..........................@....fptable............................@....rsrc...............................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................

C:\Windows\Installer\MSIE92.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1021792
Entropy (8bit):	6.608727172078022
Encrypted:	false
SSDEEP:	24576:2Nmq6KGDx4JYKcP/+h0lhSMXl+GGXo8Wea/xwuX:Ymq6KGk/cHrOGGY8Wea/xwuX
MD5:	EE09D6A1BB908B42C05FD0BEEB67DFD2
SHA1:	1EB7C1304B7BCA649C2A5902B18A1EA57CEAA532
SHA-256:	7BBF611F5E2A16439DC8CD11936F6364F6D5CC0044545C92775DA5646AFC7752
SHA-512:	2DD2E4E66D2F2277F031C5F3C829A31C3B29196AB27262C6A8F1896A2113A1BE1687C9E8CD9667B89157F099DFB969EF14AE3EA602D4C772E960BC41D39C3D05
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......ia.p-..#-..#-..#].."!..#].."...#=..":..#=.."<..#=.."b..#].."7..#]..",..#].."...#-..#...#e.."T..#e..",..#e..#,..#-.g#,..#e..",..#Rich-..#........................PE..L.....$g.........."!...).....`...... ........ ...........................................@A............................L...,...@....................Z..`=......\....K..p....................L...... K..@............ ...............................text............................... ..`.rdata....... ......................@..@.data....(..........................@....fptable............................@....rsrc...............................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................

C:\Windows\Installer\MSIEB2.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1021792
Entropy (8bit):	6.608727172078022
Encrypted:	false
SSDEEP:	24576:2Nmq6KGDx4JYKcP/+h0lhSMXl+GGXo8Wea/xwuX:Ymq6KGk/cHrOGGY8Wea/xwuX
MD5:	EE09D6A1BB908B42C05FD0BEEB67DFD2
SHA1:	1EB7C1304B7BCA649C2A5902B18A1EA57CEAA532
SHA-256:	7BBF611F5E2A16439DC8CD11936F6364F6D5CC0044545C92775DA5646AFC7752
SHA-512:	2DD2E4E66D2F2277F031C5F3C829A31C3B29196AB27262C6A8F1896A2113A1BE1687C9E8CD9667B89157F099DFB969EF14AE3EA602D4C772E960BC41D39C3D05
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......ia.p-..#-..#-..#].."!..#].."...#=..":..#=.."<..#=.."b..#].."7..#]..",..#].."...#-..#...#e.."T..#e..",..#e..#,..#-.g#,..#e..",..#Rich-..#........................PE..L.....$g.........."!...).....`...... ........ ...........................................@A............................L...,...@....................Z..`=......\....K..p....................L...... K..@............ ...............................text............................... ..`.rdata....... ......................@..@.data....(..........................@....fptable............................@....rsrc...............................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................

C:\Windows\Installer\MSIEF1.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1201504
Entropy (8bit):	6.4557937684843365
Encrypted:	false
SSDEEP:	24576:W4FsQxRqkY1ngOktwC2Tec+4VGWSlnH/YrjPWeTIUGVUrHtAkJMsFUh29BKjxw:D2QxNwCsec+4VGWSlnfYvO3UGVUrHtAg
MD5:	E83D774F643972B8ECCDB3A34DA135C5
SHA1:	A58ECCFB12D723C3460563C5191D604DEF235D15
SHA-256:	D0A6F6373CFB902FCD95BC12360A9E949F5597B72C01E0BD328F9B1E2080B5B7
SHA-512:	CB5FF0E66827E6A1FA27ABDD322987906CFDB3CDB49248EFEE04D51FEE65E93B5D964FF78095866E197448358A9DE9EC7F45D4158C0913CBF0DBD849883A6E90
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............@G..@G..@G.yCF..@G.yEF..@G.\|CF..@G.\|DF..@G.\|EF..@G.yDF..@G.yAF..@G..AG..@G.}IF..@G.}@F..@G.}.G..@G...G..@G.}BF..@GRich..@G........PE..L...'.$g.........."!...).~..........Pq.......................................`......0.....@A........................ ...t...............................`=.......l......p........................... ...@...............L............................text...J}.......~.................. ..`.rdata...;.......<..................@..@.data...............................@....fptable............................@....rsrc...............................@..@.reloc...l.......n..................@..B........................................................................................................................................................................................................................................................

C:\Windows\Installer\MSIF21.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1021792
Entropy (8bit):	6.608727172078022
Encrypted:	false
SSDEEP:	24576:2Nmq6KGDx4JYKcP/+h0lhSMXl+GGXo8Wea/xwuX:Ymq6KGk/cHrOGGY8Wea/xwuX
MD5:	EE09D6A1BB908B42C05FD0BEEB67DFD2
SHA1:	1EB7C1304B7BCA649C2A5902B18A1EA57CEAA532
SHA-256:	7BBF611F5E2A16439DC8CD11936F6364F6D5CC0044545C92775DA5646AFC7752
SHA-512:	2DD2E4E66D2F2277F031C5F3C829A31C3B29196AB27262C6A8F1896A2113A1BE1687C9E8CD9667B89157F099DFB969EF14AE3EA602D4C772E960BC41D39C3D05
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......ia.p-..#-..#-..#].."!..#].."...#=..":..#=.."<..#=.."b..#].."7..#]..",..#].."...#-..#...#e.."T..#e..",..#e..#,..#-.g#,..#e..",..#Rich-..#........................PE..L.....$g.........."!...).....`...... ........ ...........................................@A............................L...,...@....................Z..`=......\....K..p....................L...... K..@............ ...............................text............................... ..`.rdata....... ......................@..@.data....(..........................@....fptable............................@....rsrc...............................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................

C:\Windows\Installer\MSIF51.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1021792
Entropy (8bit):	6.608727172078022
Encrypted:	false
SSDEEP:	24576:2Nmq6KGDx4JYKcP/+h0lhSMXl+GGXo8Wea/xwuX:Ymq6KGk/cHrOGGY8Wea/xwuX
MD5:	EE09D6A1BB908B42C05FD0BEEB67DFD2
SHA1:	1EB7C1304B7BCA649C2A5902B18A1EA57CEAA532
SHA-256:	7BBF611F5E2A16439DC8CD11936F6364F6D5CC0044545C92775DA5646AFC7752
SHA-512:	2DD2E4E66D2F2277F031C5F3C829A31C3B29196AB27262C6A8F1896A2113A1BE1687C9E8CD9667B89157F099DFB969EF14AE3EA602D4C772E960BC41D39C3D05
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......ia.p-..#-..#-..#].."!..#].."...#=..":..#=.."<..#=.."b..#].."7..#]..",..#].."...#-..#...#e.."T..#e..",..#e..#,..#-.g#,..#e..",..#Rich-..#........................PE..L.....$g.........."!...).....`...... ........ ...........................................@A............................L...,...@....................Z..`=......\....K..p....................L...... K..@............ ...............................text............................... ..`.rdata....... ......................@..@.data....(..........................@....fptable............................@....rsrc...............................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................

C:\Windows\Installer\SourceHash{BA2FC2FA-8AD1-483C-BAA6-EAEE13985C74}

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	1.1618246927838616
Encrypted:	false
SSDEEP:	12:JSbX72FjYSAGiLIlHVRpMh/7777777777777777777777777vDHFWZkpnKlep3Xz:JqSQI5cwgnKi6F
MD5:	36B8611CE2FCB99CACCAA8D7BECFE516
SHA1:	FA4667FFF92F91F04F0ABB926F9F9E80F75DA49A
SHA-256:	26E245F87DBF3C6864EE6583165B5341FD12A5615311170D96D4EE82430F348A
SHA-512:	E993B7669F3B3668C9B53DA9710D69445839D994C10F43622A8C1E7F5AA1CBDEDCF39B7926433D4F7C3EA0AB57FF5529BD944DCB1D83F78C2FEF1913BF311B35
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Installer\inprogressinstallinfo.ipi

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	1.5641305113892567
Encrypted:	false
SSDEEP:	48:k8PhluRc06WXOCjT5w4S0k8MoAECiCy04SCktoAXmkkSCk0TTprVE:7hl1UjTmfECU2Xe2
MD5:	9403C635CCDF00F7C37DA3EE6B20A722
SHA1:	D0242A20D809444CB5E5DD4A185F3D8C4E5DC757
SHA-256:	5EF792179DBF8A4B5EBE4CE5F0B4BE5DBEF1D44828CE954CA2DA5846F0CB8D24
SHA-512:	7D7BB6FCCB464771A640C40FBFF84D26E443F9D6A2B29DBBF0BD13245443E11742FC2714A647175B7F12ADCB4E983115924215CC385DF855437394CB36B674C6
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	432221
Entropy (8bit):	5.3751656483156305
Encrypted:	false
SSDEEP:	1536:6qELG7gK+RaOOp3LCCpfmLgYI66xgFF9Sq8K6MAS2OMUHl6Gin327D22A26Kgauw:zTtbmkExhMJCIpEr1
MD5:	5B5E03F0B2282D49E573C05BBEF82CEF
SHA1:	8D606E78997E45E13A1BE05018697557C3AF21BC
SHA-256:	4D3BD1B4F4F8BCD68E3B80A427CB42BD7D1C7C7C5A3FF6C3B46F1C253AE4B3C9
SHA-512:	978F6770255EA62A6931DBE32EFCF138F106391A99773F33022C2F1CF155FC2E630708FE1CFE2FA562F564844F45DA8D7F9C20518EE1F74EC07298750D87923A
Malicious:	false
Preview:	.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [

C:\Windows\Temp\~DF12925BB70103B4A9.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	1.5641305113892567
Encrypted:	false
SSDEEP:	48:k8PhluRc06WXOCjT5w4S0k8MoAECiCy04SCktoAXmkkSCk0TTprVE:7hl1UjTmfECU2Xe2
MD5:	9403C635CCDF00F7C37DA3EE6B20A722
SHA1:	D0242A20D809444CB5E5DD4A185F3D8C4E5DC757
SHA-256:	5EF792179DBF8A4B5EBE4CE5F0B4BE5DBEF1D44828CE954CA2DA5846F0CB8D24
SHA-512:	7D7BB6FCCB464771A640C40FBFF84D26E443F9D6A2B29DBBF0BD13245443E11742FC2714A647175B7F12ADCB4E983115924215CC385DF855437394CB36B674C6
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF12BCADB0A00C3914.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	1.2537696378818732
Encrypted:	false
SSDEEP:	48:cmduzJvcFXO1T5F4S0k8MoAECiCy04SCktoAXmkkSCk0TTprVE:DddoTBfECU2Xe2
MD5:	078B625E16C316156CF3BBDA4D4C0A47
SHA1:	3D1B4A85879892C8350651FCA39A7B21D5454778
SHA-256:	E8E9C09C42D8E4743E9E1D25482F6B07F97089C4377297728104C1F9B09C8643
SHA-512:	FFD9F8EE3AD2376B14EF36B64A8859D0A3D9A54EB4F235EE2D5F4DBC9019B0E02E2004A2716BD2A66932653C8408DE8518B3A4074F6F8C5566D47781F76893D5
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF13A3DC1670F762CE.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	512
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	BF619EAC0CDF3F68D496EA9344137E8B
SHA1:	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
SHA-256:	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
SHA-512:	DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
Malicious:	false
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF2066B4D19D80AA34.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	1.2537696378818732
Encrypted:	false
SSDEEP:	48:cmduzJvcFXO1T5F4S0k8MoAECiCy04SCktoAXmkkSCk0TTprVE:DddoTBfECU2Xe2
MD5:	078B625E16C316156CF3BBDA4D4C0A47
SHA1:	3D1B4A85879892C8350651FCA39A7B21D5454778
SHA-256:	E8E9C09C42D8E4743E9E1D25482F6B07F97089C4377297728104C1F9B09C8643
SHA-512:	FFD9F8EE3AD2376B14EF36B64A8859D0A3D9A54EB4F235EE2D5F4DBC9019B0E02E2004A2716BD2A66932653C8408DE8518B3A4074F6F8C5566D47781F76893D5
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF5D701750A592A73A.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	512
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	BF619EAC0CDF3F68D496EA9344137E8B
SHA1:	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
SHA-256:	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
SHA-512:	DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
Malicious:	false
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF7C6BE008681A81A7.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	73728
Entropy (8bit):	0.13725259554576963
Encrypted:	false
SSDEEP:	48:hrVE6YTekkSCkhk8MoAECiCy04SCktoAXyi4:EmRECU2Xy
MD5:	74EADF152171A293F38F6A21F7ABE3D3
SHA1:	CE7B70A914004A8DCC8AF0B27589E0D1C08A4E24
SHA-256:	9E3584850FA9655996D238E8E52FA7685B61722461A0ACF9499B1A8EC906DF8D
SHA-512:	592D02B60BA4795BF88F0FA65588EB37424051F9C11FAB7766FF8AE4FAA1FC6C23E94FC49F250496F62649EC801508FA51F5CEF246B6A9EAD999B8C52D8F19A1
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF7D7A0DA2BF2AE5D6.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	1.2537696378818732
Encrypted:	false
SSDEEP:	48:cmduzJvcFXO1T5F4S0k8MoAECiCy04SCktoAXmkkSCk0TTprVE:DddoTBfECU2Xe2
MD5:	078B625E16C316156CF3BBDA4D4C0A47
SHA1:	3D1B4A85879892C8350651FCA39A7B21D5454778
SHA-256:	E8E9C09C42D8E4743E9E1D25482F6B07F97089C4377297728104C1F9B09C8643
SHA-512:	FFD9F8EE3AD2376B14EF36B64A8859D0A3D9A54EB4F235EE2D5F4DBC9019B0E02E2004A2716BD2A66932653C8408DE8518B3A4074F6F8C5566D47781F76893D5
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF90DA63086EABC44E.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	512
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	BF619EAC0CDF3F68D496EA9344137E8B
SHA1:	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
SHA-256:	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
SHA-512:	DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
Malicious:	false
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF9D0D6D45893CD62A.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.06909220524329808
Encrypted:	false
SSDEEP:	6:2/9LG7iVCnLG7iVrKOzPLHKOUdPxkpnKOuFnyVky6l3X:2F0i8n0itFzDHFWZkpnKlz3X
MD5:	2468FA29B11E4789B3583BD43854DD24
SHA1:	835082E0C2203315CD6D419BE1C9D3D02D1EDAA5
SHA-256:	7721524450FC79952E9CCE08E9BCF90E2A78FDC486960FC3DBADC242E8C7BC35
SHA-512:	1A7817BCC60B8724A768261B2A673EE211552C9486EB8574D5736CE832AB00DB7A3255CC724AEDB931E3417799188E02E713F4EFCF3632FCC900C7A43E7AEBB3
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DFB229C7D655371029.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	512
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	BF619EAC0CDF3F68D496EA9344137E8B
SHA1:	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
SHA-256:	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
SHA-512:	DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
Malicious:	false
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DFB41D773944EFE6BF.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	1.5641305113892567
Encrypted:	false
SSDEEP:	48:k8PhluRc06WXOCjT5w4S0k8MoAECiCy04SCktoAXmkkSCk0TTprVE:7hl1UjTmfECU2Xe2
MD5:	9403C635CCDF00F7C37DA3EE6B20A722
SHA1:	D0242A20D809444CB5E5DD4A185F3D8C4E5DC757
SHA-256:	5EF792179DBF8A4B5EBE4CE5F0B4BE5DBEF1D44828CE954CA2DA5846F0CB8D24
SHA-512:	7D7BB6FCCB464771A640C40FBFF84D26E443F9D6A2B29DBBF0BD13245443E11742FC2714A647175B7F12ADCB4E983115924215CC385DF855437394CB36B674C6
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DFF9896A6BC340486D.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	512
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	BF619EAC0CDF3F68D496EA9344137E8B
SHA1:	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
SHA-256:	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
SHA-512:	DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
Malicious:	false
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

\Device\ConDrv

Download File

Process:	C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\createdump.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	638
Entropy (8bit):	4.751962275036146
Encrypted:	false
SSDEEP:	12:ku/L92WF4gx9l+jsPczo/CdaD0gwiSrlEX6OPkRVdoaQLeU4wv:ku/h5F4Bs0oCdalwisCkRVKVeU4wv
MD5:	15CA959638E74EEC47E0830B90D0696E
SHA1:	E836936738DCB6C551B6B76054F834CFB8CC53E5
SHA-256:	57F2C730C98D62D6C84B693294F6191FD2BEC7D7563AD9963A96AE87ABEBF9EE
SHA-512:	101390C5D2FA93162804B589376CF1E4A1A3DD4BDF4B6FE26D807AFC3FF80DA26EE3BAEB731D297A482165DE7CA48508D6EAA69A5509168E9CEF20B4A88A49FD
Malicious:	false
Preview:	[createdump] createdump [options] pid..-f, --name - dump path and file name. The default is '%TEMP%\dump.%p.dmp'. These specifiers are substituted with following values:.. %p PID of dumped process... %e The process executable filename... %h Hostname return by gethostname()... %t Time of dump, expressed as seconds since the Epoch, 1970-01-01 00:00:00 +0000 (UTC)...-n, --normal - create minidump...-h, --withheap - create minidump with heap (default)...-t, --triage - create triage minidump...-u, --full - create full core dump...-d, --diag - enable diagnostic messages...-v, --verbose - enable verbose diagnostic messages...

Static File Info

General

File type:	Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Security: 0, Code page: 1252, Revision Number: {D05681A8-619D-49FA-B1D9-9A8F2B5CF66C}, Number of Words: 10, Subject: Weisx App, Author: Trindo Coorp Sols, Name of Creating Application: Weisx App, Template: x64;2057, Comments: This installer database contains the logic and data required to install Weisx App., Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Sat Jan 4 12:36:06 2025, Last Saved Time/Date: Sat Jan 4 12:36:06 2025, Last Printed: Sat Jan 4 12:36:06 2025, Number of Pages: 450
Entropy (8bit):	7.214468459200748
TrID:	Windows SDK Setup Transform Script (63028/2) 88.73% Generic OLE2 / Multistream Compound File (8008/1) 11.27%
File name:	setup.msi
File size:	60'712'448 bytes
MD5:	7c1483f7e76fd97ecae77db49c8bc689
SHA1:	5e0bf8b4995aab4bc3f1abb17b673d6656598d67
SHA256:	f371f210de8c0e127feec5e3b9f52592656ec82cabff42dd6c32f38a28fe7e32
SHA512:	cef7a5e2c4a2e51ac159322fc5f4571a5969c34019e5750986e148569fbc34fa7e6754e83b01d0b0c61c2853d982cd1eefb8cf2dc05c492fb820e57a0cc2e138
SSDEEP:	786432:srBpuVmrjV7eIAtenOTZCoh7Da6QUmsLquaPdBOfCPY:srSVmrjV7eIvnOTZCca6QUmsLLuOo
TLSH:	85D76C01B3FA4148F2F75EB17EBA85A5947ABD521B30C0EF1244A60E1B71BC25BB1763
File Content Preview:	........................>............................................2..................................................................x......................................................................................................................

File Icon


Icon Hash:	2d2e3797b32b2b99

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2025-01-05T18:13:16.856398+0100	2829202	ETPRO MALWARE MSIL/Zbrain PUP/Stealer Installer UA	1	192.168.2.4	49730	104.21.32.1	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 5, 2025 18:13:16.310890913 CET	49730	443	192.168.2.4	104.21.32.1
Jan 5, 2025 18:13:16.310935020 CET	443	49730	104.21.32.1	192.168.2.4
Jan 5, 2025 18:13:16.310996056 CET	49730	443	192.168.2.4	104.21.32.1
Jan 5, 2025 18:13:16.314690113 CET	49730	443	192.168.2.4	104.21.32.1
Jan 5, 2025 18:13:16.314702988 CET	443	49730	104.21.32.1	192.168.2.4
Jan 5, 2025 18:13:16.807030916 CET	443	49730	104.21.32.1	192.168.2.4
Jan 5, 2025 18:13:16.807101011 CET	49730	443	192.168.2.4	104.21.32.1
Jan 5, 2025 18:13:16.851388931 CET	49730	443	192.168.2.4	104.21.32.1
Jan 5, 2025 18:13:16.851404905 CET	443	49730	104.21.32.1	192.168.2.4
Jan 5, 2025 18:13:16.852396011 CET	443	49730	104.21.32.1	192.168.2.4
Jan 5, 2025 18:13:16.852483988 CET	49730	443	192.168.2.4	104.21.32.1
Jan 5, 2025 18:13:16.856106997 CET	49730	443	192.168.2.4	104.21.32.1
Jan 5, 2025 18:13:16.856170893 CET	49730	443	192.168.2.4	104.21.32.1
Jan 5, 2025 18:13:16.856288910 CET	443	49730	104.21.32.1	192.168.2.4
Jan 5, 2025 18:13:17.300024033 CET	443	49730	104.21.32.1	192.168.2.4
Jan 5, 2025 18:13:17.300110102 CET	443	49730	104.21.32.1	192.168.2.4
Jan 5, 2025 18:13:17.300196886 CET	49730	443	192.168.2.4	104.21.32.1
Jan 5, 2025 18:13:17.300669909 CET	49730	443	192.168.2.4	104.21.32.1
Jan 5, 2025 18:13:17.300669909 CET	49730	443	192.168.2.4	104.21.32.1
Jan 5, 2025 18:13:17.300698996 CET	443	49730	104.21.32.1	192.168.2.4
Jan 5, 2025 18:13:17.301610947 CET	49730	443	192.168.2.4	104.21.32.1

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 5, 2025 18:13:16.292821884 CET	60948	53	192.168.2.4	1.1.1.1
Jan 5, 2025 18:13:16.305768967 CET	53	60948	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 5, 2025 18:13:16.292821884 CET	192.168.2.4	1.1.1.1	0xf4e6	Standard query (0)	caliandentistry.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Jan 5, 2025 18:13:16.305768967 CET	1.1.1.1	192.168.2.4	0xf4e6	No error (0)	caliandentistry.com	104.21.32.1	A (IP address)	IN (0x0001)	false
Jan 5, 2025 18:13:16.305768967 CET	1.1.1.1	192.168.2.4	0xf4e6	No error (0)	caliandentistry.com	104.21.16.1	A (IP address)	IN (0x0001)	false
Jan 5, 2025 18:13:16.305768967 CET	1.1.1.1	192.168.2.4	0xf4e6	No error (0)	caliandentistry.com	104.21.112.1	A (IP address)	IN (0x0001)	false
Jan 5, 2025 18:13:16.305768967 CET	1.1.1.1	192.168.2.4	0xf4e6	No error (0)	caliandentistry.com	104.21.64.1	A (IP address)	IN (0x0001)	false
Jan 5, 2025 18:13:16.305768967 CET	1.1.1.1	192.168.2.4	0xf4e6	No error (0)	caliandentistry.com	104.21.80.1	A (IP address)	IN (0x0001)	false
Jan 5, 2025 18:13:16.305768967 CET	1.1.1.1	192.168.2.4	0xf4e6	No error (0)	caliandentistry.com	104.21.96.1	A (IP address)	IN (0x0001)	false
Jan 5, 2025 18:13:16.305768967 CET	1.1.1.1	192.168.2.4	0xf4e6	No error (0)	caliandentistry.com	104.21.48.1	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

caliandentistry.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49730	104.21.32.1	443	6112	C:\Windows\SysWOW64\msiexec.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-05 17:13:16 UTC	197	OUT	POST /updater.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded; charset=utf-8 User-Agent: AdvancedInstaller Host: caliandentistry.com Content-Length: 71 Cache-Control: no-cache
2025-01-05 17:13:16 UTC	71	OUT	Data Raw: 44 61 74 65 3d 30 35 25 32 46 30 31 25 32 46 32 30 32 35 26 54 69 6d 65 3d 31 32 25 33 41 31 33 25 33 41 31 35 26 42 75 69 6c 64 56 65 72 73 69 6f 6e 3d 38 2e 39 2e 39 26 53 6f 72 6f 71 56 69 6e 73 3d 54 72 75 65 Data Ascii: Date=05%2F01%2F2025&Time=12%3A13%3A15&BuildVersion=8.9.9&SoroqVins=True
2025-01-05 17:13:17 UTC	832	IN	HTTP/1.1 500 Internal Server Error Date: Sun, 05 Jan 2025 17:13:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Cache-Control: no-store cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PWJ1KMGsHwhnDTZJIaKcogBjIrFrVj%2F1cgT7STo3rYyzM1RBXlOKKT4LO374sFHCs%2BvkVdZQ6KvBwmMVjaFmxEkJzjMioAW97V49Spf6O26k1j4lkZIWjuBZb4EsU5f4mcfSYYl8"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8fd51918b8321875-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=5561&min_rtt=1653&rtt_var=3103&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2849&recv_bytes=928&delivery_rate=1766485&cwnd=153&unsent_bytes=0&cid=162785d85c6e6824&ts=510&x=0"
2025-01-05 17:13:17 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Target ID:	0
Start time:	12:13:04
Start date:	05/01/2025
Path:	C:\Windows\System32\msiexec.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\setup.msi"
Imagebase:	0x7ff7370b0000
File size:	69'632 bytes
MD5 hash:	E5DA170027542E25EDE42FC54C929077
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	12:13:04
Start date:	05/01/2025
Path:	C:\Windows\System32\msiexec.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\msiexec.exe /V
Imagebase:	0x7ff7370b0000
File size:	69'632 bytes
MD5 hash:	E5DA170027542E25EDE42FC54C929077
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	12:13:07
Start date:	05/01/2025
Path:	C:\Windows\SysWOW64\msiexec.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\syswow64\MsiExec.exe -Embedding 8BAE8D3C6383EE8791BC1BB779B3FCD0
Imagebase:	0x670000
File size:	59'904 bytes
MD5 hash:	9D09DC1EDA745A5F87553048E57620CF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	12:13:17
Start date:	05/01/2025
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	true
Commandline:	-NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss3499.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi3486.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr3497.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr3498.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."
Imagebase:	0xcb0000
File size:	433'152 bytes
MD5 hash:	C32CA4ACFCC635EC1EA6ED8A34DF5FAC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	12:13:17
Start date:	05/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	12:13:24
Start date:	05/01/2025
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\suriqk.bat" "C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe""
Imagebase:	0x7ff6dd9e0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	12:13:24
Start date:	05/01/2025
Path:	C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\createdump.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\createdump.exe"
Imagebase:	0x7ff6f82f0000
File size:	57'488 bytes
MD5 hash:	71F796B486C7FAF25B9B16233A7CE0CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 0%, ReversingLabs
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	12:13:24
Start date:	05/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	12:13:24
Start date:	05/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	12:13:24
Start date:	05/01/2025
Path:	C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe"
Imagebase:	0x7ff7e74d0000
File size:	35'656 bytes
MD5 hash:	D3CAC4D7B35BACAE314F48C374452D71
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 0%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	12:13:24
Start date:	05/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Function 06EC1B50 Relevance: 4.0, Strings: 3, Instructions: 201COMMON

Download Yara Rule

Strings

$kq, xrefs: 06EC1C3E
$kq, xrefs: 06EC1C32
$kq, xrefs: 06EC1BEB

Memory Dump Source

Source File: 00000003.00000002.1813337812.0000000006EC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6ec0000_powershell.jbxd

Similarity

API ID:
String ID: $kq$$kq$$kq
API String ID: 0-2086306503
Opcode ID: a00a5aba6145635b29a74e85fe2d8462008845b0bbfa6cecc04732c16410e8e0
Instruction ID: eebc930a21f8f9b19c7e93dde9ebb589c8732e3f2b9d95735c38c13ff3e02c32
Opcode Fuzzy Hash: a00a5aba6145635b29a74e85fe2d8462008845b0bbfa6cecc04732c16410e8e0
Instruction Fuzzy Hash: F9611330B043489FDB68DF68D650AEA7BE2AF85224F14847EE845CB356DB35CC42CB91

Function 06EC1B35 Relevance: 2.6, Strings: 2, Instructions: 95COMMON

Download Yara Rule

Strings

$kq, xrefs: 06EC1C32
$kq, xrefs: 06EC1BEB

Memory Dump Source

Source File: 00000003.00000002.1813337812.0000000006EC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6ec0000_powershell.jbxd

Similarity

API ID:
String ID: $kq$$kq
API String ID: 0-3550614674
Opcode ID: fe8595d953ce16ef3569992a837097a0070e4aeb6205882230c1b57d542e179d
Instruction ID: 01b81861425c9235dd3792f8ff55c950dbc309502c120333ce69532c5dc1a559
Opcode Fuzzy Hash: fe8595d953ce16ef3569992a837097a0070e4aeb6205882230c1b57d542e179d
Instruction Fuzzy Hash: 4D317E70A04345DFDBA8CF55C684AE67BF1AF41225F1890BEE8048B257E339D942CB91

Function 04528460 Relevance: .3, Instructions: 266COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1809047778.0000000004520000.00000040.00000800.00020000.00000000.sdmp, Offset: 04520000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4520000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 96bec1ee6c26d33b08592b0b02f55c2b5ac5eba0224305f9dd1773d4e94a6959
Instruction ID: b4954ccaca1b220e77773213fd3f5593e8e6d4465f16cd68431f9f3669488a52
Opcode Fuzzy Hash: 96bec1ee6c26d33b08592b0b02f55c2b5ac5eba0224305f9dd1773d4e94a6959
Instruction Fuzzy Hash: 7DA1AE31A002189FDB14EFE4DA84A9DBBF2FF85350F158659E502AB3A5DB34BD49CB40

Function 04523BF8 Relevance: .3, Instructions: 256COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1809047778.0000000004520000.00000040.00000800.00020000.00000000.sdmp, Offset: 04520000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4520000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7320ec101ecfb4e725987a9f03e0d2e8fccef00619c547eeecdb3d54c1bf71c3
Instruction ID: 13cfa490f3cf2b2a78084733d6cd285d346155c274b11bcbdd326f67e1623281
Opcode Fuzzy Hash: 7320ec101ecfb4e725987a9f03e0d2e8fccef00619c547eeecdb3d54c1bf71c3
Instruction Fuzzy Hash: 82A1EF70A042558FCB02CF6DC5949AEBBB1FF4A310B2445AAD851EB3A5C339FC51CBA0

Function 04528D1E Relevance: .2, Instructions: 188COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1809047778.0000000004520000.00000040.00000800.00020000.00000000.sdmp, Offset: 04520000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4520000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 548b4bd691dc8b976a821acd21979265913a2856ff8c9ef411b30ac22f16781d
Instruction ID: 0a8a9269595bfc2b74a2afc3e868c24d81767549ded437344c086405d7394b9e
Opcode Fuzzy Hash: 548b4bd691dc8b976a821acd21979265913a2856ff8c9ef411b30ac22f16781d
Instruction Fuzzy Hash: 73718E30A00618DFDB14EFA4D594AADBBF6FF89304F25852AD412AB3A1DF30AD45DB41

Function 04528BB0 Relevance: .2, Instructions: 172COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1809047778.0000000004520000.00000040.00000800.00020000.00000000.sdmp, Offset: 04520000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4520000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dad3a8f7669d5ebb37a2bffa0e7451baededc54322461158c8a9b8135b22810f
Instruction ID: 1f1680c03d41b9ed324d341b7af61f5959caf70a4b1e003deabdbe42eb33d731
Opcode Fuzzy Hash: dad3a8f7669d5ebb37a2bffa0e7451baededc54322461158c8a9b8135b22810f
Instruction Fuzzy Hash: 7561C330A00219CFCB14DFA8D994A9EFBF6FF86314F14856AD4169B7A1DB70AC45CB40

Function 04528953 Relevance: .1, Instructions: 114COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1809047778.0000000004520000.00000040.00000800.00020000.00000000.sdmp, Offset: 04520000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4520000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d33d717ac7adcb417f5d6fdc043a5aa36d88f924568931d2c7d80ab1544d0dc7
Instruction ID: 8f7fb04deea3cc1a28139bbea567d3d57cdbfdfca11f046908226705a7f38bbf
Opcode Fuzzy Hash: d33d717ac7adcb417f5d6fdc043a5aa36d88f924568931d2c7d80ab1544d0dc7
Instruction Fuzzy Hash: E9419D756002149FDB14EB64D959AAEBBF6FF8A750F04412DE502EB3A0CF30AC41DB90

Function 04528BA7 Relevance: .1, Instructions: 113COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1809047778.0000000004520000.00000040.00000800.00020000.00000000.sdmp, Offset: 04520000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4520000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44e5f364e62fc9018045a7e8ff009f90d713bc9718330df908c0392fbec4c93f
Instruction ID: 0d1887eb45bf72f6f6f707590f049f5b8331636b18790be5085b03bdf94a7185
Opcode Fuzzy Hash: 44e5f364e62fc9018045a7e8ff009f90d713bc9718330df908c0392fbec4c93f
Instruction Fuzzy Hash: 35417F70A00619DFDB14EFA9D98469EBBF6FF85300F14852AD406AB3A5DB70A845CF40

Function 04523D08 Relevance: .1, Instructions: 110COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1809047778.0000000004520000.00000040.00000800.00020000.00000000.sdmp, Offset: 04520000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4520000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eec32db4ccd4ba619687526ef061e037f4f1ba5d2cd35919d845ec2057d3218e
Instruction ID: 37920911d64326122c5fc9f40c9e95dd2f697b61408d56e9b311b4550b952b85
Opcode Fuzzy Hash: eec32db4ccd4ba619687526ef061e037f4f1ba5d2cd35919d845ec2057d3218e
Instruction Fuzzy Hash: 984137B0A001159FCB05CF59C694AAEFBB1FF49310B15856AD815AB3A4C73AFC51CFA0

Function 0081D01D Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1808776642.000000000081D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0081D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_81d000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b89fd08d7e9f8dc48c231bbb3f64413bb8006bf8c88a44af38deefc17c4b5130
Instruction ID: 92fc53e6914eecf1fe4533fb021d848553e650a92eb3d1c869d20aff01a751d0
Opcode Fuzzy Hash: b89fd08d7e9f8dc48c231bbb3f64413bb8006bf8c88a44af38deefc17c4b5130
Instruction Fuzzy Hash: 1801F731409B449AE7208A29C9C47A7BFDCFF49324F18C429ED488A146C27998C1C6B1

Function 0081D01C Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1808776642.000000000081D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0081D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_81d000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 961766bbf3892d942d2ef5d217521ead197e44b2ac71ffca2c449797048e1481
Instruction ID: 0b264995513199af3d7dd4e0f5555f1b8468a34327595ff5974c3e8a9c1aa932
Opcode Fuzzy Hash: 961766bbf3892d942d2ef5d217521ead197e44b2ac71ffca2c449797048e1481
Instruction Fuzzy Hash: 63F0C272405740AEE7208A1AC8C4BA2FFECEF55334F18C45AED484E286C2799881CAB0

Function 045288D5 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1809047778.0000000004520000.00000040.00000800.00020000.00000000.sdmp, Offset: 04520000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4520000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cbed28a452a85376c4d73b9d6b6f45b6a0be7b4f27cd62353c393db7ecc8ad55
Instruction ID: d3ff9a0bcbae88cf72b81a3c77125554056e8d130b0de406c6547bbb24e889c9
Opcode Fuzzy Hash: cbed28a452a85376c4d73b9d6b6f45b6a0be7b4f27cd62353c393db7ecc8ad55
Instruction Fuzzy Hash: 34F01230B403058FDB04EBE4C665B6E7BA2FF45340F104914E5029F3A5DB789D48CB81

Non-executed Functions

Function 06EC1658 Relevance: 15.3, Strings: 12, Instructions: 274COMMON

Download Yara Rule

Strings

tPkq, xrefs: 06EC1843
Qk, xrefs: 06EC174D
$kq, xrefs: 06EC17B4
tPkq, xrefs: 06EC16E1
84Yk, xrefs: 06EC17E0
tPkq, xrefs: 06EC1837
84Yk, xrefs: 06EC17EA
tPkq, xrefs: 06EC16D5
$kq, xrefs: 06EC166A
Qk, xrefs: 06EC173F
$kq, xrefs: 06EC169C
$kq, xrefs: 06EC1690

Memory Dump Source

Source File: 00000003.00000002.1813337812.0000000006EC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6ec0000_powershell.jbxd

Similarity

API ID:
String ID: 84Yk$84Yk$tPkq$tPkq$tPkq$tPkq$$kq$$kq$$kq$$kq$Qk$Qk
API String ID: 0-128379737
Opcode ID: eb52e14906a7d17f1b833cceb8b2222176f32afa16b383e60ea31d32ca1dccff
Instruction ID: ebc9691c0a181cb26b7d6bfd518536e8dbecc7b8a039a7d5b9339a02c9edd414
Opcode Fuzzy Hash: eb52e14906a7d17f1b833cceb8b2222176f32afa16b383e60ea31d32ca1dccff
Instruction Fuzzy Hash: F9916A31B083448FD7659B68D910AE6BBE2EF86234F2880AED545CB393DA35DC47C791

Function 06EC0898 Relevance: 10.2, Strings: 8, Instructions: 179COMMON

Download Yara Rule

Strings

4'kq, xrefs: 06EC0953
$kq, xrefs: 06EC0A3E
$kq, xrefs: 06EC0A56
$kq, xrefs: 06EC091D
$kq, xrefs: 06EC0A62
4'kq, xrefs: 06EC0947
$kq, xrefs: 06EC08EF
$kq, xrefs: 06EC0929

Memory Dump Source

Source File: 00000003.00000002.1813337812.0000000006EC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6ec0000_powershell.jbxd

Similarity

API ID:
String ID: 4'kq$4'kq$$kq$$kq$$kq$$kq$$kq$$kq
API String ID: 0-3137036682
Opcode ID: 23711175b196db901de12c0129606e490f3bb9305a4a9b7e898b6edf52539838
Instruction ID: 5f673a794c39bab493cfa8f7c6da8c3dc492fdeef5c1a355e369a0ba08490d09
Opcode Fuzzy Hash: 23711175b196db901de12c0129606e490f3bb9305a4a9b7e898b6edf52539838
Instruction Fuzzy Hash: 91514536B04345CFEB658B299A006BBBBB6AFC1234B24907FD545C7251DA37C847C7A1

Function 06EC0E88 Relevance: 6.3, Strings: 5, Instructions: 79COMMON

Download Yara Rule

Strings

4Xk, xrefs: 06EC0F30
$kq, xrefs: 06EC0ECB
4Xk, xrefs: 06EC0F3E
$kq, xrefs: 06EC0F00
$kq, xrefs: 06EC0F0C

Memory Dump Source

Source File: 00000003.00000002.1813337812.0000000006EC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6ec0000_powershell.jbxd

Similarity

API ID:
String ID: 4Xk$4Xk$$kq$$kq$$kq
API String ID: 0-235402572
Opcode ID: d9e6a70c48f802d837670cf6367747177ebe74705fd61ba1b950ebf44245046e
Instruction ID: f2a16b9a36f05cda8746b6cf1077903478891ae5723a2b777fc30afd127214ac
Opcode Fuzzy Hash: d9e6a70c48f802d837670cf6367747177ebe74705fd61ba1b950ebf44245046e
Instruction Fuzzy Hash: FA113831314355CFE774562999206777AD68BD0235B24503EE501CA381DE3BD883C3B5

Function 06EC04D1 Relevance: 5.0, Strings: 4, Instructions: 49COMMON

Download Yara Rule

Strings

$kq, xrefs: 06EC0526
4'kq, xrefs: 06EC053B
$kq, xrefs: 06EC051A
4'kq, xrefs: 06EC0547

Memory Dump Source

Source File: 00000003.00000002.1813337812.0000000006EC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6ec0000_powershell.jbxd

Similarity

API ID:
String ID: 4'kq$4'kq$$kq$$kq
API String ID: 0-1727931526
Opcode ID: 094505ff3d46d43b6ca4015622f3e440382bbf57a78f0dbf5fc1195520df72f2
Instruction ID: e839f837b61d825a1a84796530fa0a07a599eda02e9391e41a43143802b58d9d
Opcode Fuzzy Hash: 094505ff3d46d43b6ca4015622f3e440382bbf57a78f0dbf5fc1195520df72f2
Instruction Fuzzy Hash: 7101751064E3D59FD777166819201B66FB36F8222072A00EBD081CB3A7CD6A8D06C3A3

Analysis Process: createdump.exePID: 744, Parent PID: 4324COMMON

Execution Graph

Execution Coverage:	3.4%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	1.7%
Total number of Nodes:	700
Total number of Limit Nodes:	1

Executed Functions

Function 00007FF6F82F1060 Relevance: 65.0, APIs: 13, Strings: 24, Instructions: 214
stringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

strcmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF6F82F112F
strcmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF6F82F115B
strcmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF6F82F1187
strcmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF6F82F1230
atoi.API-MS-WIN-CRT-CONVERT-L1-1-0 ref: 00007FF6F82F123C
GetTempPathA.KERNEL32 ref: 00007FF6F82F12C1
GetLastError.KERNEL32 ref: 00007FF6F82F12CB
GetLastError.KERNEL32 ref: 00007FF6F82F12DF
strcat_s.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF6F82F12F8
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF6F82F1350
fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF6F82F1359
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF6F82F1364
fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF6F82F136D

Strings

--normal, xrefs: 00007FF6F82F1125
full dump, xrefs: 00007FF6F82F11C3
-, xrefs: 00007FF6F82F1110
-, xrefs: 00007FF6F82F1194
GetTempPath failed (0x%08x), xrefs: 00007FF6F82F12D3
-, xrefs: 00007FF6F82F10DC
minidump, xrefs: 00007FF6F82F1267
--full, xrefs: 00007FF6F82F11A8
-, xrefs: 00007FF6F82F1168
-, xrefs: 00007FF6F82F1215
-, xrefs: 00007FF6F82F11D7
--name, xrefs: 00007FF6F82F10B8
--withheap, xrefs: 00007FF6F82F1151
--diag, xrefs: 00007FF6F82F11EF
Dump successfully written, xrefs: 00007FF6F82F1338
dump.%p.dmp, xrefs: 00007FF6F82F12E9
createdump [options] pid-f, --name - dump path and file name. The default is '%TEMP%\dump.%p.dmp'. These specifiers are substituted with following values: %p PID of dumped process. %e The process executable filename. %h Hostname return by gethostn, xrefs: 00007FF6F82F1386
--verbose, xrefs: 00007FF6F82F1226
-, xrefs: 00007FF6F82F113C
triage minidump, xrefs: 00007FF6F82F1247
--triage, xrefs: 00007FF6F82F117D
minidump with heap, xrefs: 00007FF6F82F107C, 00007FF6F82F10BF
v, xrefs: 00007FF6F82F121A
strcat_s failed (%d), xrefs: 00007FF6F82F1306

Memory Dump Source

Source File: 00000007.00000002.1867255571.00007FF6F82F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6F82F0000, based on PE: true

Associated: 00000007.00000002.1867234824.00007FF6F82F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.1867274755.00007FF6F82F8000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.1867296450.00007FF6F82FC000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.1867322567.00007FF6F82FD000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff6f82f0000_createdump.jbxd

Similarity

API ID: strcmp$ErrorLast__acrt_iob_funcfflush$PathTempatoistrcat_s
String ID: -$-$-$-$-$-$-$--diag$--full$--name$--normal$--triage$--verbose$--withheap$Dump successfully written$GetTempPath failed (0x%08x)$createdump [options] pid-f, --name - dump path and file name. The default is '%TEMP%\dump.%p.dmp'. These specifiers are substituted with following values: %p PID of dumped process. %e The process executable filename. %h Hostname return by gethostn$dump.%p.dmp$full dump$minidump$minidump with heap$strcat_s failed (%d)$triage minidump$v
API String ID: 2647627392-2367407095
Opcode ID: 3e8843d71ddd811f5735ae345386871f6517bdd5673e2455e3aa9b185965a2cd
Instruction ID: 3fd8bf441f37492eb56b0b4699fc8dbf3cb96b2097c7e1d3476ed920f6e381e2
Opcode Fuzzy Hash: 3e8843d71ddd811f5735ae345386871f6517bdd5673e2455e3aa9b185965a2cd
Instruction Fuzzy Hash: 1BA1B261F0C78255FB628F30A6042B966A4EF66754F8441B2D96EC22D9FF3CF444E788

Function 00007FF6F82F27EC Relevance: 13.6, APIs: 9, Instructions: 102
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__scrt_initialize_crt.LIBCMT ref: 00007FF6F82F2800

Part of subcall function 00007FF6F82F2B8C: __scrt_dllmain_crt_thread_attach.LIBCMT ref: 00007FF6F82F2BAE

__scrt_release_startup_lock.LIBCMT ref: 00007FF6F82F2883
_register_thread_local_exe_atexit_callback.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF6F82F28D1
_get_initial_narrow_environment.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF6F82F28D6
__p___argv.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF6F82F28DE
__p___argc.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF6F82F28E6
__scrt_is_managed_app.LIBCMT ref: 00007FF6F82F28FA
_cexit.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF6F82F2908
_exit.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF6F82F2962

Memory Dump Source

Source File: 00000007.00000002.1867255571.00007FF6F82F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6F82F0000, based on PE: true

Associated: 00000007.00000002.1867234824.00007FF6F82F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.1867274755.00007FF6F82F8000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.1867296450.00007FF6F82FC000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.1867322567.00007FF6F82FD000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff6f82f0000_createdump.jbxd

Similarity

API ID: __p___argc__p___argv__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_is_managed_app__scrt_release_startup_lock_cexit_exit_get_initial_narrow_environment_register_thread_local_exe_atexit_callback
String ID:
API String ID: 2308368977-0
Opcode ID: 5a9b20bb9eaae0def914decdfc47a4fcc48693c8541f2657ef11ecffac799aa6
Instruction ID: efc9d5ca55760521e24476fd330b049f636a6f73216fd4654d351db34815167b
Opcode Fuzzy Hash: 5a9b20bb9eaae0def914decdfc47a4fcc48693c8541f2657ef11ecffac799aa6
Instruction Fuzzy Hash: 13313821F0C24342EB14AB31A6553B92291EF62784F4450B9D92DCB2E7EF2CB804E7D8

Function 00007FF6F82F1450 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 34
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF6F82F1475
fprintf.MSPDB140-MSVCRT ref: 00007FF6F82F1485

Part of subcall function 00007FF6F82F1010: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF6F82F1047

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF6F82F1494
__stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF6F82F14B3
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF6F82F14BE
fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF6F82F14C7

Strings

[createdump] , xrefs: 00007FF6F82F147E

Memory Dump Source

Source File: 00000007.00000002.1867255571.00007FF6F82F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6F82F0000, based on PE: true

Associated: 00000007.00000002.1867234824.00007FF6F82F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.1867274755.00007FF6F82F8000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.1867296450.00007FF6F82FC000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.1867322567.00007FF6F82FD000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff6f82f0000_createdump.jbxd

Similarity

API ID: __acrt_iob_func$__stdio_common_vfprintf$fflushfprintf
String ID: [createdump]
API String ID: 3735572767-2657508301
Opcode ID: f7b41b5d75985a22341ebafe60962d777547180dfe076665e84a48d8af4ee52e
Instruction ID: 9fc212e2533cc19bbff76629e7cf88162e6f2ac58b9cf87a09432488a2581219
Opcode Fuzzy Hash: f7b41b5d75985a22341ebafe60962d777547180dfe076665e84a48d8af4ee52e
Instruction Fuzzy Hash: 04014F21B08B8182E7009B60FA1516AA364FF94BD1F404579DE9D837A9EF3CF455E784

Non-executed Functions

Function 00007FF6F82F2ECC Relevance: 10.6, APIs: 7, Instructions: 72
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

IsProcessorFeaturePresent.KERNEL32 ref: 00007FF6F82F2EE8
RtlCaptureContext.KERNEL32 ref: 00007FF6F82F2F15
RtlLookupFunctionEntry.KERNEL32 ref: 00007FF6F82F2F2F
RtlVirtualUnwind.KERNEL32 ref: 00007FF6F82F2F70
IsDebuggerPresent.KERNEL32 ref: 00007FF6F82F2FC4
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF6F82F2FE5
UnhandledExceptionFilter.KERNEL32 ref: 00007FF6F82F2FF0

Memory Dump Source

Source File: 00000007.00000002.1867255571.00007FF6F82F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6F82F0000, based on PE: true

Associated: 00000007.00000002.1867234824.00007FF6F82F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.1867274755.00007FF6F82F8000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.1867296450.00007FF6F82FC000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.1867322567.00007FF6F82FD000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff6f82f0000_createdump.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
String ID:
API String ID: 3140674995-0
Opcode ID: 92083fc3b2590fb7f42fdf2bff26a09e0be32edceb9cda99800bf26d983c5eac
Instruction ID: 060b9276593f800f66210f72d5400c80488fab06abd320e4ead75c44833e7b3f
Opcode Fuzzy Hash: 92083fc3b2590fb7f42fdf2bff26a09e0be32edceb9cda99800bf26d983c5eac
Instruction Fuzzy Hash: 6D314F72708A8186EB608F70E8403E973A5FB54744F44443ADA5EC7BD4EF38E548D758

Function 00007FF6F82F3074 Relevance: .0, Instructions: 2COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.1867255571.00007FF6F82F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6F82F0000, based on PE: true

Associated: 00000007.00000002.1867234824.00007FF6F82F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.1867274755.00007FF6F82F8000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.1867296450.00007FF6F82FC000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.1867322567.00007FF6F82FD000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff6f82f0000_createdump.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c8a5ce5a61a9accbe9d72245b7862f6c7c599a8b634bc8698eb0ff17e984138
Instruction ID: 3c343fd7532dbca952c66d7b89fadb37c223f9809c668f2b0fb75f80f04ef875
Opcode Fuzzy Hash: 8c8a5ce5a61a9accbe9d72245b7862f6c7c599a8b634bc8698eb0ff17e984138
Instruction Fuzzy Hash: EEA00122B0D802D0E7448B60AAA852162A0EF70300B8004BAD02EC52E0BE3DB444E288

Function 00007FF6F82F23C0 Relevance: 33.4, APIs: 14, Strings: 5, Instructions: 157
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

OpenProcess.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF6F82F242D
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF6F82F243B

Part of subcall function 00007FF6F82F1450: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF6F82F1475
Part of subcall function 00007FF6F82F1450: fprintf.MSPDB140-MSVCRT ref: 00007FF6F82F1485
Part of subcall function 00007FF6F82F1450: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF6F82F1494
Part of subcall function 00007FF6F82F1450: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF6F82F14B3
Part of subcall function 00007FF6F82F1450: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF6F82F14BE
Part of subcall function 00007FF6F82F1450: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF6F82F14C7

K32GetModuleBaseNameA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF6F82F2466
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF6F82F2470
CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF6F82F2487
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF6F82F25F3

Strings

Writing %s to file %s, xrefs: 00007FF6F82F24C3
Write dump FAILED 0x%08x, xrefs: 00007FF6F82F258E
Invalid process id '%d' error %d, xrefs: 00007FF6F82F2447
Invalid dump path '%s' error %d, xrefs: 00007FF6F82F252C
Get process name FAILED %d, xrefs: 00007FF6F82F2478

Memory Dump Source

Source File: 00000007.00000002.1867255571.00007FF6F82F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6F82F0000, based on PE: true

Associated: 00000007.00000002.1867234824.00007FF6F82F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.1867274755.00007FF6F82F8000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.1867296450.00007FF6F82FC000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.1867322567.00007FF6F82FD000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff6f82f0000_createdump.jbxd

Similarity

API ID: __acrt_iob_func$ErrorLast$BaseCloseHandleModuleNameOpenProcess__stdio_common_vfprintf_invalid_parameter_noinfo_noreturnfflushfprintf
String ID: Get process name FAILED %d$Invalid dump path '%s' error %d$Invalid process id '%d' error %d$Write dump FAILED 0x%08x$Writing %s to file %s
API String ID: 3971781330-1292085346
Opcode ID: 8ec448eeb6e8f02312a1538d84a3c8dfc991fc7cafdc13e8cd0ded943aea62a7
Instruction ID: e3c85cdf3f416fe4553148d6f997f191c82316607f69ffbdf865ea0641034c8d
Opcode Fuzzy Hash: 8ec448eeb6e8f02312a1538d84a3c8dfc991fc7cafdc13e8cd0ded943aea62a7
Instruction Fuzzy Hash: B961B231B08A4181EB109B21E65067A77A1FBA5790F500174EAAEC3BE5EF3CF445E788

Function 00007FF6F82F49A4 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 316
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Is_bad_exception_allowed.LIBVCRUNTIME ref: 00007FF6F82F4B42
std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF6F82F4E65
terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF6F82F4E7B
terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF6F82F4E93
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF6F82F4E99

Strings

csm, xrefs: 00007FF6F82F4A89
csm, xrefs: 00007FF6F82F4AEB
csm, xrefs: 00007FF6F82F4B69

Memory Dump Source

Source File: 00000007.00000002.1867255571.00007FF6F82F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6F82F0000, based on PE: true

Associated: 00000007.00000002.1867234824.00007FF6F82F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.1867274755.00007FF6F82F8000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.1867296450.00007FF6F82FC000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.1867322567.00007FF6F82FD000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff6f82f0000_createdump.jbxd

Similarity

API ID: terminate$Is_bad_exception_allowedabortstd::bad_alloc::bad_alloc
String ID: csm$csm$csm
API String ID: 695522112-393685449
Opcode ID: b33eca4017884e99d2f222704934a1d2e619e74398d1b95ed41b8d3f9756be10
Instruction ID: 4c0d83650822aa73a1b178b1135db6c67fdee7f8b68bc3e27fed62f2d39e3ae4
Opcode Fuzzy Hash: b33eca4017884e99d2f222704934a1d2e619e74398d1b95ed41b8d3f9756be10
Instruction Fuzzy Hash: D2E1BD72A086828AE7209F34D5802AD77B0FB64748F140175EAADC77D6EF78F485D784

Function 00007FF6F82F13C0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 34
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF6F82F13E5
fprintf.MSPDB140-MSVCRT ref: 00007FF6F82F13F5

Part of subcall function 00007FF6F82F1010: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF6F82F1047

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF6F82F1404
__stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF6F82F1423
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF6F82F142E
fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF6F82F1437

Strings

[createdump] , xrefs: 00007FF6F82F13EE

Memory Dump Source

Source File: 00000007.00000002.1867255571.00007FF6F82F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6F82F0000, based on PE: true

Associated: 00000007.00000002.1867234824.00007FF6F82F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.1867274755.00007FF6F82F8000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.1867296450.00007FF6F82FC000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.1867322567.00007FF6F82FD000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff6f82f0000_createdump.jbxd

Similarity

API ID: __acrt_iob_func$__stdio_common_vfprintf$fflushfprintf
String ID: [createdump]
API String ID: 3735572767-2657508301
Opcode ID: 5b675bc39e039bc525fd467c26ca74d7b5bd1981a0b88a155956b168aee24ed4
Instruction ID: 635837daa195a51972d341a274133b0c8b7ec8223f0118b01d9597dc54231c7b
Opcode Fuzzy Hash: 5b675bc39e039bc525fd467c26ca74d7b5bd1981a0b88a155956b168aee24ed4
Instruction Fuzzy Hash: 3E014F31B08B8182E7009B60FA141AAA360FF94BD1F404175DE9D837A9EF7CF495E784

Function 00007FF6F82F1800 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 92
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WSAStartup.WS2_32 ref: 00007FF6F82F186C

Part of subcall function 00007FF6F82F1450: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF6F82F1475
Part of subcall function 00007FF6F82F1450: fprintf.MSPDB140-MSVCRT ref: 00007FF6F82F1485
Part of subcall function 00007FF6F82F1450: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF6F82F1494
Part of subcall function 00007FF6F82F1450: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF6F82F14B3
Part of subcall function 00007FF6F82F1450: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF6F82F14BE
Part of subcall function 00007FF6F82F1450: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF6F82F14C7

Strings

Invalid dump name format char '%c', xrefs: 00007FF6F82F1DD0
%%%%%%%%, xrefs: 00007FF6F82F1D5C
--name, xrefs: 00007FF6F82F180A
%%%%%%%%, xrefs: 00007FF6F82F1890
Pipe syntax in dump name not supported, xrefs: 00007FF6F82F1850

Memory Dump Source

Source File: 00000007.00000002.1867255571.00007FF6F82F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6F82F0000, based on PE: true

Associated: 00000007.00000002.1867234824.00007FF6F82F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.1867274755.00007FF6F82F8000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.1867296450.00007FF6F82FC000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.1867322567.00007FF6F82FD000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff6f82f0000_createdump.jbxd

Similarity

API ID: __acrt_iob_func$Startup__stdio_common_vfprintffflushfprintf
String ID: %%%%%%%%$%%%%%%%%$--name$Invalid dump name format char '%c'$Pipe syntax in dump name not supported
API String ID: 3378602911-3973674938
Opcode ID: 6d691e12a95190b73438bc01f861d361a60469c0dc3d28550e2b0afd423a51ff
Instruction ID: 2bbd83f0545d878b1f7709d1c1e8dc8831dea813bcd1aa6df2f9ca854d74fdcf
Opcode Fuzzy Hash: 6d691e12a95190b73438bc01f861d361a60469c0dc3d28550e2b0afd423a51ff
Instruction Fuzzy Hash: 3D312562F0868186E75A8F259A547F927A1BB65784F8400B6DE6DC33D1EF3CF044E788

Function 00007FF6F82F6498 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88
libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNEL32(00000000,?,00000000,00007FF6F82F669F,?,?,?,00007FF6F82F441E,?,?,?,00007FF6F82F43D9), ref: 00007FF6F82F651D
GetLastError.KERNEL32(?,00000000,00007FF6F82F669F,?,?,?,00007FF6F82F441E,?,?,?,00007FF6F82F43D9,?,?,?,?,00007FF6F82F3524), ref: 00007FF6F82F652B
LoadLibraryExW.KERNEL32(?,00000000,00007FF6F82F669F,?,?,?,00007FF6F82F441E,?,?,?,00007FF6F82F43D9,?,?,?,?,00007FF6F82F3524), ref: 00007FF6F82F6555
FreeLibrary.KERNEL32(?,00000000,00007FF6F82F669F,?,?,?,00007FF6F82F441E,?,?,?,00007FF6F82F43D9,?,?,?,?,00007FF6F82F3524), ref: 00007FF6F82F659B
GetProcAddress.KERNEL32(?,00000000,00007FF6F82F669F,?,?,?,00007FF6F82F441E,?,?,?,00007FF6F82F43D9,?,?,?,?,00007FF6F82F3524), ref: 00007FF6F82F65A7

Strings

api-ms-, xrefs: 00007FF6F82F653D

Memory Dump Source

Source File: 00000007.00000002.1867255571.00007FF6F82F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6F82F0000, based on PE: true

Associated: 00000007.00000002.1867234824.00007FF6F82F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.1867274755.00007FF6F82F8000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.1867296450.00007FF6F82FC000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.1867322567.00007FF6F82FD000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff6f82f0000_createdump.jbxd

Similarity

API ID: Library$Load$AddressErrorFreeLastProc
String ID: api-ms-
API String ID: 2559590344-2084034818
Opcode ID: 91eaabdab86b5d7484fb536d38c8d26551698fbc6984510a5f5d6d43d06b7795
Instruction ID: 137a1f107fc01323f50d0c7270517e7eef62b30351c0223951800c13a3581111
Opcode Fuzzy Hash: 91eaabdab86b5d7484fb536d38c8d26551698fbc6984510a5f5d6d43d06b7795
Instruction Fuzzy Hash: AC318121B1A64291EF259B229A0057562D8FF68BA0F594674DD2DD63C8FF3CF444E388

Function 00007FF6F82F1B18 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 149
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_time64.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FF6F82F1B1D

Strings

%%%%%%%%, xrefs: 00007FF6F82F1D5C
Could not get the host name for dump name: %d, xrefs: 00007FF6F82F1DB2

Memory Dump Source

Source File: 00000007.00000002.1867255571.00007FF6F82F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6F82F0000, based on PE: true

Associated: 00000007.00000002.1867234824.00007FF6F82F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.1867274755.00007FF6F82F8000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.1867296450.00007FF6F82FC000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.1867322567.00007FF6F82FD000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff6f82f0000_createdump.jbxd

Similarity

API ID: _time64
String ID: %%%%%%%%$Could not get the host name for dump name: %d
API String ID: 1670930206-4114407318
Opcode ID: 30f253d6cb86930f70187238c9af70fef4a32202514a54efb800f102df6d23dc
Instruction ID: eb6cfbfc575e64943103083ff0a97a197d498164e5c27e46714e4c3b728d78d9
Opcode Fuzzy Hash: 30f253d6cb86930f70187238c9af70fef4a32202514a54efb800f102df6d23dc
Instruction Fuzzy Hash: 7451E462B18B8186EB01CB38D5407AD67A5FB617D0F800176DA6D977E9EF3CE041E784

Function 00007FF6F82F4EA0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 190
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

EncodePointer.KERNEL32 ref: 00007FF6F82F4F10
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF6F82F5189

Strings

MOC, xrefs: 00007FF6F82F4F24
RCC, xrefs: 00007FF6F82F4F2C

Memory Dump Source

Source File: 00000007.00000002.1867255571.00007FF6F82F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6F82F0000, based on PE: true

Associated: 00000007.00000002.1867234824.00007FF6F82F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.1867274755.00007FF6F82F8000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.1867296450.00007FF6F82FC000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.1867322567.00007FF6F82FD000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff6f82f0000_createdump.jbxd

Similarity

API ID: EncodePointerabort
String ID: MOC$RCC
API String ID: 1188231555-2084237596
Opcode ID: 97abe66515cb1414aeefc8003222462485e27fa84eefc4111ad6d0138f6fd2ea
Instruction ID: f6973ae919e429774786d5aeb0f8f6a54a75b9ad3227adc414e97ae3a57ffc90
Opcode Fuzzy Hash: 97abe66515cb1414aeefc8003222462485e27fa84eefc4111ad6d0138f6fd2ea
Instruction Fuzzy Hash: A791D573B08B818AE710CB75E9802AD7BB0FB54788F144129EE5D87794EF38E155DB84

Function 00007FF6F82F5414 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 163
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 00007FF6F82F543E
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF6F82F56A2

Strings

csm, xrefs: 00007FF6F82F5463
csm, xrefs: 00007FF6F82F55D2

Memory Dump Source

Source File: 00000007.00000002.1867255571.00007FF6F82F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6F82F0000, based on PE: true

Associated: 00000007.00000002.1867234824.00007FF6F82F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.1867274755.00007FF6F82F8000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.1867296450.00007FF6F82FC000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.1867322567.00007FF6F82FD000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff6f82f0000_createdump.jbxd

Similarity

API ID: __except_validate_context_recordabort
String ID: csm$csm
API String ID: 746414643-3733052814
Opcode ID: 1056e810e0031d83590426beccc43492b2f2866ca19cabfb7471893f0b3bcd0b
Instruction ID: bb26dd908fe3a404ed89945f23f6ef427d60fd593b68030038ac797c5cc4264f
Opcode Fuzzy Hash: 1056e810e0031d83590426beccc43492b2f2866ca19cabfb7471893f0b3bcd0b
Instruction Fuzzy Hash: B071B2327086818AD7208F359B506797BA0FB50B89F048175DAADC7AC5EF3CE451DB84

Function 00007FF6F82F195F Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

%%%%%%%%, xrefs: 00007FF6F82F1D5C
Could not get the host name for dump name: %d, xrefs: 00007FF6F82F1DB2

Memory Dump Source

Source File: 00000007.00000002.1867255571.00007FF6F82F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6F82F0000, based on PE: true

Associated: 00000007.00000002.1867234824.00007FF6F82F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.1867274755.00007FF6F82F8000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.1867296450.00007FF6F82FC000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.1867322567.00007FF6F82FD000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff6f82f0000_createdump.jbxd

Similarity

API ID:
String ID: %%%%%%%%$Could not get the host name for dump name: %d
API String ID: 0-4114407318
Opcode ID: 3a1402493b52144332fc7ef885a246e0bef5bb5eddb931c8bdeb75c83dbb8659
Instruction ID: 30622be41482efacc6492f5ad9c865b045218baf4bb0a132677f6ae452600eee
Opcode Fuzzy Hash: 3a1402493b52144332fc7ef885a246e0bef5bb5eddb931c8bdeb75c83dbb8659
Instruction Fuzzy Hash: 4D51F732B18B8546E701CB39E5407AA6761FBA17D0F800175EAAD83BD9EF3DE041E784

Function 00007FF6F82F5860 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 117
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 00007FF6F82F590A
_CreateFrameInfo.LIBVCRUNTIME ref: 00007FF6F82F5936

Strings

csm, xrefs: 00007FF6F82F5A36

Memory Dump Source

Source File: 00000007.00000002.1867255571.00007FF6F82F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6F82F0000, based on PE: true

Associated: 00000007.00000002.1867234824.00007FF6F82F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.1867274755.00007FF6F82F8000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.1867296450.00007FF6F82FC000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.1867322567.00007FF6F82FD000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff6f82f0000_createdump.jbxd

Similarity

API ID: CreateFrameInfo__except_validate_context_record
String ID: csm
API String ID: 2558813199-1018135373
Opcode ID: 08459d2de849ea082ca6f7467207d0873ef5a0572d3180cf677e49d91fe67cef
Instruction ID: e678e0c0ab63989cf92ec4696ad1d7d4ec7be91ad6301b172ab25b286da9f4af
Opcode Fuzzy Hash: 08459d2de849ea082ca6f7467207d0873ef5a0572d3180cf677e49d91fe67cef
Instruction Fuzzy Hash: DC51803271874686D720AB25E64026E77F4F798B90F140174EB9EC7B95EF78E060DB84

Function 00007FF6F82F17E0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 59networkCOMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 00007FF6F82F17EB
WSAStartup.WS2_32 ref: 00007FF6F82F186C

Part of subcall function 00007FF6F82F1450: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF6F82F1475
Part of subcall function 00007FF6F82F1450: fprintf.MSPDB140-MSVCRT ref: 00007FF6F82F1485
Part of subcall function 00007FF6F82F1450: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF6F82F1494
Part of subcall function 00007FF6F82F1450: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF6F82F14B3
Part of subcall function 00007FF6F82F1450: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF6F82F14BE
Part of subcall function 00007FF6F82F1450: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF6F82F14C7

Strings

--name, xrefs: 00007FF6F82F180A
string too long, xrefs: 00007FF6F82F17E4
Pipe syntax in dump name not supported, xrefs: 00007FF6F82F1850

Memory Dump Source

Source File: 00000007.00000002.1867255571.00007FF6F82F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6F82F0000, based on PE: true

Associated: 00000007.00000002.1867234824.00007FF6F82F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.1867274755.00007FF6F82F8000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.1867296450.00007FF6F82FC000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.1867322567.00007FF6F82FD000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff6f82f0000_createdump.jbxd

Similarity

API ID: __acrt_iob_func$StartupXinvalid_argument__stdio_common_vfprintffflushfprintfstd::_
String ID: --name$Pipe syntax in dump name not supported$string too long
API String ID: 1412700758-3183687674
Opcode ID: 937e6b2c28cea08e1eee527b5bf6a7363096d6cc0634c1c423fcc3cad23f2144
Instruction ID: de70c38c349de450395ee52a3734f0d79abc78d11b25c5dda94c3acdeafee818
Opcode Fuzzy Hash: 937e6b2c28cea08e1eee527b5bf6a7363096d6cc0634c1c423fcc3cad23f2144
Instruction Fuzzy Hash: A0012822B0898095F7619F32ED817FA6750BB98794F400075EE1C87791DF3CE486CB04

Function 00007FF6F82F1CE0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 54networkCOMMON

Download Yara Rule

APIs

gethostname.WS2_32 ref: 00007FF6F82F1CFA
WSAGetLastError.WS2_32 ref: 00007FF6F82F1DA9

Strings

%%%%%%%%, xrefs: 00007FF6F82F1D5C
Could not get the host name for dump name: %d, xrefs: 00007FF6F82F1DB2

Memory Dump Source

Source File: 00000007.00000002.1867255571.00007FF6F82F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6F82F0000, based on PE: true

Associated: 00000007.00000002.1867234824.00007FF6F82F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.1867274755.00007FF6F82F8000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.1867296450.00007FF6F82FC000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.1867322567.00007FF6F82FD000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff6f82f0000_createdump.jbxd

Similarity

API ID: ErrorLastgethostname
String ID: %%%%%%%%$Could not get the host name for dump name: %d
API String ID: 3782448640-4114407318
Opcode ID: 320cb389b9e396755b8a5578c83a0b73153155c3fa84c5d330cc0819ada1fb95
Instruction ID: b5752e4f0ad5ebcfc861f1a51dc5f7662d0825b022d348deeb14a05ecd896b79
Opcode Fuzzy Hash: 320cb389b9e396755b8a5578c83a0b73153155c3fa84c5d330cc0819ada1fb95
Instruction Fuzzy Hash: 23119411B0854246FB499B31A9507FA2290DFA67A4F401275E97FD72D6EF3CF042E788

Function 00007FF6F82F4158 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 31COMMON

Download Yara Rule

APIs

terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF6F82F41B8

Strings

MOC, xrefs: 00007FF6F82F4170
RCC, xrefs: 00007FF6F82F4168
csm, xrefs: 00007FF6F82F4178

Memory Dump Source

Source File: 00000007.00000002.1867255571.00007FF6F82F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6F82F0000, based on PE: true

Associated: 00000007.00000002.1867234824.00007FF6F82F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.1867274755.00007FF6F82F8000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.1867296450.00007FF6F82FC000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.1867322567.00007FF6F82FD000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff6f82f0000_createdump.jbxd

Similarity

API ID: terminate
String ID: MOC$RCC$csm
API String ID: 1821763600-2671469338
Opcode ID: 2eecf08628838b8288b91de4d166118c23004d29b6453832f1ed38693e8fa958
Instruction ID: 59a64ca56862b237f3993bbc9d10c2d98bcbc203867b55d37014b1a680606f31
Opcode Fuzzy Hash: 2eecf08628838b8288b91de4d166118c23004d29b6453832f1ed38693e8fa958
Instruction Fuzzy Hash: 89F08136A0824A81E3245B71A34106D3274FF68B44F1850B1E729C62D2EFBCF4A0E7C5

Function 00007FF6F82F20C0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(-3333333333333333,?,00000000,00007FF6F82F18EE), ref: 00007FF6F82F21E0
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF6F82F221E

Strings

Invalid process id '%d' error %d, xrefs: 00007FF6F82F2447

Memory Dump Source

Source File: 00000007.00000002.1867255571.00007FF6F82F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6F82F0000, based on PE: true

Associated: 00000007.00000002.1867234824.00007FF6F82F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.1867274755.00007FF6F82F8000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.1867296450.00007FF6F82FC000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.1867322567.00007FF6F82FD000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff6f82f0000_createdump.jbxd

Similarity

API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
String ID: Invalid process id '%d' error %d
API String ID: 73155330-4244389950
Opcode ID: bba2875ca5ab07f9a8534c7e54732a79a80581b419c8ee845a73c6edf0a3127c
Instruction ID: a639d8a2b66632b68c413a729bf1ee0ae2a432a7c129be55020fb9913a2aa75c
Opcode Fuzzy Hash: bba2875ca5ab07f9a8534c7e54732a79a80581b419c8ee845a73c6edf0a3127c
Instruction Fuzzy Hash: 9731E32270978195EB148F3596442AA63A1EB26BD0F180671EB7DC77D6EF7CF050E388

Function 00007FF6F82F3F84 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF6F82F173F), ref: 00007FF6F82F3FC8
RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF6F82F173F), ref: 00007FF6F82F400E

Strings

csm, xrefs: 00007FF6F82F3FFB

Memory Dump Source

Source File: 00000007.00000002.1867255571.00007FF6F82F1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6F82F0000, based on PE: true

Associated: 00000007.00000002.1867234824.00007FF6F82F0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.1867274755.00007FF6F82F8000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.1867296450.00007FF6F82FC000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.1867322567.00007FF6F82FD000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_7ff6f82f0000_createdump.jbxd

Similarity

API ID: ExceptionFileHeaderRaise
String ID: csm
API String ID: 2573137834-1018135373
Opcode ID: 7531413fd5ba05c8efc2732aab9693bebd0b5d96e62eb0afc70bc4d0601aafd3
Instruction ID: a51ccef4e1819483bafb1769db3ed5468115ab298a98f1e2bad421644f96c070
Opcode Fuzzy Hash: 7531413fd5ba05c8efc2732aab9693bebd0b5d96e62eb0afc70bc4d0601aafd3
Instruction Fuzzy Hash: CA116D32708B8182EB108B25F544269B7E0FB98B84F184271EE9D87B98EF3DE555D744

Analysis Process: obs-ffmpeg-mux.exePID: 1816, Parent PID: 4956COMMON

Non-executed Functions

Function 00007FFDFB8DB840 Relevance: 372.3, APIs: 121, Strings: 91, Instructions: 1269libraryloaderCOMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32 ref: 00007FFDFB8DB86D
free.MSVCRT ref: 00007FFDFB8DB876
calloc.MSVCRT ref: 00007FFDFB8DB885
MultiByteToWideChar.KERNEL32 ref: 00007FFDFB8DB8C8
MultiByteToWideChar.KERNEL32 ref: 00007FFDFB8DB90A
GetModuleHandleW.KERNEL32 ref: 00007FFDFB8DB913
GetProcAddress.KERNEL32 ref: 00007FFDFB8DB92A
LoadLibraryExW.KERNEL32 ref: 00007FFDFB8DB940
_aligned_free.MSVCRT ref: 00007FFDFB8DB94C
GetProcAddress.KERNEL32 ref: 00007FFDFB8DB98A
GetProcAddress.KERNEL32 ref: 00007FFDFB8DB9C1
GetProcAddress.KERNEL32 ref: 00007FFDFB8DB9F9
GetProcAddress.KERNEL32 ref: 00007FFDFB8DBA31
GetProcAddress.KERNEL32 ref: 00007FFDFB8DBA69
GetProcAddress.KERNEL32 ref: 00007FFDFB8DBAA1
GetProcAddress.KERNEL32 ref: 00007FFDFB8DBAD9
GetProcAddress.KERNEL32 ref: 00007FFDFB8DBB11
GetProcAddress.KERNEL32 ref: 00007FFDFB8DBB49
GetProcAddress.KERNEL32 ref: 00007FFDFB8DBB81
GetProcAddress.KERNEL32 ref: 00007FFDFB8DBBB9
GetProcAddress.KERNEL32 ref: 00007FFDFB8DBBF1
GetProcAddress.KERNEL32 ref: 00007FFDFB8DBC29
GetProcAddress.KERNEL32 ref: 00007FFDFB8DBC61
GetProcAddress.KERNEL32 ref: 00007FFDFB8DBC99
GetProcAddress.KERNEL32 ref: 00007FFDFB8DBCD1
GetProcAddress.KERNEL32 ref: 00007FFDFB8DBD0C
GetProcAddress.KERNEL32 ref: 00007FFDFB8DBD47
GetProcAddress.KERNEL32 ref: 00007FFDFB8DBD82
GetProcAddress.KERNEL32 ref: 00007FFDFB8DBDBD
GetProcAddress.KERNEL32 ref: 00007FFDFB8DBDF8
GetProcAddress.KERNEL32 ref: 00007FFDFB8DBE33
GetProcAddress.KERNEL32 ref: 00007FFDFB8DBE6E
GetProcAddress.KERNEL32 ref: 00007FFDFB8DBEA9
GetProcAddress.KERNEL32 ref: 00007FFDFB8DBEE4
GetProcAddress.KERNEL32 ref: 00007FFDFB8DBF1F
GetProcAddress.KERNEL32 ref: 00007FFDFB8DBF5A
GetProcAddress.KERNEL32 ref: 00007FFDFB8DBF95
GetProcAddress.KERNEL32 ref: 00007FFDFB8DBFD0
GetProcAddress.KERNEL32 ref: 00007FFDFB8DC00B
GetProcAddress.KERNEL32 ref: 00007FFDFB8DC046
GetProcAddress.KERNEL32 ref: 00007FFDFB8DC081
GetProcAddress.KERNEL32 ref: 00007FFDFB8DC0BC
GetProcAddress.KERNEL32 ref: 00007FFDFB8DC0F7
GetProcAddress.KERNEL32 ref: 00007FFDFB8DC132
GetProcAddress.KERNEL32 ref: 00007FFDFB8DC16D
GetProcAddress.KERNEL32 ref: 00007FFDFB8DC1A8
GetProcAddress.KERNEL32 ref: 00007FFDFB8DC1E3
GetProcAddress.KERNEL32 ref: 00007FFDFB8DC21E
GetProcAddress.KERNEL32 ref: 00007FFDFB8DC259
GetProcAddress.KERNEL32 ref: 00007FFDFB8DC294
GetProcAddress.KERNEL32 ref: 00007FFDFB8DC2CF
GetProcAddress.KERNEL32 ref: 00007FFDFB8DC30A
GetProcAddress.KERNEL32 ref: 00007FFDFB8DC345
GetProcAddress.KERNEL32 ref: 00007FFDFB8DC380
GetProcAddress.KERNEL32 ref: 00007FFDFB8DC3BB
GetProcAddress.KERNEL32 ref: 00007FFDFB8DC3F6
GetProcAddress.KERNEL32 ref: 00007FFDFB8DC431
GetProcAddress.KERNEL32 ref: 00007FFDFB8DC46C
GetProcAddress.KERNEL32 ref: 00007FFDFB8DC4A7
GetProcAddress.KERNEL32 ref: 00007FFDFB8DC4E2
GetProcAddress.KERNEL32 ref: 00007FFDFB8DC51D
GetProcAddress.KERNEL32 ref: 00007FFDFB8DC558
GetProcAddress.KERNEL32 ref: 00007FFDFB8DC593
GetProcAddress.KERNEL32 ref: 00007FFDFB8DC5CE
GetProcAddress.KERNEL32 ref: 00007FFDFB8DC609
GetProcAddress.KERNEL32 ref: 00007FFDFB8DC644
GetProcAddress.KERNEL32 ref: 00007FFDFB8DC67F
GetProcAddress.KERNEL32 ref: 00007FFDFB8DC6BA
GetProcAddress.KERNEL32 ref: 00007FFDFB8DC6F5
GetProcAddress.KERNEL32 ref: 00007FFDFB8DC730
GetProcAddress.KERNEL32 ref: 00007FFDFB8DC76B
GetProcAddress.KERNEL32 ref: 00007FFDFB8DC7A6
GetProcAddress.KERNEL32 ref: 00007FFDFB8DC7DE
GetProcAddress.KERNEL32 ref: 00007FFDFB8DC819
GetProcAddress.KERNEL32 ref: 00007FFDFB8DC854
GetProcAddress.KERNEL32 ref: 00007FFDFB8DC88F
GetProcAddress.KERNEL32 ref: 00007FFDFB8DC8CA
GetProcAddress.KERNEL32 ref: 00007FFDFB8DC905
GetProcAddress.KERNEL32 ref: 00007FFDFB8DC940
GetProcAddress.KERNEL32 ref: 00007FFDFB8DC97B
GetProcAddress.KERNEL32 ref: 00007FFDFB8DC9B6
GetProcAddress.KERNEL32 ref: 00007FFDFB8DC9F1
GetProcAddress.KERNEL32 ref: 00007FFDFB8DCA2C
GetProcAddress.KERNEL32 ref: 00007FFDFB8DCA67
GetProcAddress.KERNEL32 ref: 00007FFDFB8DCAA2
GetProcAddress.KERNEL32 ref: 00007FFDFB8DCADD
GetProcAddress.KERNEL32 ref: 00007FFDFB8DCB18
GetProcAddress.KERNEL32 ref: 00007FFDFB8DCB53
GetProcAddress.KERNEL32 ref: 00007FFDFB8DCB8E
GetProcAddress.KERNEL32 ref: 00007FFDFB8DCBC9
GetProcAddress.KERNEL32 ref: 00007FFDFB8DCC04
GetProcAddress.KERNEL32 ref: 00007FFDFB8DCC3F
GetProcAddress.KERNEL32 ref: 00007FFDFB8DCC7A
_errno.MSVCRT ref: 00007FFDFB8DCCBA
GetModuleHandleW.KERNEL32 ref: 00007FFDFB8DCCD7
GetProcAddress.KERNEL32 ref: 00007FFDFB8DCCEE
LoadLibraryExA.KERNEL32 ref: 00007FFDFB8DCD08
FreeLibrary.KERNEL32 ref: 00007FFDFB8DCD4B
free.MSVCRT ref: 00007FFDFB8DCD54
_aligned_free.MSVCRT ref: 00007FFDFB8DD0AA
_aligned_free.MSVCRT ref: 00007FFDFB8DD0B1

Strings

cuTexObjectDestroy, xrefs: 00007FFDFB8DC5C7, 00007FFDFB8DC5D0
cuDevicePrimaryCtxGetState, xrefs: 00007FFDFB8DC0B5, 00007FFDFB8DC0BE
cuDeviceGetAttribute, xrefs: 00007FFDFB8DBA2A, 00007FFDFB8DBA33
cuMemsetD8Async, xrefs: 00007FFDFB8DBC92, 00007FFDFB8DBC9B
cuMipmappedArrayDestroy, xrefs: 00007FFDFB8DC8FE, 00007FFDFB8DC907
cuDeviceGetName, xrefs: 00007FFDFB8DBA62, 00007FFDFB8DBA6B
cuDevicePrimaryCtxReset, xrefs: 00007FFDFB8DC0F0, 00007FFDFB8DC0F9
cuStreamDestroy_v2, xrefs: 00007FFDFB8DC1DC, 00007FFDFB8DC1E5
cuMemcpyAsync, xrefs: 00007FFDFB8DBD40, 00007FFDFB8DBD49
nvcuda.dll, xrefs: 00007FFDFB8DB8C1, 00007FFDFB8DB8F9, 00007FFDFB8DB961, 00007FFDFB8DCD01, 00007FFDFB8DD0C1
cuLinkDestroy, xrefs: 00007FFDFB8DC465, 00007FFDFB8DC46E
cuDevicePrimaryCtxRelease, xrefs: 00007FFDFB8DC03F, 00007FFDFB8DC048
cuMemFree_v2, xrefs: 00007FFDFB8DBCCA, 00007FFDFB8DBCD3
cuMemAllocPitch_v2, xrefs: 00007FFDFB8DBC22, 00007FFDFB8DBC2B
cuLinkCreate, xrefs: 00007FFDFB8DC3B4, 00007FFDFB8DC3BD
cuGraphicsUnmapResources, xrefs: 00007FFDFB8DC6EE, 00007FFDFB8DC6F7
cuModuleUnload, xrefs: 00007FFDFB8DC4DB, 00007FFDFB8DC4E4
cuDeviceComputeCapability, xrefs: 00007FFDFB8DBA9A, 00007FFDFB8DBAA3
cuDevicePrimaryCtxSetFlags, xrefs: 00007FFDFB8DC07A, 00007FFDFB8DC083
cuInit, xrefs: 00007FFDFB8DB983, 00007FFDFB8DB98C
cuGraphicsResourceGetMappedPointer_v2, xrefs: 00007FFDFB8DC764, 00007FFDFB8DC76D
cuEGLStreamProducerReturnFrame, xrefs: 00007FFDFB8DCBC2, 00007FFDFB8DCBCB
cuEventQuery, xrefs: 00007FFDFB8DC303, 00007FFDFB8DC30C
cuMemcpyHtoDAsync_v2, xrefs: 00007FFDFB8DBE2C, 00007FFDFB8DBE35
cuGraphicsSubResourceGetMappedArray, xrefs: 00007FFDFB8DC729, 00007FFDFB8DC732
cuStreamQuery, xrefs: 00007FFDFB8DC166, 00007FFDFB8DC16F
cuGraphicsGLRegisterImage, xrefs: 00007FFDFB8DC63D, 00007FFDFB8DC646
cuMemAllocManaged, xrefs: 00007FFDFB8DBC5A, 00007FFDFB8DBC63
cuMemAlloc_v2, xrefs: 00007FFDFB8DBBEA, 00007FFDFB8DBBF3
cuMemcpy, xrefs: 00007FFDFB8DBD05, 00007FFDFB8DBD0E
cuGraphicsMapResources, xrefs: 00007FFDFB8DC6B3, 00007FFDFB8DC6BC
cuModuleLoadData, xrefs: 00007FFDFB8DC4A0, 00007FFDFB8DC4A9
cuMemcpyHtoD_v2, xrefs: 00007FFDFB8DBDF1, 00007FFDFB8DBDFA
cuArrayDestroy, xrefs: 00007FFDFB8DCA9B, 00007FFDFB8DCAA4
cuMemcpyDtoHAsync_v2, xrefs: 00007FFDFB8DBEA2, 00007FFDFB8DBEAB
cuWaitExternalSemaphoresAsync, xrefs: 00007FFDFB8DC9EA, 00007FFDFB8DC9F3
Loaded lib: %s, xrefs: 00007FFDFB8DB968
Loaded sym: %s, xrefs: 00007FFDFB8DB99F, 00007FFDFB8DB9D7, 00007FFDFB8DBA0F, 00007FFDFB8DBA47, 00007FFDFB8DBA7F, 00007FFDFB8DBAB7, 00007FFDFB8DBAEF, 00007FFDFB8DBB27, 00007FFDFB8DBB5F, 00007FFDFB8DBB97, 00007FFDFB8DBBCF, 00007FFDFB8DBC07, 00007FFDFB8DBC3F, 00007FFDFB8DBC77, 00007FFDFB8DBCAF, 00007FFDFB8DBCEA, 00007FFDFB8DBD25, 00007FFDFB8DBD60, 00007FFDFB8DBD9B, 00007FFDFB8DBDD6, 00007FFDFB8DBE11, 00007FFDFB8DBE4C, 00007FFDFB8DBE87, 00007FFDFB8DBEC2, 00007FFDFB8DBEFD, 00007FFDFB8DBF38, 00007FFDFB8DBF73, 00007FFDFB8DBFAE, 00007FFDFB8DBFE9, 00007FFDFB8DC024, 00007FFDFB8DC05F, 00007FFDFB8DC09A, 00007FFDFB8DC0D5, 00007FFDFB8DC110, 00007FFDFB8DC14B, 00007FFDFB8DC186, 00007FFDFB8DC1C1, 00007FFDFB8DC1FC, 00007FFDFB8DC237, 00007FFDFB8DC272, 00007FFDFB8DC2AD, 00007FFDFB8DC2E8, 00007FFDFB8DC323, 00007FFDFB8DC35E, 00007FFDFB8DC399, 00007FFDFB8DC3D4, 00007FFDFB8DC40F, 00007FFDFB8DC44A, 00007FFDFB8DC485, 00007FFDFB8DC4C0, 00007FFDFB8DC4FB, 00007FFDFB8DC536, 00007FFDFB8DC571, 00007FFDFB8DC5AC, 00007FFDFB8DC5E7, 00007FFDFB8DC622, 00007FFDFB8DC65D, 00007FFDFB8DC698, 00007FFDFB8DC6D3, 00007FFDFB8DC70E, 00007FFDFB8DC749, 00007FFDFB8DC784, 00007FFDFB8DC7BC, 00007FFDFB8DC7F7, 00007FFDFB8DC832, 00007FFDFB8DC86D, 00007FFDFB8DC8A8, 00007FFDFB8DC8E3, 00007FFDFB8DC91E, 00007FFDFB8DC959, 00007FFDFB8DC994, 00007FFDFB8DC9CF, 00007FFDFB8DCA0A, 00007FFDFB8DCA45, 00007FFDFB8DCA80, 00007FFDFB8DCABB, 00007FFDFB8DCAF6, 00007FFDFB8DCB31, 00007FFDFB8DCB6C, 00007FFDFB8DCBA7, 00007FFDFB8DCBE2, 00007FFDFB8DCC1D, 00007FFDFB8DCC58, 00007FFDFB8DCC93
cuEGLStreamProducerDisconnect, xrefs: 00007FFDFB8DCB11, 00007FFDFB8DCB1A
cuTexObjectCreate, xrefs: 00007FFDFB8DC58C, 00007FFDFB8DC595
cuGraphicsD3D11RegisterResource, xrefs: 00007FFDFB8DCC73, 00007FFDFB8DCC7C
cuImportExternalSemaphore, xrefs: 00007FFDFB8DC939, 00007FFDFB8DC942
cuCtxPushCurrent_v2, xrefs: 00007FFDFB8DBB42, 00007FFDFB8DBB4B
cuEventSynchronize, xrefs: 00007FFDFB8DC2C8, 00007FFDFB8DC2D1
cuDeviceGetUuid, xrefs: 00007FFDFB8DC79F, 00007FFDFB8DC7A8
cuLaunchKernel, xrefs: 00007FFDFB8DC379, 00007FFDFB8DC382
Cannot load %s, xrefs: 00007FFDFB8DCD20, 00007FFDFB8DD0C8
cuEventDestroy_v2, xrefs: 00007FFDFB8DC28D, 00007FFDFB8DC296
Cannot load optional %s, xrefs: 00007FFDFB8DCD70, 00007FFDFB8DCD90, 00007FFDFB8DCDB0, 00007FFDFB8DCDD0, 00007FFDFB8DCDF0, 00007FFDFB8DCE10, 00007FFDFB8DCE30, 00007FFDFB8DCE50, 00007FFDFB8DCE70, 00007FFDFB8DCE90, 00007FFDFB8DCEB0, 00007FFDFB8DCED0, 00007FFDFB8DCEF0, 00007FFDFB8DCF10, 00007FFDFB8DCF30, 00007FFDFB8DCF50
cuImportExternalMemory, xrefs: 00007FFDFB8DC7D7, 00007FFDFB8DC7E0
cuModuleGetFunction, xrefs: 00007FFDFB8DC516, 00007FFDFB8DC51F
cuGLGetDevices_v2, xrefs: 00007FFDFB8DC602, 00007FFDFB8DC60B
cuStreamSynchronize, xrefs: 00007FFDFB8DC1A1, 00007FFDFB8DC1AA
cuCtxPopCurrent_v2, xrefs: 00007FFDFB8DBB7A, 00007FFDFB8DBB83
SetDefaultDllDirectories, xrefs: 00007FFDFB8DB920, 00007FFDFB8DCCE4
cuEventRecord, xrefs: 00007FFDFB8DC33E, 00007FFDFB8DC347
cuD3D11GetDevices, xrefs: 00007FFDFB8DCC38, 00007FFDFB8DCC41
cuCtxGetDevice, xrefs: 00007FFDFB8DBFC9, 00007FFDFB8DBFD2
cuEGLStreamProducerPresentFrame, xrefs: 00007FFDFB8DCB87, 00007FFDFB8DCB90
cuEGLStreamConsumerDisconnect, xrefs: 00007FFDFB8DCB4C, 00007FFDFB8DCB55
cuMemcpyDtoD_v2, xrefs: 00007FFDFB8DBEDD, 00007FFDFB8DBEE6
cuLinkAddData, xrefs: 00007FFDFB8DC3EF, 00007FFDFB8DC3F8
cuD3D11GetDevice, xrefs: 00007FFDFB8DCBFD, 00007FFDFB8DCC06
cuSignalExternalSemaphoresAsync, xrefs: 00007FFDFB8DC9AF, 00007FFDFB8DC9B8
cuGraphicsUnregisterResource, xrefs: 00007FFDFB8DC678, 00007FFDFB8DC681
cuCtxSetLimit, xrefs: 00007FFDFB8DBB0A, 00007FFDFB8DBB13
cuMipmappedArrayGetLevel, xrefs: 00007FFDFB8DC8C3, 00007FFDFB8DC8CC
cuLinkComplete, xrefs: 00007FFDFB8DC42A, 00007FFDFB8DC433
cuGetErrorString, xrefs: 00007FFDFB8DBF8E, 00007FFDFB8DBF97
cuDeviceGet, xrefs: 00007FFDFB8DB9F2, 00007FFDFB8DB9FB
cuCtxCreate_v2, xrefs: 00007FFDFB8DBAD2, 00007FFDFB8DBADB
cuModuleGetGlobal, xrefs: 00007FFDFB8DC551, 00007FFDFB8DC55A
cuMemcpy2D_v2, xrefs: 00007FFDFB8DBD7B, 00007FFDFB8DBD84
cuArray3DCreate_v2, xrefs: 00007FFDFB8DCA60, 00007FFDFB8DCA69
cuStreamAddCallback, xrefs: 00007FFDFB8DC217, 00007FFDFB8DC220
cuEventCreate, xrefs: 00007FFDFB8DC252, 00007FFDFB8DC25B
cuStreamCreate, xrefs: 00007FFDFB8DC12B, 00007FFDFB8DC134
cuDevicePrimaryCtxRetain, xrefs: 00007FFDFB8DC004, 00007FFDFB8DC00D
cuExternalMemoryGetMappedBuffer, xrefs: 00007FFDFB8DC84D, 00007FFDFB8DC856
kernel32.dll, xrefs: 00007FFDFB8DB90C, 00007FFDFB8DCCD0
cuDestroyExternalMemory, xrefs: 00007FFDFB8DC812, 00007FFDFB8DC81B
cuEGLStreamProducerConnect, xrefs: 00007FFDFB8DCAD6, 00007FFDFB8DCADF
cuArrayCreate_v2, xrefs: 00007FFDFB8DCA25, 00007FFDFB8DCA2E
cuGetErrorName, xrefs: 00007FFDFB8DBF53, 00007FFDFB8DBF5C
cuDestroyExternalSemaphore, xrefs: 00007FFDFB8DC974, 00007FFDFB8DC97D
cuMemcpyDtoDAsync_v2, xrefs: 00007FFDFB8DBF18, 00007FFDFB8DBF21
cuCtxDestroy_v2, xrefs: 00007FFDFB8DBBB2, 00007FFDFB8DBBBB
cuDeviceGetCount, xrefs: 00007FFDFB8DB9BA, 00007FFDFB8DB9C3
cuExternalMemoryGetMappedMipmappedArray, xrefs: 00007FFDFB8DC888, 00007FFDFB8DC891
cuMemcpyDtoH_v2, xrefs: 00007FFDFB8DBE67, 00007FFDFB8DBE70
cuMemcpy2DAsync_v2, xrefs: 00007FFDFB8DBDB6, 00007FFDFB8DBDBF

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: AddressProc$Library$_aligned_free$ByteCharFreeHandleLoadModuleMultiWidefree$_errnocalloc
String ID: Cannot load %s$Cannot load optional %s$Loaded lib: %s$Loaded sym: %s$SetDefaultDllDirectories$cuArray3DCreate_v2$cuArrayCreate_v2$cuArrayDestroy$cuCtxCreate_v2$cuCtxDestroy_v2$cuCtxGetDevice$cuCtxPopCurrent_v2$cuCtxPushCurrent_v2$cuCtxSetLimit$cuD3D11GetDevice$cuD3D11GetDevices$cuDestroyExternalMemory$cuDestroyExternalSemaphore$cuDeviceComputeCapability$cuDeviceGet$cuDeviceGetAttribute$cuDeviceGetCount$cuDeviceGetName$cuDeviceGetUuid$cuDevicePrimaryCtxGetState$cuDevicePrimaryCtxRelease$cuDevicePrimaryCtxReset$cuDevicePrimaryCtxRetain$cuDevicePrimaryCtxSetFlags$cuEGLStreamConsumerDisconnect$cuEGLStreamProducerConnect$cuEGLStreamProducerDisconnect$cuEGLStreamProducerPresentFrame$cuEGLStreamProducerReturnFrame$cuEventCreate$cuEventDestroy_v2$cuEventQuery$cuEventRecord$cuEventSynchronize$cuExternalMemoryGetMappedBuffer$cuExternalMemoryGetMappedMipmappedArray$cuGLGetDevices_v2$cuGetErrorName$cuGetErrorString$cuGraphicsD3D11RegisterResource$cuGraphicsGLRegisterImage$cuGraphicsMapResources$cuGraphicsResourceGetMappedPointer_v2$cuGraphicsSubResourceGetMappedArray$cuGraphicsUnmapResources$cuGraphicsUnregisterResource$cuImportExternalMemory$cuImportExternalSemaphore$cuInit$cuLaunchKernel$cuLinkAddData$cuLinkComplete$cuLinkCreate$cuLinkDestroy$cuMemAllocManaged$cuMemAllocPitch_v2$cuMemAlloc_v2$cuMemFree_v2$cuMemcpy$cuMemcpy2DAsync_v2$cuMemcpy2D_v2$cuMemcpyAsync$cuMemcpyDtoDAsync_v2$cuMemcpyDtoD_v2$cuMemcpyDtoHAsync_v2$cuMemcpyDtoH_v2$cuMemcpyHtoDAsync_v2$cuMemcpyHtoD_v2$cuMemsetD8Async$cuMipmappedArrayDestroy$cuMipmappedArrayGetLevel$cuModuleGetFunction$cuModuleGetGlobal$cuModuleLoadData$cuModuleUnload$cuSignalExternalSemaphoresAsync$cuStreamAddCallback$cuStreamCreate$cuStreamDestroy_v2$cuStreamQuery$cuStreamSynchronize$cuTexObjectCreate$cuTexObjectDestroy$cuWaitExternalSemaphoresAsync$kernel32.dll$nvcuda.dll
API String ID: 3405737670-3447704524
Opcode ID: 4af3281c0e25db81b3078cec52e73783fda2d96fdf649ea0d565a5970141e5c3
Instruction ID: 312a6c84d4cab1bee1cd9315eda6585dcdddda6e224e117164dada955dd1ed47
Opcode Fuzzy Hash: 4af3281c0e25db81b3078cec52e73783fda2d96fdf649ea0d565a5970141e5c3
Instruction Fuzzy Hash: D6D2D324B2BE4791EB05EF60E870AF92795AF88744FC49532D82D4B6F9DE3CE506C250

Function 00007FFDFB8DFDF0 Relevance: 140.7, APIs: 62, Strings: 18, Instructions: 667libraryloaderCOMMON

Download Yara Rule

APIs

atoi.MSVCRT ref: 00007FFDFB8DFE1E
MultiByteToWideChar.KERNEL32 ref: 00007FFDFB8DFE84
MultiByteToWideChar.KERNEL32 ref: 00007FFDFB8DFEC6
GetProcAddress.KERNEL32 ref: 00007FFDFB8DFEEE
LoadLibraryExW.KERNEL32 ref: 00007FFDFB8DFF04
_aligned_free.MSVCRT ref: 00007FFDFB8DFF12
MultiByteToWideChar.KERNEL32 ref: 00007FFDFB8DFF50
MultiByteToWideChar.KERNEL32 ref: 00007FFDFB8DFF9A
GetProcAddress.KERNEL32 ref: 00007FFDFB8DFFB4
LoadLibraryExW.KERNEL32 ref: 00007FFDFB8DFFCA
_aligned_free.MSVCRT ref: 00007FFDFB8DFFD6
GetProcAddress.KERNEL32 ref: 00007FFDFB8DFFF2
GetProcAddress.KERNEL32 ref: 00007FFDFB8E00D6
GetDesktopWindow.USER32 ref: 00007FFDFB8E014A
_errno.MSVCRT ref: 00007FFDFB8E0220
GetProcAddress.KERNEL32 ref: 00007FFDFB8E0256
LoadLibraryExA.KERNEL32 ref: 00007FFDFB8E0270
_errno.MSVCRT ref: 00007FFDFB8E027B
GetProcAddress.KERNEL32 ref: 00007FFDFB8E02A8
_aligned_free.MSVCRT ref: 00007FFDFB8E02B5
_aligned_free.MSVCRT ref: 00007FFDFB8E02BC
GetProcAddress.KERNEL32 ref: 00007FFDFB8E0398
GetDesktopWindow.USER32 ref: 00007FFDFB8E03EB

Strings

Failed to bind Direct3D device to device manager, xrefs: 00007FFDFB8E096C
Failed to load DXVA2 library, xrefs: 00007FFDFB8E02C9
Failed to open device handle, xrefs: 00007FFDFB8E09A8
Failed to locate DXVA2CreateDirect3DDeviceManager9, xrefs: 00007FFDFB8E094E
kernel32.dll, xrefs: 00007FFDFB8DFECF, 00007FFDFB8DFF9C, 00007FFDFB8E0237, 00007FFDFB8E0290
DXVA2CreateDirect3DDeviceManager9, xrefs: 00007FFDFB8DFFE8
d3d9.dll, xrefs: 00007FFDFB8DFE5A, 00007FFDFB8DFEB5, 00007FFDFB8E0269
&, xrefs: 00007FFDFB8E0408
Failed to create IDirect3D object, xrefs: 00007FFDFB8E0A18
Failed to locate Direct3DCreate9, xrefs: 00007FFDFB8E0A50
SetDefaultDllDirectories, xrefs: 00007FFDFB8DFEE4, 00007FFDFB8DFFAA, 00007FFDFB8E024C, 00007FFDFB8E029E
Failed to create Direct3D device, xrefs: 00007FFDFB8E0425
Failed to create Direct3D device manager, xrefs: 00007FFDFB8E098A
dxva2.dll, xrefs: 00007FFDFB8DFF36, 00007FFDFB8DFF89, 00007FFDFB8E0598
Direct3DCreate9Ex, xrefs: 00007FFDFB8E0011
Direct3DCreate9, xrefs: 00007FFDFB8E030F
Using D3D9Ex device., xrefs: 00007FFDFB8E019A
Failed to load D3D9 library, xrefs: 00007FFDFB8E05C5

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: AddressProc$ByteCharMultiWide_aligned_free$LibraryLoad$DesktopWindow_errno$atoi
String ID: &$DXVA2CreateDirect3DDeviceManager9$Direct3DCreate9$Direct3DCreate9Ex$Failed to bind Direct3D device to device manager$Failed to create Direct3D device$Failed to create Direct3D device manager$Failed to create IDirect3D object$Failed to load D3D9 library$Failed to load DXVA2 library$Failed to locate DXVA2CreateDirect3DDeviceManager9$Failed to locate Direct3DCreate9$Failed to open device handle$SetDefaultDllDirectories$Using D3D9Ex device.$d3d9.dll$dxva2.dll$kernel32.dll
API String ID: 1760633067-2418308259
Opcode ID: 1b8f3b45278436593ea4620b683ff6dcafb812b761b95205c1ba724c4eb98057
Instruction ID: 304fdd3fd94d9304a29020245a5146e51082f6671dcd28fd9318264e9c869c36
Opcode Fuzzy Hash: 1b8f3b45278436593ea4620b683ff6dcafb812b761b95205c1ba724c4eb98057
Instruction Fuzzy Hash: EA529D31B1AB8381EB589B91E825BBA6790FBC8B84F504835D9AD577E9DF7CE004C740

Function 00007FFE1A503AA7 Relevance: 130.3, APIs: 64, Strings: 10, Instructions: 798COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFE1A503940: av_channel_layout_describe.AVUTIL-58 ref: 00007FFE1A503999
Part of subcall function 00007FFE1A503940: av_log.AVUTIL-58 ref: 00007FFE1A5039B0

av_channel_layout_compare.AVUTIL-58 ref: 00007FFE1A503BBE
av_channel_layout_subset.AVUTIL-58 ref: 00007FFE1A503BCF
av_channel_layout_uninit.AVUTIL-58 ref: 00007FFE1A503BDC
av_channel_layout_compare.AVUTIL-58 ref: 00007FFE1A503C2E
av_channel_layout_subset.AVUTIL-58 ref: 00007FFE1A503C3F
av_channel_layout_uninit.AVUTIL-58 ref: 00007FFE1A503C4C
av_channel_layout_compare.AVUTIL-58 ref: 00007FFE1A503CA3
av_channel_layout_compare.AVUTIL-58 ref: 00007FFE1A503CD3
av_channel_layout_from_mask.AVUTIL-58 ref: 00007FFE1A503CE4
av_channel_layout_describe.AVUTIL-58 ref: 00007FFE1A503CF5
av_log.AVUTIL-58 ref: 00007FFE1A503D0C
av_channel_layout_check.AVUTIL-58 ref: 00007FFE1A503D14
av_log.AVUTIL-58 ref: 00007FFE1A503D32
av_channel_layout_describe.AVUTIL-58 ref: 00007FFE1A503D5A
av_log.AVUTIL-58 ref: 00007FFE1A503D71
av_channel_layout_check.AVUTIL-58 ref: 00007FFE1A503D7E
av_log.AVUTIL-58 ref: 00007FFE1A503D9C
av_channel_layout_describe.AVUTIL-58 ref: 00007FFE1A503DCB
av_log.AVUTIL-58 ref: 00007FFE1A503DE2
av_channel_layout_uninit.AVUTIL-58 ref: 00007FFE1A504A05
av_channel_layout_uninit.AVUTIL-58 ref: 00007FFE1A504A0F

Strings

Input channel layout '%s' is not supported, xrefs: 00007FFE1A503D6A
Output channel layout is invalid, xrefs: 00007FFE1A503D87
Full-on remixing from 22.2 has not yet been implemented! Processing the input as '%s', xrefs: 00007FFE1A503D05
%s:%f , xrefs: 00007FFE1A5049C3
src/libswresample/rematrix.c, xrefs: 00007FFE1A503F3B
Matrix coefficients:, xrefs: 00007FFE1A504924
Assertion %s failed at %s:%d, xrefs: 00007FFE1A503F52
%s: , xrefs: 00007FFE1A50497A
Input channel layout is invalid, xrefs: 00007FFE1A503D1D
Output channel layout '%s' is not supported, xrefs: 00007FFE1A503DDB

Memory Dump Source

Source File: 0000000A.00000002.1880712702.00007FFE1A4F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE1A4F0000, based on PE: true

Associated: 0000000A.00000002.1880696125.00007FFE1A4F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880739274.00007FFE1A509000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880758605.00007FFE1A512000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880777276.00007FFE1A513000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880794427.00007FFE1A516000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880815026.00007FFE1A517000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffe1a4f0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: av_log$av_channel_layout_compareav_channel_layout_describeav_channel_layout_uninit$av_channel_layout_checkav_channel_layout_subset$av_channel_layout_from_mask
String ID: %s: $%s:%f $Assertion %s failed at %s:%d$Full-on remixing from 22.2 has not yet been implemented! Processing the input as '%s'$Input channel layout '%s' is not supported$Input channel layout is invalid$Matrix coefficients:$Output channel layout '%s' is not supported$Output channel layout is invalid$src/libswresample/rematrix.c
API String ID: 2619559304-3174812640
Opcode ID: 5aa9f050ff1bdde174cdacfa5c37e80b8c215c118cb67db339f9d22cf6abd8d3
Instruction ID: 38d5bcb430d9f48aaede874475f59e1343f165014ec5699e28155d614b2f181d
Opcode Fuzzy Hash: 5aa9f050ff1bdde174cdacfa5c37e80b8c215c118cb67db339f9d22cf6abd8d3
Instruction Fuzzy Hash: 82828322F1CF8585E272CE2295103BFA765FF97BA4F5083B3DA4A66566EF3CD0418600

Function 00007FFE1A527508 Relevance: 90.2, APIs: 36, Strings: 15, Instructions: 913COMMON

Download Yara Rule

APIs

DName::operator+.LIBVCRUNTIME ref: 00007FFE1A5275A4
DName::operator+.LIBVCRUNTIME ref: 00007FFE1A52768B
DName::operator+.LIBVCRUNTIME ref: 00007FFE1A5276D6
DName::operator+.LIBVCRUNTIME ref: 00007FFE1A5276F7
DName::operator+.LIBVCRUNTIME ref: 00007FFE1A527767
DName::operator+.LIBVCRUNTIME ref: 00007FFE1A527779

Strings

[thunk]:, xrefs: 00007FFE1A5282E1
/, xrefs: 00007FFE1A52801E
virtual , xrefs: 00007FFE1A528199
`vtordisp{, xrefs: 00007FFE1A527BDD
`template static data member destructor helper', xrefs: 00007FFE1A528017
`adjustor{, xrefs: 00007FFE1A527C3C
`vtordispex{, xrefs: 00007FFE1A527B08
}' , xrefs: 00007FFE1A527726, 00007FFE1A527C67
`template static data member constructor helper', xrefs: 00007FFE1A527FD4
private: , xrefs: 00007FFE1A528216
protected: , xrefs: 00007FFE1A528248
extern "C" , xrefs: 00007FFE1A528336
static , xrefs: 00007FFE1A528122
`local static destructor helper', xrefs: 00007FFE1A527F96
public: , xrefs: 00007FFE1A52826F

Memory Dump Source

Source File: 0000000A.00000002.1880848648.00007FFE1A521000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE1A520000, based on PE: true

Associated: 0000000A.00000002.1880831686.00007FFE1A520000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880871127.00007FFE1A531000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880891439.00007FFE1A536000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880909384.00007FFE1A537000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffe1a520000_obs-ffmpeg-mux.jbxd

Similarity

API ID: Name::operator+
String ID: /$[thunk]:$`adjustor{$`local static destructor helper'$`template static data member constructor helper'$`template static data member destructor helper'$`vtordispex{$`vtordisp{$extern "C" $private: $protected: $public: $static $virtual $}'
API String ID: 2943138195-2884338863
Opcode ID: dfe3c345cf42f50a30eb54d6b673e306e5f826d7c41941afd65b24be17fee6d5
Instruction ID: bf0051866e047ae599fab1da88f18747080293080362949d84405af7ef701cc9
Opcode Fuzzy Hash: dfe3c345cf42f50a30eb54d6b673e306e5f826d7c41941afd65b24be17fee6d5
Instruction Fuzzy Hash: 35927132B1CE8286E741CBA5E4802BE77A1FB95764F5011B7FA8D42AA9DF7CD544CB00

Function 00007FFE1A504B4A Relevance: 83.2, APIs: 43, Strings: 4, Instructions: 981COMMON

Download Yara Rule

APIs

av_get_packed_sample_fmt.AVUTIL-58 ref: 00007FFE1A504BAC
av_get_packed_sample_fmt.AVUTIL-58 ref: 00007FFE1A504BC5
av_calloc.AVUTIL-58 ref: 00007FFE1A504C81
av_mallocz.AVUTIL-58 ref: 00007FFE1A504C93
av_channel_layout_compare.AVUTIL-58 ref: 00007FFE1A504DAC
av_channel_layout_compare.AVUTIL-58 ref: 00007FFE1A504DF3
av_channel_layout_compare.AVUTIL-58 ref: 00007FFE1A504E3C
av_channel_layout_compare.AVUTIL-58 ref: 00007FFE1A504ED5
av_channel_layout_compare.AVUTIL-58 ref: 00007FFE1A504F19
av_channel_layout_compare.AVUTIL-58 ref: 00007FFE1A505047
av_channel_layout_compare.AVUTIL-58 ref: 00007FFE1A50508E
av_channel_layout_compare.AVUTIL-58 ref: 00007FFE1A5050D7
av_channel_layout_compare.AVUTIL-58 ref: 00007FFE1A505170
av_channel_layout_compare.AVUTIL-58 ref: 00007FFE1A5051B4
av_calloc.AVUTIL-58 ref: 00007FFE1A5052AA
av_mallocz.AVUTIL-58 ref: 00007FFE1A5052BC
av_channel_layout_compare.AVUTIL-58 ref: 00007FFE1A505380
av_channel_layout_compare.AVUTIL-58 ref: 00007FFE1A5053C7
av_channel_layout_compare.AVUTIL-58 ref: 00007FFE1A505410
av_channel_layout_compare.AVUTIL-58 ref: 00007FFE1A5054A9
av_channel_layout_compare.AVUTIL-58 ref: 00007FFE1A5054ED
av_calloc.AVUTIL-58 ref: 00007FFE1A5055E3
av_mallocz.AVUTIL-58 ref: 00007FFE1A5055F5
av_channel_layout_compare.AVUTIL-58 ref: 00007FFE1A5056BD
av_channel_layout_compare.AVUTIL-58 ref: 00007FFE1A505704
av_channel_layout_compare.AVUTIL-58 ref: 00007FFE1A50574D
av_channel_layout_compare.AVUTIL-58 ref: 00007FFE1A5057E6
av_channel_layout_compare.AVUTIL-58 ref: 00007FFE1A50582A
av_mallocz.AVUTIL-58 ref: 00007FFE1A505918
av_calloc.AVUTIL-58 ref: 00007FFE1A505937
av_freep.AVUTIL-58 ref: 00007FFE1A505963
av_channel_layout_compare.AVUTIL-58 ref: 00007FFE1A505A2C
av_channel_layout_compare.AVUTIL-58 ref: 00007FFE1A505A73
av_channel_layout_compare.AVUTIL-58 ref: 00007FFE1A505ABC
av_channel_layout_compare.AVUTIL-58 ref: 00007FFE1A505B55
av_channel_layout_compare.AVUTIL-58 ref: 00007FFE1A505B99
av_log.AVUTIL-58 ref: 00007FFE1A505C71
abort.MSVCRT ref: 00007FFE1A505C76
av_get_cpu_flags.AVUTIL-58 ref: 00007FFE1A5072E3
av_calloc.AVUTIL-58 ref: 00007FFE1A507341
av_mallocz.AVUTIL-58 ref: 00007FFE1A507352

Strings

@, xrefs: 00007FFE1A504C24
src/libswresample/rematrix.c, xrefs: 00007FFE1A505C4B
?, xrefs: 00007FFE1A505AAA
Assertion %s failed at %s:%d, xrefs: 00007FFE1A505C62

Memory Dump Source

Source File: 0000000A.00000002.1880712702.00007FFE1A4F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE1A4F0000, based on PE: true

Associated: 0000000A.00000002.1880696125.00007FFE1A4F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880739274.00007FFE1A509000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880758605.00007FFE1A512000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880777276.00007FFE1A513000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880794427.00007FFE1A516000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880815026.00007FFE1A517000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffe1a4f0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: av_channel_layout_compare$av_callocav_mallocz$av_get_packed_sample_fmt$abortav_freepav_get_cpu_flagsav_log
String ID: ?$@$Assertion %s failed at %s:%d$src/libswresample/rematrix.c
API String ID: 589828794-1409810779
Opcode ID: 5188afd4967a419cf0fd434335850466d59e66cd640ed80c7eb5b51fe742ae3d
Instruction ID: 7464aee8cd7e1a14499ba32685afd6fbf33e5eb4e8f586e5eac5b5f9cdfeae20
Opcode Fuzzy Hash: 5188afd4967a419cf0fd434335850466d59e66cd640ed80c7eb5b51fe742ae3d
Instruction Fuzzy Hash: B0A2FA72B0CE4A45EB618B3292597BE6268FF02BE4F5181F6CB4D572A5DF3CA049C704

Function 00007FF7E74D2A10 Relevance: 65.0, APIs: 32, Strings: 5, Instructions: 209stringCOMMON

Download Yara Rule

APIs

_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E74D2A7F
strerror.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E74D2A87
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7E74D2A93
fprintf.MSPDB140-MSVCRT ref: 00007FF7E74D2AAA

Part of subcall function 00007FF7E74D2320: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,00007FF7E74D29D8,?,?,?,00007FF7E74D12F1), ref: 00007FF7E74D2357

brealloc.OBS ref: 00007FF7E74D2AD2
memmove.VCRUNTIME140 ref: 00007FF7E74D2B16
pthread_mutex_init.W32-PTHREADS ref: 00007FF7E74D2B36
os_event_init.OBS ref: 00007FF7E74D2B44
os_event_init.OBS ref: 00007FF7E74D2B52
pthread_create.W32-PTHREADS ref: 00007FF7E74D2B6A
av_malloc.AVUTIL-58 ref: 00007FF7E74D2B74
avio_alloc_context.AVFORMAT-60 ref: 00007FF7E74D2BA7
av_dict_parse_string.AVUTIL-58 ref: 00007FF7E74D2BDE
av_strerror.AVUTIL-58 ref: 00007FF7E74D2C06
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7E74D2C10
fprintf.MSPDB140-MSVCRT ref: 00007FF7E74D2C2B
av_dict_free.AVUTIL-58 ref: 00007FF7E74D2C34
av_dict_count.AVUTIL-58 ref: 00007FF7E74D2C3D
printf.MSPDB140-MSVCRT ref: 00007FF7E74D2C4D
av_dict_get.AVUTIL-58 ref: 00007FF7E74D2C66
printf.MSPDB140-MSVCRT ref: 00007FF7E74D2C8E
av_dict_get.AVUTIL-58 ref: 00007FF7E74D2CA7
printf.MSPDB140-MSVCRT ref: 00007FF7E74D2CBB
avformat_write_header.AVFORMAT-60 ref: 00007FF7E74D2CC7
av_strerror.AVUTIL-58 ref: 00007FF7E74D2CF5
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7E74D2CFF
fprintf.MSPDB140-MSVCRT ref: 00007FF7E74D2D17
av_dict_free.AVUTIL-58 ref: 00007FF7E74D2D20

Part of subcall function 00007FF7E74D2030: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF7E74D23A2), ref: 00007FF7E74D204A
Part of subcall function 00007FF7E74D2030: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF7E74D23A2), ref: 00007FF7E74D2065
Part of subcall function 00007FF7E74D2030: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF7E74D23A2), ref: 00007FF7E74D2080
Part of subcall function 00007FF7E74D2030: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF7E74D23A2), ref: 00007FF7E74D209B
Part of subcall function 00007FF7E74D2030: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF7E74D23A2), ref: 00007FF7E74D20B6

avio_open.AVFORMAT-60 ref: 00007FF7E74D2D41
av_strerror.AVUTIL-58 ref: 00007FF7E74D2D6D
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7E74D2D77
av_dict_free.AVUTIL-58 ref: 00007FF7E74D2D8A

Strings

Couldn't open '%s', %s, xrefs: 00007FF7E74D2AA0
%s=%s, xrefs: 00007FF7E74D2C84
Using muxer settings:, xrefs: 00007FF7E74D2C46
Error opening '%s': %s, xrefs: 00007FF7E74D2D10
Failed to parse muxer settings: %s%s, xrefs: 00007FF7E74D2C24

Memory Dump Source

Source File: 0000000A.00000002.1869547646.00007FF7E74D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7E74D0000, based on PE: true

Associated: 0000000A.00000002.1869530177.00007FF7E74D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000A.00000002.1869595077.00007FF7E74D5000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000A.00000002.1869613697.00007FF7E74D6000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000A.00000002.1869636249.00007FF7E74D9000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff7e74d0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: strncmp$__acrt_iob_func$av_dict_freeav_strerrorfprintfprintf$av_dict_getos_event_init$__stdio_common_vfprintf_errnoav_dict_countav_dict_parse_stringav_mallocavformat_write_headeravio_alloc_contextavio_openbreallocmemmovepthread_createpthread_mutex_initstrerror
String ID: %s=%s$Couldn't open '%s', %s$Error opening '%s': %s$Failed to parse muxer settings: %s%s$Using muxer settings:
API String ID: 2783795328-2826353358
Opcode ID: 0ced714b6d2bafb841ab697dc7cb68e417ab27a254e86fbca716fd3c82a395c5
Instruction ID: f2b1131dce6a0a655e4f10ceb9f189719be8e1b5b18b5002c8e68621a32d4f92
Opcode Fuzzy Hash: 0ced714b6d2bafb841ab697dc7cb68e417ab27a254e86fbca716fd3c82a395c5
Instruction Fuzzy Hash: 3DA18122B08A8291E755FB21D4903F8A360FB5A788FC18137EBAD47645DF3CE15A8351

Function 00007FF7E74D2EE0 Relevance: 54.6, APIs: 29, Strings: 2, Instructions: 313COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140 ref: 00007FF7E74D2F39
SetErrorMode.KERNEL32 ref: 00007FF7E74D2F5D
malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7E74D2F6B
WideCharToMultiByte.KERNEL32 ref: 00007FF7E74D2FD8
malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7E74D2FE7
WideCharToMultiByte.KERNEL32 ref: 00007FF7E74D3016
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7E74D3044
_fileno.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7E74D304D
_setmode.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7E74D305A
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7E74D3065
setvbuf.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7E74D3077
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7E74D3098
fprintf.MSPDB140-MSVCRT ref: 00007FF7E74D30A8
malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7E74D30F8
realloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7E74D311C
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7E74D3167
fprintf.MSPDB140-MSVCRT ref: 00007FF7E74D3177
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7E74D319A
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7E74D31A3
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7E74D31C5
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7E74D31D6
malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7E74D3215
realloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7E74D3239
av_rescale_q_rnd.AVUTIL-58 ref: 00007FF7E74D330C
av_rescale_q_rnd.AVUTIL-58 ref: 00007FF7E74D3344
av_interleaved_write_frame.AVFORMAT-60 ref: 00007FF7E74D336D
av_strerror.AVUTIL-58 ref: 00007FF7E74D33BA
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7E74D33C4
fprintf.MSPDB140-MSVCRT ref: 00007FF7E74D33DE

Part of subcall function 00007FF7E74D2320: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,00007FF7E74D29D8,?,?,?,00007FF7E74D12F1), ref: 00007FF7E74D2357

Strings

av_interleaved_write_frame failed: %d: %s, xrefs: 00007FF7E74D33D7
Couldn't initialize muxer, xrefs: 00007FF7E74D30A1, 00007FF7E74D3170

Memory Dump Source

Source File: 0000000A.00000002.1869547646.00007FF7E74D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7E74D0000, based on PE: true

Associated: 0000000A.00000002.1869530177.00007FF7E74D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000A.00000002.1869595077.00007FF7E74D5000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000A.00000002.1869613697.00007FF7E74D6000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000A.00000002.1869636249.00007FF7E74D9000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff7e74d0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: __acrt_iob_func$freemalloc$fprintf$ByteCharMultiWideav_rescale_q_rndrealloc$ErrorMode__stdio_common_vfprintf_fileno_setmodeav_interleaved_write_frameav_strerrormemsetsetvbuf
String ID: Couldn't initialize muxer$av_interleaved_write_frame failed: %d: %s
API String ID: 4192084208-164389310
Opcode ID: 90e4d641eae2122b72088982d14054dbbcc6ef952270b6c02c8a2abd6878b3b9
Instruction ID: 04c6f9004def238fa59b935b016f0d2ffb5a7d8e11601a823b59368e99ba616a
Opcode Fuzzy Hash: 90e4d641eae2122b72088982d14054dbbcc6ef952270b6c02c8a2abd6878b3b9
Instruction Fuzzy Hash: 4CE19222A08A82C6EB60AF61D8903BDA7A1FB4AB84F814137DF9D17754DF3CD54AC711

Function 00007FFDFB8CC2F0 Relevance: 51.3, APIs: 25, Strings: 4, Instructions: 582stringCOMMON

Download Yara Rule

APIs

strcmp.MSVCRT ref: 00007FFDFB8CC347
strtol.MSVCRT ref: 00007FFDFB8CC3ED
strchr.MSVCRT ref: 00007FFDFB8CC462
strcmp.MSVCRT ref: 00007FFDFB8CC564
_aligned_free.MSVCRT ref: 00007FFDFB8CC594
_aligned_free.MSVCRT ref: 00007FFDFB8CC59E
_aligned_free.MSVCRT ref: 00007FFDFB8CC5D5

Strings

%d channels (%[^)], xrefs: 00007FFDFB8CC44B
channels, xrefs: 00007FFDFB8CCB80
ambisonic , xrefs: 00007FFDFB8CC3A0
mono, xrefs: 00007FFDFB8CC317

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _aligned_free$strcmp$strchrstrtol
String ID: channels$%d channels (%[^)]$ambisonic $mono
API String ID: 6235670-221731140
Opcode ID: 9a9eb1e0a00dde1935faf8ff688298a0d262cbf1e4cfcb0e70de2c1dca8238e4
Instruction ID: 430353f853a23df41cf277a45aadc5718d41f9316192123338c67867a790714e
Opcode Fuzzy Hash: 9a9eb1e0a00dde1935faf8ff688298a0d262cbf1e4cfcb0e70de2c1dca8238e4
Instruction Fuzzy Hash: 61424FF2B1968385EB648B15E460B7A6791FBC4780F548036DAAD47FE9DE3CE441CB80

Function 00007FFE1A4F8DB0 Relevance: 42.1, APIs: 12, Strings: 12, Instructions: 108COMMON

Download Yara Rule

APIs

av_opt_set_chlayout.AVUTIL-58 ref: 00007FFE1A4F8DFE
av_opt_set_int.AVUTIL-58 ref: 00007FFE1A4F8E1B
av_opt_set_int.AVUTIL-58 ref: 00007FFE1A4F8E38
av_opt_set_chlayout.AVUTIL-58 ref: 00007FFE1A4F8E5A
av_opt_set_int.AVUTIL-58 ref: 00007FFE1A4F8E7C
av_opt_set_int.AVUTIL-58 ref: 00007FFE1A4F8E9E
av_opt_set_int.AVUTIL-58 ref: 00007FFE1A4F8EBB
av_opt_set_int.AVUTIL-58 ref: 00007FFE1A4F8ED0
av_opt_set_int.AVUTIL-58 ref: 00007FFE1A4F8EE5
av_opt_set_int.AVUTIL-58 ref: 00007FFE1A4F8EFA
av_opt_set_int.AVUTIL-58 ref: 00007FFE1A4F8F0F
av_log.AVUTIL-58 ref: 00007FFE1A4F8F53

Strings

ichl, xrefs: 00007FFE1A4F8E50
Failed to set option, xrefs: 00007FFE1A4F8F40
ich, xrefs: 00007FFE1A4F8EF3
uch, xrefs: 00007FFE1A4F8EB1
osf, xrefs: 00007FFE1A4F8E11
ocl, xrefs: 00007FFE1A4F8EDE
ochl, xrefs: 00007FFE1A4F8DE7
osr, xrefs: 00007FFE1A4F8E2E
isr, xrefs: 00007FFE1A4F8E94
isf, xrefs: 00007FFE1A4F8E72
icl, xrefs: 00007FFE1A4F8EC9
och, xrefs: 00007FFE1A4F8F08

Memory Dump Source

Source File: 0000000A.00000002.1880712702.00007FFE1A4F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE1A4F0000, based on PE: true

Associated: 0000000A.00000002.1880696125.00007FFE1A4F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880739274.00007FFE1A509000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880758605.00007FFE1A512000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880777276.00007FFE1A513000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880794427.00007FFE1A516000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880815026.00007FFE1A517000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffe1a4f0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: av_opt_set_int$av_opt_set_chlayout$av_log
String ID: Failed to set option$ich$ichl$icl$isf$isr$och$ochl$ocl$osf$osr$uch
API String ID: 4144258317-3247528414
Opcode ID: 10ab7c08c9e10468c087a0fc18b47031af3b6046317781463100eb67561eeeb0
Instruction ID: 556d7b80981b9b0d8219bf8b96454445277f8de2a335780ce714fdfb92d5770b
Opcode Fuzzy Hash: 10ab7c08c9e10468c087a0fc18b47031af3b6046317781463100eb67561eeeb0
Instruction Fuzzy Hash: FF415165B0CB5341F6649727AA52BBF1651AF47BE8F8064F3DE4C47A65EE3CE0058700

Function 00007FFDFB8F2D90 Relevance: 26.5, APIs: 7, Strings: 8, Instructions: 203COMMON

Download Yara Rule

APIs

_read.MSVCRT ref: 00007FFDFB8F2E0D
_close.MSVCRT ref: 00007FFDFB8F2E17
_read.MSVCRT ref: 00007FFDFB8F2E48
_close.MSVCRT ref: 00007FFDFB8F2E52
clock.MSVCRT ref: 00007FFDFB8F2EF9

Strings

src/libavutil/random_seed.c, xrefs: 00007FFDFB8F3069
RNG, xrefs: 00007FFDFB8F2DA7
N, xrefs: 00007FFDFB8F3087
/dev/urandom, xrefs: 00007FFDFB8F2DEC
Microsoft Primitive Provider, xrefs: 00007FFDFB8F2DA0
sizeof(tmp) >= av_sha_size, xrefs: 00007FFDFB8F3070
/dev/random, xrefs: 00007FFDFB8F2E27
Assertion %s failed at %s:%d, xrefs: 00007FFDFB8F3080

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _close_read$clock
String ID: /dev/random$/dev/urandom$Assertion %s failed at %s:%d$Microsoft Primitive Provider$N$RNG$sizeof(tmp) >= av_sha_size$src/libavutil/random_seed.c
API String ID: 3077350862-4220122895
Opcode ID: 42a263d787bb1900c231adad2bae4144787def7db549a8d8b5a27e8b710399cc
Instruction ID: 22ac1bf07fb3e6039acdf138da958f19c28e3aa84f6dd7d46274793605c2525d
Opcode Fuzzy Hash: 42a263d787bb1900c231adad2bae4144787def7db549a8d8b5a27e8b710399cc
Instruction Fuzzy Hash: FD712B72B2A54345F7189F24E961AB93B91EB84784F504136E62E47AFDEF7CE904C700

Function 00007FFDFB8EF2C0 Relevance: 23.2, APIs: 3, Strings: 10, Instructions: 461COMMON

Download Yara Rule

APIs

_errno.MSVCRT ref: 00007FFDFB8EF94F
_errno.MSVCRT ref: 00007FFDFB8EF977

Strings

%J:%M:%S, xrefs: 00007FFDFB8EF331
now, xrefs: 00007FFDFB8EF613
%H%M%S, xrefs: 00007FFDFB8EF6A9
%Y%m%d, xrefs: 00007FFDFB8EF64D
%Y - %m - %d, xrefs: 00007FFDFB8EF62C
%H:%M:%S, xrefs: 00007FFDFB8EF68E
%M:%S, xrefs: 00007FFDFB8EF923
AliceBlue, xrefs: 00007FFDFB8EF5CD
%H:%M, xrefs: 00007FFDFB8EF57A
+, xrefs: 00007FFDFB8EF5A4

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _errno
String ID: %H%M%S$%H:%M$%H:%M:%S$%J:%M:%S$%M:%S$%Y - %m - %d$%Y%m%d$+$AliceBlue$now
API String ID: 2918714741-785088730
Opcode ID: 8cc4219109180221a37125365c6cb82e6481bf229ae85591e8e1ba171042397c
Instruction ID: 5dbe39bc054be3481fae48e09859f9fbafe283ddcc2659cc23967339511ab624
Opcode Fuzzy Hash: 8cc4219109180221a37125365c6cb82e6481bf229ae85591e8e1ba171042397c
Instruction Fuzzy Hash: 79023A62B2E69746FB288B65E460B7A7B91EBC0744F548131DA6D07BFCDE3DE4058B00

Function 00007FFDFB8CD9B0 Relevance: 21.3, APIs: 6, Strings: 6, Instructions: 272COMMON

Download Yara Rule

APIs

abort.MSVCRT ref: 00007FFDFB8CD9FF

Strings

src/libavutil/crc.c, xrefs: 00007FFDFB8CD9D4, 00007FFDFB8CDA34, 00007FFDFB8CDA94, 00007FFDFB8CDAF4, 00007FFDFB8CDB54, 00007FFDFB8CDBB4
av_crc_init(av_crc_table[AV_CRC_24_IEEE], 0, 24, 0x864CFB, sizeof(av_crc_table[AV_CRC_24_IEEE])) >= 0, xrefs: 00007FFDFB8CDB5B
Assertion %s failed at %s:%d, xrefs: 00007FFDFB8CD9EB, 00007FFDFB8CDA4B, 00007FFDFB8CDAAB, 00007FFDFB8CDB0B, 00007FFDFB8CDB6B, 00007FFDFB8CDBCB
av_crc_init(av_crc_table[AV_CRC_16_CCITT], 0, 16, 0x1021, sizeof(av_crc_table[AV_CRC_16_CCITT])) >= 0, xrefs: 00007FFDFB8CDAFB
av_crc_init(av_crc_table[AV_CRC_32_IEEE], 0, 32, 0x04C11DB7, sizeof(av_crc_table[AV_CRC_32_IEEE])) >= 0, xrefs: 00007FFDFB8CDBBB
av_crc_init(av_crc_table[AV_CRC_8_ATM], 0, 8, 0x07, sizeof(av_crc_table[AV_CRC_8_ATM])) >= 0, xrefs: 00007FFDFB8CD9DB, 00007FFDFB8CDA3B, 00007FFDFB8CDA9B

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: abort
String ID: Assertion %s failed at %s:%d$av_crc_init(av_crc_table[AV_CRC_16_CCITT], 0, 16, 0x1021, sizeof(av_crc_table[AV_CRC_16_CCITT])) >= 0$av_crc_init(av_crc_table[AV_CRC_24_IEEE], 0, 24, 0x864CFB, sizeof(av_crc_table[AV_CRC_24_IEEE])) >= 0$av_crc_init(av_crc_table[AV_CRC_32_IEEE], 0, 32, 0x04C11DB7, sizeof(av_crc_table[AV_CRC_32_IEEE])) >= 0$av_crc_init(av_crc_table[AV_CRC_8_ATM], 0, 8, 0x07, sizeof(av_crc_table[AV_CRC_8_ATM])) >= 0$src/libavutil/crc.c
API String ID: 4206212132-2611614167
Opcode ID: 92c9e43b5e3701d523069e98b3d843c3635d7b65042acc036af35ff1e6a13f27
Instruction ID: 31e88fea501d8e827223567a019b94ca9124ee02cdbd36b0d4499603fa3931bd
Opcode Fuzzy Hash: 92c9e43b5e3701d523069e98b3d843c3635d7b65042acc036af35ff1e6a13f27
Instruction Fuzzy Hash: 31A194B2F2AA4747E704AF64D861BF92690EB95304FC88136D62DC66FADE7DE105C700

Function 00007FFDFB8DED32 Relevance: 17.7, APIs: 3, Strings: 7, Instructions: 176libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32 ref: 00007FFDFB8DED8A

Strings

Using device %04x:%04x (%ls)., xrefs: 00007FFDFB8DEEEF
Failed to create Direct3D device (%lx), xrefs: 00007FFDFB8DF02D
d3d11_1sdklayers.dll, xrefs: 00007FFDFB8DED80
debug, xrefs: 00007FFDFB8DED66
dxgidebug.dll, xrefs: 00007FFDFB8DEF50
Failed to load D3D11 library or its functions, xrefs: 00007FFDFB8DF00B
DXGIGetDebugInterface, xrefs: 00007FFDFB8DEF65

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: LibraryLoad
String ID: DXGIGetDebugInterface$Failed to create Direct3D device (%lx)$Failed to load D3D11 library or its functions$Using device %04x:%04x (%ls).$d3d11_1sdklayers.dll$debug$dxgidebug.dll
API String ID: 1029625771-4247103231
Opcode ID: 5e2a214d2a33974e5b6e87ebf4458333bd18d13c46bc31c7c438c065be5d4816
Instruction ID: 5d7b742d57c70280b5f52fa5198c23d2c1c4a1aa256a5ad721e42d9ff3a8a77c
Opcode Fuzzy Hash: 5e2a214d2a33974e5b6e87ebf4458333bd18d13c46bc31c7c438c065be5d4816
Instruction Fuzzy Hash: 49711B22B1AA4382EF109B25E460B6A67A0FFC8B84F545536DA6D47BF8DF3DE404C740

Function 00007FFDFB8EC650 Relevance: 16.8, APIs: 1, Strings: 10, Instructions: 299COMMON

Download Yara Rule

Strings

%d%*1[:/]%d%c, xrefs: 00007FFDFB8ECB60
const_values array too small for %s, xrefs: 00007FFDFB8ECB8A
default, xrefs: 00007FFDFB8EC784
Unable to parse option value "%s", xrefs: 00007FFDFB8ECBAE
The "%s" option is deprecated: %s, xrefs: 00007FFDFB8ECABE
-, xrefs: 00007FFDFB8ECA63
max, xrefs: 00007FFDFB8EC7C9
none, xrefs: 00007FFDFB8EC7EF
all, xrefs: 00007FFDFB8EC7FE
min, xrefs: 00007FFDFB8EC7E0

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID: %d%*1[:/]%d%c$-$The "%s" option is deprecated: %s$Unable to parse option value "%s"$all$const_values array too small for %s$default$max$min$none
API String ID: 0-679463259
Opcode ID: 9d9d9a3b7a0190a60b3e1d7de4052083c20cc3d048e1b11ee78faf5db607be51
Instruction ID: 97c6f69a3b61590e80277d310110ff597baed38cb8bef92f5d2df4878a0fa8aa
Opcode Fuzzy Hash: 9d9d9a3b7a0190a60b3e1d7de4052083c20cc3d048e1b11ee78faf5db607be51
Instruction Fuzzy Hash: BCE1B132A1AB8286E7658F54E450BABB7A4FBC5748F144136DAAD56AE8DF3CD044CF00

Function 00007FFE1A4F68B0 Relevance: 16.3, APIs: 6, Strings: 3, Instructions: 567COMMON

Download Yara Rule

APIs

av_malloc_array.AVUTIL-58 ref: 00007FFE1A4F6976
av_malloc_array.AVUTIL-58 ref: 00007FFE1A4F698B

Strings

Assertion %s failed at %s:%d, xrefs: 00007FFE1A4F6D05
tap_count == 1 || tap_count % 2 == 0, xrefs: 00007FFE1A4F73E1
src/libswresample/resample.c, xrefs: 00007FFE1A4F6CEA, 00007FFE1A4F73D2

Memory Dump Source

Source File: 0000000A.00000002.1880712702.00007FFE1A4F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE1A4F0000, based on PE: true

Associated: 0000000A.00000002.1880696125.00007FFE1A4F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880739274.00007FFE1A509000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880758605.00007FFE1A512000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880777276.00007FFE1A513000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880794427.00007FFE1A516000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880815026.00007FFE1A517000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffe1a4f0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: av_malloc_array
String ID: Assertion %s failed at %s:%d$src/libswresample/resample.c$tap_count == 1 || tap_count % 2 == 0
API String ID: 1862890220-3187375394
Opcode ID: 821feb5264397491c723a34886a4805e0f008ad312c9caf0883d02201ff3be8e
Instruction ID: 8212eb13e4373fccd10a050229b3c3299003fef5b693244d6f78231aa84d1af2
Opcode Fuzzy Hash: 821feb5264397491c723a34886a4805e0f008ad312c9caf0883d02201ff3be8e
Instruction Fuzzy Hash: FD42C832E1CF8549D2238B3995512BAA724FF977D1F41D3B3E94E72A65DF2CE0928600

Function 00007FFDFB8E4C80 Relevance: 15.4, APIs: 3, Strings: 7, Instructions: 398COMMON

Download Yara Rule

Strings

[%s] , xrefs: 00007FFDFB8E5316
Last message repeated %d times, xrefs: 00007FFDFB8E4FA2
Last message repeated %d times, xrefs: 00007FFDFB8E52F6
[%s @ %p] , xrefs: 00007FFDFB8E4DCB, 00007FFDFB8E4E42
?, xrefs: 00007FFDFB8E50A8
%s%s%s%s, xrefs: 00007FFDFB8E4F2A
8, xrefs: 00007FFDFB8E529D

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID: Last message repeated %d times$ Last message repeated %d times$%s%s%s%s$8$?$[%s @ %p] $[%s]
API String ID: 0-179686365
Opcode ID: 700e6493641140c6dda8d7c6b21148849bcfbba81eaa22d40e06a7a62df99f25
Instruction ID: 86f61d8055e109282edc86d71da68c4b9411098e8e9d655f9cead944db9aee7f
Opcode Fuzzy Hash: 700e6493641140c6dda8d7c6b21148849bcfbba81eaa22d40e06a7a62df99f25
Instruction Fuzzy Hash: 7FF1E362B1A68745EB688B51A430BFD2791BFC6B84F844036DEAD073EECE3DE5448740

Function 00007FFDFB8E24D0 Relevance: 14.4, APIs: 5, Strings: 3, Instructions: 442COMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 00007FFDFB8E262A
abort.MSVCRT ref: 00007FFDFB8E26EF
memcpy.MSVCRT ref: 00007FFDFB8E2A6B

Strings

ret >= 0, xrefs: 00007FFDFB8E26CB
Assertion %s failed at %s:%d, xrefs: 00007FFDFB8E26DB
src/libavutil/imgutils.c, xrefs: 00007FFDFB8E26C4

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: memcpy$abort
String ID: Assertion %s failed at %s:%d$ret >= 0$src/libavutil/imgutils.c
API String ID: 3629556515-2504023021
Opcode ID: 2312a6da2723e7e0594906141bd6e79322ef9e88a15247b0ee1471fd6e159ad7
Instruction ID: 939038c4caf1b99997b6f846d1a252911c5eb5b45be66c05bb4e4dd595fdfb2a
Opcode Fuzzy Hash: 2312a6da2723e7e0594906141bd6e79322ef9e88a15247b0ee1471fd6e159ad7
Instruction Fuzzy Hash: 0502F032B1968286E768DF55E460BAEB7A0FBC9784F544135DA9D43BA8DF3CE441CB00

Function 00007FF7E74D3C5C Relevance: 13.6, APIs: 9, Instructions: 72COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32 ref: 00007FF7E74D3C78
memset.VCRUNTIME140 ref: 00007FF7E74D3C9C
RtlCaptureContext.KERNEL32 ref: 00007FF7E74D3CA5
RtlLookupFunctionEntry.KERNEL32 ref: 00007FF7E74D3CBF
RtlVirtualUnwind.KERNEL32 ref: 00007FF7E74D3D00
memset.VCRUNTIME140 ref: 00007FF7E74D3D33
IsDebuggerPresent.KERNEL32 ref: 00007FF7E74D3D54
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF7E74D3D75
UnhandledExceptionFilter.KERNEL32 ref: 00007FF7E74D3D80

Memory Dump Source

Source File: 0000000A.00000002.1869547646.00007FF7E74D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7E74D0000, based on PE: true

Associated: 0000000A.00000002.1869530177.00007FF7E74D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000A.00000002.1869595077.00007FF7E74D5000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000A.00000002.1869613697.00007FF7E74D6000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000A.00000002.1869636249.00007FF7E74D9000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff7e74d0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
String ID:
API String ID: 313767242-0
Opcode ID: 8e29f9cfb3282d508510f87b074f2afb23630758b427b43b81c2847ae2e7d6a0
Instruction ID: aeaee7bebc721f129db2d438b2a89430785969f3f5acb8e574a41aeb5f165160
Opcode Fuzzy Hash: 8e29f9cfb3282d508510f87b074f2afb23630758b427b43b81c2847ae2e7d6a0
Instruction Fuzzy Hash: AF312F72609A81C6EBA09F64E8943EDB360FB86744F84403ADB9D47A94EF38D54DC721

Function 00007FFE1A546CBC Relevance: 13.6, APIs: 9, Instructions: 72COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32 ref: 00007FFE1A546CD8
memset.VCRUNTIME140 ref: 00007FFE1A546CFC
RtlCaptureContext.KERNEL32 ref: 00007FFE1A546D05
RtlLookupFunctionEntry.KERNEL32 ref: 00007FFE1A546D1F
RtlVirtualUnwind.KERNEL32 ref: 00007FFE1A546D60
memset.VCRUNTIME140 ref: 00007FFE1A546D93
IsDebuggerPresent.KERNEL32 ref: 00007FFE1A546DB4
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FFE1A546DD5
UnhandledExceptionFilter.KERNEL32 ref: 00007FFE1A546DE0

Memory Dump Source

Source File: 0000000A.00000002.1880945314.00007FFE1A541000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE1A540000, based on PE: true

Associated: 0000000A.00000002.1880927238.00007FFE1A540000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.1880971811.00007FFE1A548000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.1880989606.00007FFE1A54C000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffe1a540000_obs-ffmpeg-mux.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
String ID:
API String ID: 313767242-0
Opcode ID: 13250969f5b2de30470bf22d6d750f243ba906d20c34ed2405166bb0a67cfad5
Instruction ID: e82bea0e73e336039550365ce2ee710e03693792829ef47103c1c9699fade52b
Opcode Fuzzy Hash: 13250969f5b2de30470bf22d6d750f243ba906d20c34ed2405166bb0a67cfad5
Instruction Fuzzy Hash: 4B313A7270DE818AEB609F61E8407F97360FB86B54F4444BADA4D47BA9EF38D548C710

Function 00007FFDFB8E5980 Relevance: 12.7, APIs: 2, Strings: 5, Instructions: 408COMMON

Download Yara Rule

APIs

abort.MSVCRT ref: 00007FFDFB8E59AF

Strings

Assertion %s failed at %s:%d, xrefs: 00007FFDFB8E5996
src/libavutil/lzo.c, xrefs: 00007FFDFB8E5984
[, xrefs: 00007FFDFB8E59A2
?, xrefs: 00007FFDFB8E5A39
cnt >= 0, xrefs: 00007FFDFB8E598F

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: abort
String ID: ?$Assertion %s failed at %s:%d$[$cnt >= 0$src/libavutil/lzo.c
API String ID: 4206212132-2884727783
Opcode ID: 7011ca950fc2a7db3eb286879491971854b83ca07a450eddb1490616219303e7
Instruction ID: 09fe6ed41b76875f8d01fa248f5ebf6ed7be7d0f39c076b85fddcd8630601946
Opcode Fuzzy Hash: 7011ca950fc2a7db3eb286879491971854b83ca07a450eddb1490616219303e7
Instruction Fuzzy Hash: EAE12772B2F66381E7688B518574BB92A92BBC4780F958131CE2D077E8EE7DE605D700

Function 00007FFDFB8CBE20 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 216COMMON

Download Yara Rule

APIs

abort.MSVCRT ref: 00007FFDFB8CC141

Strings

Assertion %s failed at %s:%d, xrefs: 00007FFDFB8CC12D
ambisonic %d, xrefs: 00007FFDFB8CBF01
src/libavutil/channel_layout.c, xrefs: 00007FFDFB8CC116
channel_layout->order == AV_CHANNEL_ORDER_CUSTOM, xrefs: 00007FFDFB8CC11D

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: abort
String ID: Assertion %s failed at %s:%d$ambisonic %d$channel_layout->order == AV_CHANNEL_ORDER_CUSTOM$src/libavutil/channel_layout.c
API String ID: 4206212132-610793534
Opcode ID: 4154b1103f2502a80824f1cfea4b5c08add524b0e9befcb9efd5374d9646e1ef
Instruction ID: 48a9b953711e31c33973bed4434ce41b00bf646abba7bdde7dc2ada8eb9ff679
Opcode Fuzzy Hash: 4154b1103f2502a80824f1cfea4b5c08add524b0e9befcb9efd5374d9646e1ef
Instruction Fuzzy Hash: 10715AE3F3A81B03E7254734D8217745281ABD4760F4CD232E91AD2BD9EA2DE9818B01

Function 00007FFDFB9446C0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 85COMMON

Download Yara Rule

APIs

abort.MSVCRT ref: 00007FFDFB944707

Strings

n, xrefs: 00007FFDFB9446FA
(state[4] & 3) == 3, xrefs: 00007FFDFB9446E3
Assertion %s failed at %s:%d, xrefs: 00007FFDFB9446F3
src/libavutil/utils.c, xrefs: 00007FFDFB9446DC

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: abort
String ID: (state[4] & 3) == 3$Assertion %s failed at %s:%d$n$src/libavutil/utils.c
API String ID: 4206212132-3394967418
Opcode ID: f745146a8868629358c2eef4edc24f02b811a2bcba902581bbe48fb0424e79ec
Instruction ID: cbc65e533f8344899968e0c31cffd7cbe2d101a505f5829221556654227defc1
Opcode Fuzzy Hash: f745146a8868629358c2eef4edc24f02b811a2bcba902581bbe48fb0424e79ec
Instruction Fuzzy Hash: A9215F73B2E98385F7105A38987067E3291AB43B65F958332E539866FCCE3CD7868500

Function 00007FFDFB8CBA70 Relevance: 7.8, Strings: 6, Instructions: 250COMMON

Download Yara Rule

Strings

USR%d, xrefs: 00007FFDFB8CBCE0
%d channels (, xrefs: 00007FFDFB8CBB71
%d channels, xrefs: 00007FFDFB8CBB5E
AMBI%d, xrefs: 00007FFDFB8CBDD8
NONE, xrefs: 00007FFDFB8CBB96
@%s, xrefs: 00007FFDFB8CBC1D

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID: %d channels$%d channels ($@%s$AMBI%d$NONE$USR%d
API String ID: 0-1306170362
Opcode ID: b58385b35ee8c0576a5674ace7b060eb4fb2608f8c8b053f2f6c87950b102242
Instruction ID: 29fe55fcf011ff7ba65205e4109db1ff52d66ced1f07051676b9e27d922577cf
Opcode Fuzzy Hash: b58385b35ee8c0576a5674ace7b060eb4fb2608f8c8b053f2f6c87950b102242
Instruction Fuzzy Hash: E291E2EAF2A96B42EB248715D860E752645AFC4B90F84C033CD2D57AEECE3CE9418740

Function 00007FFDFB96DAA0 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 331COMMON

Download Yara Rule

Strings

pow, xrefs: 00007FFDFB96DBCF, 00007FFDFB96DCFE, 00007FFDFB96E0AC

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID: pow
API String ID: 0-2276729525
Opcode ID: 4e4d1c9717f4655b5bbf70594396bdc5da546f85907a2c9caf3bda01d7e980ea
Instruction ID: cac0c74831f3988f2fe2736fc40152d082cd8678c27854fceac38a4a5baaf904
Opcode Fuzzy Hash: 4e4d1c9717f4655b5bbf70594396bdc5da546f85907a2c9caf3bda01d7e980ea
Instruction Fuzzy Hash: 54D1E922F1EA4749E72256355430F7A7616EF56380F20A332E9BD7A1FDEF6CB4819140

Function 00007FFDFB905B00 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 253COMMON

Download Yara Rule

APIs

abort.MSVCRT ref: 00007FFDFB905E9A

Strings

src/libavutil/tx.c, xrefs: 00007FFDFB905E6F
', xrefs: 00007FFDFB905E8D
Assertion %s failed at %s:%d, xrefs: 00007FFDFB905E86

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: abort
String ID: '$Assertion %s failed at %s:%d$src/libavutil/tx.c
API String ID: 4206212132-3565471776
Opcode ID: ec47289fc772912451eea82ccb2b1043ae62ca5012e7b26885c9d820250d193f
Instruction ID: 9e5cbe3c514bc3802939247ad1846d509b5508d43c74a520cbe987660ee1a9a8
Opcode Fuzzy Hash: ec47289fc772912451eea82ccb2b1043ae62ca5012e7b26885c9d820250d193f
Instruction Fuzzy Hash: 57A10876B0A68286D764CF28E490769B7E1F7887D4F585035DA9E437A8DF3DE844CB00

Function 00007FFDFB8CD5C0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 79COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 00007FFDFB8CD5CD
GetProcessAffinityMask.KERNEL32 ref: 00007FFDFB8CD5E0

Strings

detected %d logical cores, xrefs: 00007FFDFB8CD6C3
overriding to %d logical cores, xrefs: 00007FFDFB8CD69D

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: Process$AffinityCurrentMask
String ID: detected %d logical cores$overriding to %d logical cores
API String ID: 1231390398-3421371979
Opcode ID: 2e9904b101b569c18024893eab007079966040748388d549111c530203c0def7
Instruction ID: 7a40750d375c7ee8d59f355b18e310cadedc1bfa33c72baa4cd77f347d207181
Opcode Fuzzy Hash: 2e9904b101b569c18024893eab007079966040748388d549111c530203c0def7
Instruction Fuzzy Hash: F321C7E3B2A90703E7144B29EC21B6512917B98764B4DD136DD1EC7BA9ED3CE605C341

Function 00007FFDFB8C1C30 Relevance: 4.2, APIs: 3, Instructions: 497COMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 00007FFDFB8C1EA6
memcpy.MSVCRT ref: 00007FFDFB8C1EBB

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: memcpy
String ID:
API String ID: 3510742995-0
Opcode ID: 403baa3e1a488a5a0e7543da01e81e3aaffd6a2fe1ed6e15f3cbc0658172d83e
Instruction ID: 7282c9802700925bfffba4f146da77ff7faf9ce652b91ce77c8f9a48eecb45da
Opcode Fuzzy Hash: 403baa3e1a488a5a0e7543da01e81e3aaffd6a2fe1ed6e15f3cbc0658172d83e
Instruction Fuzzy Hash: 9032E4B2A1D7C186D7658B25E8507FEBBA0F795384F058126DBD943BAACB3CE164C700

Function 00007FFDFB970640 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 155COMMON

Download Yara Rule

APIs

_errno.MSVCRT ref: 00007FFDFB970754

Strings

__powi, xrefs: 00007FFDFB970761

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _errno
String ID: __powi
API String ID: 2918714741-2331859415
Opcode ID: 1ed4b1acd7149e56c63c0e5b63662fa1acdc3d18d69be49f294a8596855a1eb9
Instruction ID: b77845cab2ff43b347b6fa879a24bb0ad3c3eab31f496dbc62f404115c8a5029
Opcode Fuzzy Hash: 1ed4b1acd7149e56c63c0e5b63662fa1acdc3d18d69be49f294a8596855a1eb9
Instruction Fuzzy Hash: 94518110F1F64785FB568B246C70B762394EFA6788E249336D83DAA4F8EF2D7C818500

Function 00007FFDFB8C3B87 Relevance: 3.5, APIs: 2, Instructions: 484COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 238db13e466d98e71d78f61cae172d4804caeca104bc3b3bb4d467ddbb97d8ec
Instruction ID: 5f8ce7ae0723045f8204f7978ae093e120430faf6cf073911ac2a1f733fddf9a
Opcode Fuzzy Hash: 238db13e466d98e71d78f61cae172d4804caeca104bc3b3bb4d467ddbb97d8ec
Instruction Fuzzy Hash: 3D22AFE2B1E6D685D7208B15A020BBAB7A1FB85B84F544136DAAD577EDCF3CE484C700

Function 00007FFDFB8CB030 Relevance: 3.1, APIs: 2, Instructions: 87stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FFDFB8CAE10: strlen.MSVCRT ref: 00007FFDFB8CAE26
Part of subcall function 00007FFDFB8CAE10: memcmp.MSVCRT ref: 00007FFDFB8CAEA5

strtol.MSVCRT ref: 00007FFDFB8CB0F6
_errno.MSVCRT ref: 00007FFDFB8CB0FE

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _errnomemcmpstrlenstrtol
String ID:
API String ID: 1078869015-0
Opcode ID: 4e62ed5a4916453a6424c7a293e756ef9a25259ab9570582f9bd8a4894d05afe
Instruction ID: f6d7b807b8c2799aa9d1e409d850d60b0b9f9e0501ec5f87e2627370746ca7c3
Opcode Fuzzy Hash: 4e62ed5a4916453a6424c7a293e756ef9a25259ab9570582f9bd8a4894d05afe
Instruction Fuzzy Hash: 7821B2E7F2A90647EB5C8A25DC2233952C2A7D4770F4CC13ADE1AC67D9E93C99918701

Function 00007FFDFB969720 Relevance: 3.0, APIs: 2, Instructions: 39timeCOMMON

Download Yara Rule

APIs

GetTimeZoneInformation.KERNEL32 ref: 00007FFDFB969739
GetSystemTimeAsFileTime.KERNEL32 ref: 00007FFDFB969760

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: Time$FileInformationSystemZone
String ID:
API String ID: 2921752741-0
Opcode ID: a6735fc188ae2be04b6747e7321527e39212664d39bbfa2ed8a26b191bdbbc72
Instruction ID: ff78f780ae410ceebf1945f88554ab39bc78cf60e9c1490ae89c7b974344582e
Opcode Fuzzy Hash: a6735fc188ae2be04b6747e7321527e39212664d39bbfa2ed8a26b191bdbbc72
Instruction Fuzzy Hash: 7E01F1B2B1854246DF688F20F420779B292AB58794F48C131DAAE8A7E8EE3CD444C700

Function 00007FFDFB906350 Relevance: 1.7, Strings: 1, Instructions: 449COMMON

Download Yara Rule

Strings

%i: , xrefs: 00007FFDFB90696A

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID: %i:
API String ID: 0-3112360579
Opcode ID: 56225696255aec5cf75f5aaaa0dab9d34a63c7dc86180539428f912345232fc3
Instruction ID: 00dff66329e61625210a26b9dce81dbd9769b021711ee7ce525288d1f15fa47f
Opcode Fuzzy Hash: 56225696255aec5cf75f5aaaa0dab9d34a63c7dc86180539428f912345232fc3
Instruction Fuzzy Hash: 1D02BE7AB0A75286DB248F28C820A7C73A4FB44B88F594135CABD077E8DF79E951C740

Function 00007FFDFB905350 Relevance: 1.6, Strings: 1, Instructions: 329COMMON

Download Yara Rule

Strings

, xrefs: 00007FFDFB905365, 00007FFDFB90542D, 00007FFDFB9054AB, 00007FFDFB905522, 00007FFDFB90559D, 00007FFDFB90561F, 00007FFDFB905689, 00007FFDFB9056D4

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID: 0-399585960
Opcode ID: 32d18d1ae2b9536030ec3fb165465a0a39662cd1298dc4829aec3954e2195451
Instruction ID: 1cf4b96d36b362a286550f95fc50c30362e84e05281a7903793f603b800c3a86
Opcode Fuzzy Hash: 32d18d1ae2b9536030ec3fb165465a0a39662cd1298dc4829aec3954e2195451
Instruction Fuzzy Hash: CCE1A036B1968687E7208F26E4A0BAA7764FB847C4F554036DF9D43BA9DF39E441CB00

Function 00007FFDFB944840 Relevance: 1.4, Strings: 1, Instructions: 151COMMON

Download Yara Rule

Strings

0123456789abcdef, xrefs: 00007FFDFB944840

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID: 0123456789abcdef
API String ID: 0-1757737011
Opcode ID: 067b04213758aebbec89ab64825b0ea9af463173314dc67680d0fe0a86fcad37
Instruction ID: 09c132fce7c334eabf5bed20d190b502abebeef2d6d005044d4c584b79eeac65
Opcode Fuzzy Hash: 067b04213758aebbec89ab64825b0ea9af463173314dc67680d0fe0a86fcad37
Instruction Fuzzy Hash: B861B8977292F19DD72247A9A810F9CBE56D266B45F1D4289D7C10BF93C212C0B2FB21

Function 00007FFDFB8CB150 Relevance: 1.4, Strings: 1, Instructions: 147COMMON

Download Yara Rule

Strings

%d channels, xrefs: 00007FFDFB8CB273

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID: %d channels
API String ID: 0-1351059727
Opcode ID: fb37549d1e1a87d1845128c91bcf027e9804e02a172115fddd54d2ad187c1367
Instruction ID: d51f2c02fb0ebf867a551c9cce6a9e1f4dbe42cfca360146d5c613cce1f183fb
Opcode Fuzzy Hash: fb37549d1e1a87d1845128c91bcf027e9804e02a172115fddd54d2ad187c1367
Instruction Fuzzy Hash: 8741E3E7F2A81B02EB158B55FC21E754242ABD47B5F88D032DD1986BADED3C9586C301

Function 00007FFDFB902B60 Relevance: 1.4, Strings: 1, Instructions: 118COMMON

Download Yara Rule

Strings

%02u:%02u:%02u%c%02u, xrefs: 00007FFDFB902C47

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID: %02u:%02u:%02u%c%02u
API String ID: 0-3773705257
Opcode ID: 05e44b18eb7a4dcf895f83e0c2975131c3305643ef67c3862a7710349e35a628
Instruction ID: 1fc9c71983ace37fccd81659753d1e3140dcf6eaca8889fa2d22a81858c883d1
Opcode Fuzzy Hash: 05e44b18eb7a4dcf895f83e0c2975131c3305643ef67c3862a7710349e35a628
Instruction Fuzzy Hash: A9317CB7F2A5664AE7659E359840B6A3643F7447C9F8C8230ED5A4B7DCE93CE948C300

Function 00007FFDFB8CE9A0 Relevance: 1.4, Strings: 1, Instructions: 100COMMON

Download Yara Rule

Strings

9%lld, xrefs: 00007FFDFB8CEADF

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID: 9%lld
API String ID: 0-1067827528
Opcode ID: 4bf4b89b430cf95bf7994c152801e5258dcff788620b942f10691eac737950a8
Instruction ID: 620f9adb93a149e203ff8bbb8c7502cef3a5db6aab7eb42dbf5e4c3a0eef2b87
Opcode Fuzzy Hash: 4bf4b89b430cf95bf7994c152801e5258dcff788620b942f10691eac737950a8
Instruction Fuzzy Hash: F73125E373594143E747CEA6A8656E92352F38978AFC4A032FE0B97348E67DDD05D100

Function 00007FFDFB8CE820 Relevance: 1.3, Strings: 1, Instructions: 97COMMON

Download Yara Rule

Strings

9%lld, xrefs: 00007FFDFB8CE95C

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID: 9%lld
API String ID: 0-1067827528
Opcode ID: b7dcea320b78e429be7da6e3a51ac97eece9d04196250d78cf97526035406e98
Instruction ID: f0a49f26c87231a8dd28f18eb6b575185716d152e0d2cdd8974462b4852cd95a
Opcode Fuzzy Hash: b7dcea320b78e429be7da6e3a51ac97eece9d04196250d78cf97526035406e98
Instruction Fuzzy Hash: 0831D7A373195143E752CEA6A4616E92751F38D78AFC4A032FE0BD7748EA79DD0AD200

Function 00007FFDFB902CC0 Relevance: 1.3, Strings: 1, Instructions: 69COMMON

Download Yara Rule

Strings

%02u:%02u:%02u%c%02u, xrefs: 00007FFDFB902D5D

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID: %02u:%02u:%02u%c%02u
API String ID: 0-3773705257
Opcode ID: fdd9d13a151395552cd65e209512f394c3a647e9cf21eb926f75bca4cb5d8e29
Instruction ID: 166b211653211e03de0795213c6bd3bbaa219b84058f39ecd866ce18dd9f4888
Opcode Fuzzy Hash: fdd9d13a151395552cd65e209512f394c3a647e9cf21eb926f75bca4cb5d8e29
Instruction Fuzzy Hash: 2F110D73638455469B49DB2A8821BA97691F390BC4BC85235E99BCF398DD3CDB49C700

Function 00007FFDFB8CB6A0 Relevance: 1.3, Strings: 1, Instructions: 67COMMON

Download Yara Rule

Strings

front left, xrefs: 00007FFDFB8CB743

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID: front left
API String ID: 0-959785498
Opcode ID: 23cad181ecbb07febb14ec29e22a05d1089456614179c0b502e2ad97e0cb5eae
Instruction ID: 71520cc9828442ec85daa093186cda10e78b6710322237df1d8f13152b746e58
Opcode Fuzzy Hash: 23cad181ecbb07febb14ec29e22a05d1089456614179c0b502e2ad97e0cb5eae
Instruction Fuzzy Hash: 7411E7D7F3696F43EB20472DCC01B6401C293D576179CE132EC19C2B98EC3DE6428642

Function 00007FFDFB8E87F0 Relevance: 1.3, APIs: 1, Instructions: 66COMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 00007FFDFB8E8819

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: memset
String ID:
API String ID: 2221118986-0
Opcode ID: 30d0097c098d0a2c9e6ec4e870c0f712385f61fe009233d20c93c0c5dbd3fad9
Instruction ID: 4225f9b00bcbe443cb0b98ee36a67f47a73a4fe82ad2676ecd2c5ffbaa0cb931
Opcode Fuzzy Hash: 30d0097c098d0a2c9e6ec4e870c0f712385f61fe009233d20c93c0c5dbd3fad9
Instruction Fuzzy Hash: 0311B2A2711B4C42AD08C7AAA8B68B9929AA3ADFD4718F032CE0D4B354DD3CE091C340

Function 00007FFDFB8F4920 Relevance: 1.0, Instructions: 994COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e651fe4c88c82812c6238caf3bdcde6ab459b46390ea8f8b4a9699f07545262f
Instruction ID: 1bda1fb4674d5b31257bf7ffee1b08a0ed086879fa134946f1178f46d8c42b44
Opcode Fuzzy Hash: e651fe4c88c82812c6238caf3bdcde6ab459b46390ea8f8b4a9699f07545262f
Instruction Fuzzy Hash: 6572EAB7B251204BE354CF2AE844E46BB92F7D8748B56A114EE56E7F04D23DEA06CF40

Function 00007FFDFB8F3C00 Relevance: 1.0, Instructions: 989COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f1d4f91dbcd3920678f56ce2ea7d672d73a39a89e5afe551f032633b1d0d58bd
Instruction ID: 964c822f9f187339aa42b2d0479b64a4cd5d221fa53f8ffe4ad9e35da9718a6b
Opcode Fuzzy Hash: f1d4f91dbcd3920678f56ce2ea7d672d73a39a89e5afe551f032633b1d0d58bd
Instruction Fuzzy Hash: A0720977B282244B9318CF26E809D4AB796F7D4704B469128EF16D7F08E67DEA058F84

Function 00007FFDFB8E3580 Relevance: .7, Instructions: 727COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a118a507555301ea384540139cf8e1fb3b65300ff54bfeb7e4b20e0f2e86e279
Instruction ID: 852c32b9953ec21700d980fc1e6038937d7a5e801956d0a3e002a1293e7a34f2
Opcode Fuzzy Hash: a118a507555301ea384540139cf8e1fb3b65300ff54bfeb7e4b20e0f2e86e279
Instruction Fuzzy Hash: 21520C5372D2A287E3644BA9A400B3EF6E1F7D4781F149125EAD983BE9E73CD540DB10

Function 00007FFDFB8E6820 Relevance: .6, Instructions: 593COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 36dddfe8cf3ff9be88c3b72cff50abe549f3a298be1906c93472ea6cf2cfdb2f
Instruction ID: d6d88f746a4ae50c28d8098f9138b2af90f153be50452b50ae4d3fb19734729a
Opcode Fuzzy Hash: 36dddfe8cf3ff9be88c3b72cff50abe549f3a298be1906c93472ea6cf2cfdb2f
Instruction Fuzzy Hash: AC12B377B6016047D76CCF36E816F993796E399758389E12C9A02D7F08DA3DD90ACB80

Function 00007FFDFB903560 Relevance: .5, Instructions: 518COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8160ea691a23e1b632a407eca822979379531e44aeec8686b9d2442b5e3ae57d
Instruction ID: 39c8bcb51add3726d2edab8c7187519a14d4a064d2391af3c8f7b97873896294
Opcode Fuzzy Hash: 8160ea691a23e1b632a407eca822979379531e44aeec8686b9d2442b5e3ae57d
Instruction Fuzzy Hash: 7822837672EA4682DB60DF26E454D2A7365FB88FC4B598139DFAD8B798DF38D4009300

Function 00007FFDFB90CBE0 Relevance: .5, Instructions: 505COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff40ba625cf61736bb64c8bdf5840a366f4253e3d55665abfb5f43b414cbf64c
Instruction ID: bbe0e5525d2b9381ac2a7bf08bf52d8b1fbacf227c80fb818b16a36da1f8c08a
Opcode Fuzzy Hash: ff40ba625cf61736bb64c8bdf5840a366f4253e3d55665abfb5f43b414cbf64c
Instruction Fuzzy Hash: FC22D562E29F904EC353CE75945223A6B58BFA73C4B41E313EE5B76B61DB35E1878200

Function 00007FFDFB8F09B0 Relevance: .5, Instructions: 497COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d0debf0142da6a9273804bc82d00e17f960341957d4bf9a7368440b236c8168
Instruction ID: 997c3dd14e1d13a7656a7e0a3c11de3ada5be3a12d81f12b6a08bd3a15bd4554
Opcode Fuzzy Hash: 5d0debf0142da6a9273804bc82d00e17f960341957d4bf9a7368440b236c8168
Instruction Fuzzy Hash: 4D02F172F2A6C6CAEB744F50A521E7C7FA0FB90B45F459039C75E13BD8DA28AD159300

Function 00007FFDFB922B80 Relevance: .5, Instructions: 495COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5050afa32f6ddfb6a114996f9f218715255f7c7b544984919c9caa6235c0bb16
Instruction ID: 6e6a13050bff6d7fc7e98d5e25d86db8b109a66aa31b16d51c15ba8e6a754126
Opcode Fuzzy Hash: 5050afa32f6ddfb6a114996f9f218715255f7c7b544984919c9caa6235c0bb16
Instruction Fuzzy Hash: C9220532E29A8C47D712CA7794811797B10FFAE7C4B69DB16EE05727A2DB34F1889700

Function 00007FFDFB8C7260 Relevance: .5, Instructions: 471COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 81a7950f2253a1c48c8c137fbc100e25f2fe9e5a0653b74c0b8ed70f9fb77fc6
Instruction ID: 488e457fb0fe294c595c239cdb1f51d67f26a972e67f2aadd8203cf09d524de0
Opcode Fuzzy Hash: 81a7950f2253a1c48c8c137fbc100e25f2fe9e5a0653b74c0b8ed70f9fb77fc6
Instruction Fuzzy Hash: 0E1284732108148BD391CF5EE8C0E5DB7D1F798B4EB629324EB4693B61D632A863D790

Function 00007FFDFB8F1160 Relevance: .3, Instructions: 310COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f7b787218cfe6dc98328e18f40f484bb36194aafcb0adaf6dc1dee95f7ee729
Instruction ID: 725fb493dcc25dff5fd0d4e4e2f0bb5c8d98383d99d11fcebafdcc5015abd8fd
Opcode Fuzzy Hash: 6f7b787218cfe6dc98328e18f40f484bb36194aafcb0adaf6dc1dee95f7ee729
Instruction Fuzzy Hash: F5B1F3B3F2A6C286DB709B54A052E7D7FA0FFA0744F459035CB5A53BD8E738A9159300

Function 00007FFDFB8C9D50 Relevance: .3, Instructions: 304COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b431d04f8cfd326d065826c0ea4a07768d4831b2dc7686569c959b8d95ae5da
Instruction ID: 03bbc64a3b0ed63f2faae3ad777d1c1656dcde94137a58067a1cd9c8e0acccc1
Opcode Fuzzy Hash: 1b431d04f8cfd326d065826c0ea4a07768d4831b2dc7686569c959b8d95ae5da
Instruction Fuzzy Hash: CFB109927195C15AEB198B769820AFB6BA0EB5DBC4F45E072DFDD4B78ACD2CD244C300

Function 00007FFDFB8CA520 Relevance: .3, Instructions: 299COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd04e1f6e5b77fd235431d6daf680498f867f8c369b5541b7e47b1bcb3da3638
Instruction ID: 7020fdc7796e386a3197b6bbadd84d2437dcd0b9def3007740305aaca99f0ca3
Opcode Fuzzy Hash: bd04e1f6e5b77fd235431d6daf680498f867f8c369b5541b7e47b1bcb3da3638
Instruction Fuzzy Hash: DFB1BD735006588FD348DF6AD95843E3BA2F7D8B59B9B0229DB4317390EB70A825DB90

Function 00007FFDFB8CA1B0 Relevance: .3, Instructions: 293COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c26bc9e0afa6a36dad590029bfac38e6475024b67d277dcd255fc33b8d7af121
Instruction ID: 3fdbfbbdc3424e0077fe9e936321c637902623858bab7ab18d9b34922051c50d
Opcode Fuzzy Hash: c26bc9e0afa6a36dad590029bfac38e6475024b67d277dcd255fc33b8d7af121
Instruction Fuzzy Hash: 8BB16F33A005A48BD788DF6ED8A887D37A3E7C871179BC32AD74553389DA746809DBD0

Function 00007FFDFB8E2F20 Relevance: .3, Instructions: 274COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 99f169184c6d2b13734529f87c174bec29b0316c2a188a1d7a05902af3d816c2
Instruction ID: c5fb8787accd7c03591df5b6d29579586cc0d002a1b986e0b59a3f630a074c3c
Opcode Fuzzy Hash: 99f169184c6d2b13734529f87c174bec29b0316c2a188a1d7a05902af3d816c2
Instruction Fuzzy Hash: 29914891B3E16343F76E87C99411F3AA591EF90BC1F84A534DD9A477E8D62EEE408700

Function 00007FFDFB8C6E70 Relevance: .2, Instructions: 220COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c8a701fd31c154d2dc192229eb25d8d25638208f0de1ecaa09b169f4e8a8f8eb
Instruction ID: 5ecff00a341bd34dbe8412c3541c4df4444f7e048cbc0b7a87d7250357c9fd73
Opcode Fuzzy Hash: c8a701fd31c154d2dc192229eb25d8d25638208f0de1ecaa09b169f4e8a8f8eb
Instruction Fuzzy Hash: 45A130720198148BE34BCF5E948021EB3E1FB48A9FB616710EF4F87661D636AE63D750

Function 00007FFDFB9044D0 Relevance: .2, Instructions: 203COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 90b32cb7f7fc63c6fb00127071f37436bbba4780064a9dd077ecd279716693df
Instruction ID: 216a7fd857389d36271781cbb2ebce394ca801ae3f8661dffa4c2e01d95ad107
Opcode Fuzzy Hash: 90b32cb7f7fc63c6fb00127071f37436bbba4780064a9dd077ecd279716693df
Instruction Fuzzy Hash: 3E91E1271082E0AED306CF3A96549AE7FE0F71E788B9AD151DBD54BB47C238E612D710

Function 00007FFDFB8C9A50 Relevance: .2, Instructions: 198COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 76ca8846758f7279c89c706cb55d4a6c794990205b94bc84ef3eb9dab7f83264
Instruction ID: 3b53d339feeefd14c1c35db466f0e2d16619494ca1293b5efc22873f8eea53b7
Opcode Fuzzy Hash: 76ca8846758f7279c89c706cb55d4a6c794990205b94bc84ef3eb9dab7f83264
Instruction Fuzzy Hash: DE617ED27264A686EF999B36CD717AA13917B8CBC0F81B832DD4D87399DD28D844C341

Function 00007FFDFB8F30A0 Relevance: .2, Instructions: 170COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a01a8d336d240b66a520b8f76eca36f64ac119a91bb538f3d36a02399c46787c
Instruction ID: 820ad245ff257483318939df850e84fa9ddcc1c88169ce5b24c03cbeea31248c
Opcode Fuzzy Hash: a01a8d336d240b66a520b8f76eca36f64ac119a91bb538f3d36a02399c46787c
Instruction Fuzzy Hash: 7351F92272F7E641DA348B2A7910BA6AAC5AB98FC5F4990359D0D5FFD4EA3CE8414300

Function 00007FFDFB8CE4C0 Relevance: .2, Instructions: 163COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d77631254022a2564090f98b8bfa30d20299f2ed0b727a65807a914737ba4ae
Instruction ID: 9dd5ab6f4f4fe5b81eb795a67175eb9d7ce45db35f8bbc0060c907579ac0d243
Opcode Fuzzy Hash: 5d77631254022a2564090f98b8bfa30d20299f2ed0b727a65807a914737ba4ae
Instruction Fuzzy Hash: 3F41CBA2F2554303FF19EA76A86543A458377C87D47049139EE1F8BBDDED38E881C240

Function 00007FFDFB901E10 Relevance: .1, Instructions: 149COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: afccfe9f3e014e08196aad724a937f91ef825408217a78f00344b29ce58b4f81
Instruction ID: 51802c52df78913d751da0652ff810d70f692f3447bbe74612967e42fa0cf3d9
Opcode Fuzzy Hash: afccfe9f3e014e08196aad724a937f91ef825408217a78f00344b29ce58b4f81
Instruction Fuzzy Hash: 3E51F677B0A2D19AD7198B31A914AADBFE0F729788B488035EFD943B89C53CD551C710

Function 00007FFDFB8CD210 Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 925e7221762b452499bd5f1cd8d4647ae936fd8bfb8d6f0e8219c8ca6ea31777
Instruction ID: 6595ecd932c9352bfa22748cfd8e22887ba33be07bf6ca6a680c5f955490e0ed
Opcode Fuzzy Hash: 925e7221762b452499bd5f1cd8d4647ae936fd8bfb8d6f0e8219c8ca6ea31777
Instruction Fuzzy Hash: BA4126E3F2A40747E7285A39D861F3916806BA4768B08D037ED2BC77D8E92CF9424341

Function 00007FFDFB8F2B40 Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1da0fa7538a61e1ec26d81ef3ee2e77181907d7570b22cc55868e0e260c2f721
Instruction ID: 16573b083ceef536962a9377327be4deca13683b5289dffda819ccdcad88ec0e
Opcode Fuzzy Hash: 1da0fa7538a61e1ec26d81ef3ee2e77181907d7570b22cc55868e0e260c2f721
Instruction Fuzzy Hash: 99413502F1A2E10BC7924EBF4DDA22DADD2158E44638CC77AA7D4C52DFD86CE60E6614

Function 00007FFDFB8CCCE0 Relevance: .1, Instructions: 138COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1bbb289327d116bb0d3926814ce134dcf89bf85936bb88c31896ce7583001f71
Instruction ID: 9d7c8d2670e8044962a8a6ebdb9013f08d2957a619f8d60d894ee8e950703bb2
Opcode Fuzzy Hash: 1bbb289327d116bb0d3926814ce134dcf89bf85936bb88c31896ce7583001f71
Instruction Fuzzy Hash: CA41E8E3F3A84603EB6C8629CC15B38518367E577174CD236D92AC6FDDE83CDA158942

Function 00007FFDFB8F28B0 Relevance: .1, Instructions: 137COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8289133b11807aa708dee106fcce6d7ef6ccc2dac79a51c200281d0fae8d85f5
Instruction ID: 0a24dedc9a0a57ffe617537608a8400275a41b98e14bb4ea312f375e18c72059
Opcode Fuzzy Hash: 8289133b11807aa708dee106fcce6d7ef6ccc2dac79a51c200281d0fae8d85f5
Instruction Fuzzy Hash: 8741A2522380F00AC76E1F3D293AA39BE92725664774EE36EFE8342AC7D41D8910A714

Function 00007FFDFB8C13A0 Relevance: .1, Instructions: 131COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e751435a9f45e6580fe7b108adce3f96b0c8069535fb2d3307a909beff15caba
Instruction ID: 819752be9f13d3f335fe19b330f13bcc4d7ab81c276277dc2cfe5cede1f7806a
Opcode Fuzzy Hash: e751435a9f45e6580fe7b108adce3f96b0c8069535fb2d3307a909beff15caba
Instruction Fuzzy Hash: EA3168D3F6126B03EF198B696C51FB498416F847D8F449232ED2E5BBC9E43CD946D200

Function 00007FFDFB8CD030 Relevance: .1, Instructions: 127COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66cb80125cf637f8d0b0a114fc56422192b4e9792f88120ada6a7116402668c2
Instruction ID: 9c6edf40ec2ec08815a69acc4b8b2e861d631e453a6d6f6686ff97897ca3c7d4
Opcode Fuzzy Hash: 66cb80125cf637f8d0b0a114fc56422192b4e9792f88120ada6a7116402668c2
Instruction Fuzzy Hash: 5E318FE7B354BA43EB7C5229C865F3805919765770B8CE03AD95AC2F81E81EE6418F42

Function 00007FFDFB8C1990 Relevance: .1, Instructions: 120COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f50bf9d45b07f9fed7a8078693abee7f23351cad672a747608ffeb063cebe12d
Instruction ID: 6942e4eb04130c4010c8e2d81fd912506f670df7da70507bf0eea88a6e6a6b7a
Opcode Fuzzy Hash: f50bf9d45b07f9fed7a8078693abee7f23351cad672a747608ffeb063cebe12d
Instruction Fuzzy Hash: BC517E73218AE28AD792DB64D498FED3BA4F719384F964471CBAC83751DBB5D890C700

Function 00007FFDFB8C1730 Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 860bab9d395cf43ed3b1cf56782110bfed2c0c3dddb8109515e6473b81413bd7
Instruction ID: 68e61d879d9776c4171681a46611d3a0e8b919e425fa83dae27d72fa0129fa2b
Opcode Fuzzy Hash: 860bab9d395cf43ed3b1cf56782110bfed2c0c3dddb8109515e6473b81413bd7
Instruction Fuzzy Hash: EC519F736186E186E792DB64D458FED7BA4F718384FA68071CBEC83741DBA5C990C700

Function 00007FFDFB8E33E0 Relevance: .1, Instructions: 114COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf754ad211c098a8f34c6fa0d70b3b75da22e1392d81fac143d3245663dd1af9
Instruction ID: fdadd996ccc0a01676035228bdbc8c0989550625c35b0396e808ca87ae8204c3
Opcode Fuzzy Hash: bf754ad211c098a8f34c6fa0d70b3b75da22e1392d81fac143d3245663dd1af9
Instruction Fuzzy Hash: 1241C6E273C0B353F3364748E011D2EF7A1FB92BC5B546210DBA412EA88626D958DF20

Function 00007FFDFB904330 Relevance: .1, Instructions: 109COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 51b6c65e6f8fbbfa1a7d368a2725116908e408c53695cc2cda4a45b28fc02054
Instruction ID: bfb57210ed2c1a759b3b142672ecbb497ae8d6c02706b4ec72007ccc3d915304
Opcode Fuzzy Hash: 51b6c65e6f8fbbfa1a7d368a2725116908e408c53695cc2cda4a45b28fc02054
Instruction Fuzzy Hash: F14171731046648BD301CF2AE980A5AB7E1F398B4CFA5D225DF4257356D739E907C780

Function 00007FFDFB8CB460 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b83fdb0131200dfce48832797b5ce1ee65e01df28847898595a6ba08a50e8d6
Instruction ID: c0b5700817b06ffaa7fe4ea303d98aca630e9e9141c06c526d816d48b94963ea
Opcode Fuzzy Hash: 1b83fdb0131200dfce48832797b5ce1ee65e01df28847898595a6ba08a50e8d6
Instruction Fuzzy Hash: 15216DE7F3086A03EB68423DEC16F2404C251B977434CE136EA16C6F85F42EEA424A83

Function 00007FFDFB8E2D20 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9accf3f83477c77ce7ab5b6679156a875be267288f965f0b915796913070d0d7
Instruction ID: 7eed5754b1834e89ad7b281dee9995115732208a055216060500222a49c2bc36
Opcode Fuzzy Hash: 9accf3f83477c77ce7ab5b6679156a875be267288f965f0b915796913070d0d7
Instruction Fuzzy Hash: 1121299B7315F903FB010ABE6D056759982A188BF73499732ECA8E77CDC478DC519290

Function 00007FFDFB8E2BF0 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a414ea0c491aecb8e1acee4f50acb857c601688e8d49eddf1fb7be55f6bcb7eb
Instruction ID: 7a5d0e89ee220409aea0cd3b8462f96d225d0e593cd00c887ba69c6791ff7a16
Opcode Fuzzy Hash: a414ea0c491aecb8e1acee4f50acb857c601688e8d49eddf1fb7be55f6bcb7eb
Instruction Fuzzy Hash: 7F213E9FF656BA03FB1846AF6C412786280E648BF63489732DDDDE77CAD47C890291D0

Function 00007FFDFB8CC1A0 Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 13f149c23a356f76f238516a0c29d6d6da4b78dcaf03ebe63ea6bb4be2698659
Instruction ID: ab69d362a7472616dabf5fea2fcd2eef93b9e7a8800332ce05b872d4123cb5cf
Opcode Fuzzy Hash: 13f149c23a356f76f238516a0c29d6d6da4b78dcaf03ebe63ea6bb4be2698659
Instruction Fuzzy Hash: F921E5FBF390A643EB754B2EE400F34154163A1BB4B98E036C91E83ED4D916DA029F02

Function 00007FFDFB8CD700 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6e375ad6e9128b21d2b8073199f54bc1e05150e57f45dacb5095166fe167bd8
Instruction ID: 17bf9c4736cbfe81c8d7403579e5e9a14cc436657eab7f2b03fe2429e777f3e7
Opcode Fuzzy Hash: b6e375ad6e9128b21d2b8073199f54bc1e05150e57f45dacb5095166fe167bd8
Instruction Fuzzy Hash: 772124B3B708AA46D7508779E846F956990E3A1B48F98E631E725D3EC0D13EE092C740

Function 00007FFDFB8CD8D0 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 333bc48ed0cd00a2d1b15b774f25581d7625ddc281499ec81eb7566562b50259
Instruction ID: 640711f3db43462fea40446be1afc9fe1b0a5b46081b5e2449f66566b8ab36ba
Opcode Fuzzy Hash: 333bc48ed0cd00a2d1b15b774f25581d7625ddc281499ec81eb7566562b50259
Instruction Fuzzy Hash: DD118EF3B324B20BD7489AB8CC163A932C2D3C8706F9CC535A755CAA89D53CE2559604

Function 00007FFDFB8CB790 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 921da5e6bee8a79c60022e540b3013bc24987b6f10c9384b169f9994f4f13c7f
Instruction ID: 0ae5c0fa4c639253c05ea8e4b51e913fe10cad47cb12445546a9689ed296be73
Opcode Fuzzy Hash: 921da5e6bee8a79c60022e540b3013bc24987b6f10c9384b169f9994f4f13c7f
Instruction Fuzzy Hash: 53112AFBF3547A03EB7C025AE832F74054196B5BA898CE03EDE1B22F81E81E56404B46

Function 00007FFDFB8CB5C0 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48c7e682ef6fe0021f165804b69b7812e3084bd1803e36f36abadd25f99cf90a
Instruction ID: d428178b1f990570bef91305b3fc641c48a020df182cb99c08c3cdbff21cda9a
Opcode Fuzzy Hash: 48c7e682ef6fe0021f165804b69b7812e3084bd1803e36f36abadd25f99cf90a
Instruction Fuzzy Hash: 621182D7F3696E03EB60462DCC42B24018297E577178CE432E819C6F99E83EE6418A42

Function 00007FFDFB8CDEF0 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b8c63fbc3d1884eef626a7aef42dd066a5768f9b76b144cbd0180c709170efd
Instruction ID: 1e81f51e0dc3e501dcfcc6f7f700a074c6dd293aad224c420436dcc1873119a2
Opcode Fuzzy Hash: 5b8c63fbc3d1884eef626a7aef42dd066a5768f9b76b144cbd0180c709170efd
Instruction Fuzzy Hash: 6C1124F2B350924BEB95A728C428EBC33D1F7C4344F858133DA06865CCD72CA841C350

Function 00007FFDFB8CB8D0 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 87362e0b0484954b111388de62736d52838e743fda6cb01bb5a4730a87f793d9
Instruction ID: 0635468c725f67cbdf9ac173af362e23d02d55adb27501cd962fbfee0af82eeb
Opcode Fuzzy Hash: 87362e0b0484954b111388de62736d52838e743fda6cb01bb5a4730a87f793d9
Instruction Fuzzy Hash: 05017CE7F3286A03DB64867DCC0670400C396F877178CD031A914C6F89F83EE6458A42

Function 00007FFDFB8CB380 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b36b57bc46747f380974be252968c61105f93df6c2abcd15431a709e92770c1
Instruction ID: 14bd2cacf1174b1c4f3da44626b05ac20a3ec18444f4115fae820648a13c1207
Opcode Fuzzy Hash: 7b36b57bc46747f380974be252968c61105f93df6c2abcd15431a709e92770c1
Instruction Fuzzy Hash: 43F0B7D7F3685A03EB5C456DDC1631401C391E823238DD13ABA47C6B8AF839EA968643

Function 00007FFDFB8C99C0 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3dde2236b060dd472fafee045e56aa39d7b712360777964fc0ed02c3a9815e90
Instruction ID: 5dd0843469ef9bb73b9f5c22db80f93ac9e6ae0c3d8e47ba6da23d9519b5fb62
Opcode Fuzzy Hash: 3dde2236b060dd472fafee045e56aa39d7b712360777964fc0ed02c3a9815e90
Instruction Fuzzy Hash: F5F0AFD9231BB64BEA15A69990D07D69721F30CBC6B70A622DE4D27375CA13A10BDA00

Function 00007FFE1A528C24 Relevance: 54.6, APIs: 3, Strings: 28, Instructions: 352COMMON

Download Yara Rule

APIs

DName::operator+.LIBVCRUNTIME ref: 00007FFE1A52913D
DName::operator+.LIBVCRUNTIME ref: 00007FFE1A529175
DName::operator+.LIBVCRUNTIME ref: 00007FFE1A5291AF

Strings

__w64 , xrefs: 00007FFE1A528E3A
__int128, xrefs: 00007FFE1A528EB7
void, xrefs: 00007FFE1A528D86
char16_t, xrefs: 00007FFE1A529065
wchar_t, xrefs: 00007FFE1A5290A8
volatile, xrefs: 00007FFE1A528FF8
signed , xrefs: 00007FFE1A52910A
__int8, xrefs: 00007FFE1A528E2E
short, xrefs: 00007FFE1A528CE0
char32_t, xrefs: 00007FFE1A5290B7
unsigned , xrefs: 00007FFE1A5290FA
decltype(auto), xrefs: 00007FFE1A5290C6
char, xrefs: 00007FFE1A528CF2
UNKNOWN, xrefs: 00007FFE1A52908D
long , xrefs: 00007FFE1A528D31
<unknown>, xrefs: 00007FFE1A528F1B
int, xrefs: 00007FFE1A528CCE
char8_t, xrefs: 00007FFE1A528F2D
bool, xrefs: 00007FFE1A529056
__int64, xrefs: 00007FFE1A528EC9
__int16, xrefs: 00007FFE1A528E1C
double, xrefs: 00007FFE1A528D48
auto, xrefs: 00007FFE1A528F3F
__int32, xrefs: 00007FFE1A528EDB
long, xrefs: 00007FFE1A528CBC
const, xrefs: 00007FFE1A528FDD
float, xrefs: 00007FFE1A528D74
volatile, xrefs: 00007FFE1A529025

Memory Dump Source

Source File: 0000000A.00000002.1880848648.00007FFE1A521000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE1A520000, based on PE: true

Associated: 0000000A.00000002.1880831686.00007FFE1A520000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880871127.00007FFE1A531000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880891439.00007FFE1A536000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880909384.00007FFE1A537000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffe1a520000_obs-ffmpeg-mux.jbxd

Similarity

API ID: Name::operator+
String ID: volatile$<unknown>$UNKNOWN$__int128$__int16$__int32$__int64$__int8$__w64 $auto$bool$char$char16_t$char32_t$char8_t$const$decltype(auto)$double$float$int$long$long $short$signed $unsigned $void$volatile$wchar_t
API String ID: 2943138195-1388207849
Opcode ID: 34b20832b4d5a9c82cdd9a34609b0a596913eac70dfc3082442192f721d64891
Instruction ID: 2a85a979f7a0deb5460ed37b7c1043d3ad92640ab528afb4a6f7e88fb2f3aaa8
Opcode Fuzzy Hash: 34b20832b4d5a9c82cdd9a34609b0a596913eac70dfc3082442192f721d64891
Instruction Fuzzy Hash: 98F16A62B0CE16C4F7158BE6D8942BC26B2BF52BA4F4045F7DA0D56AB8DF3DA604C340

Function 00007FF7E74D25C0 Relevance: 51.0, APIs: 6, Strings: 23, Instructions: 206COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7E74D2570: printf.MSPDB140-MSVCRT ref: 00007FF7E74D2587

Part of subcall function 00007FF7E74D2530: atoi.API-MS-WIN-CRT-CONVERT-L1-1-0(?,?,?,?,00000000,00007FF7E74D2617,?,?,?,00007FF7E74D1BD6,?,?,?,00007FF7E74D1A02), ref: 00007FF7E74D2552

puts.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,00007FF7E74D1BD6,?,?,?,00007FF7E74D1A02), ref: 00007FF7E74D28DF

Strings

video colorspace, xrefs: 00007FF7E74D2731
audio codec, xrefs: 00007FF7E74D2809
audio track count, xrefs: 00007FF7E74D261F
Invalid number of video tracks, xrefs: 00007FF7E74D28D8
video width, xrefs: 00007FF7E74D26B9
video color primaries, xrefs: 00007FF7E74D26F5
video height, xrefs: 00007FF7E74D26D7
muxer settings, xrefs: 00007FF7E74D28BA
{stream_key}, xrefs: 00007FF7E74D2897
video color range, xrefs: 00007FF7E74D274F
video codec tag, xrefs: 00007FF7E74D27DE
Invalid number of audio tracks, xrefs: 00007FF7E74D2652
video max luminance, xrefs: 00007FF7E74D278B
video codec, xrefs: 00007FF7E74D267D
stream key, xrefs: 00007FF7E74D2872
Must have at least 1 audio track or 1 video track, xrefs: 00007FF7E74D266A
video bitrate, xrefs: 00007FF7E74D269B
video fps den, xrefs: 00007FF7E74D27C7
video fps num, xrefs: 00007FF7E74D27A9
video track count, xrefs: 00007FF7E74D2601
file name, xrefs: 00007FF7E74D25E1
video chroma sample location, xrefs: 00007FF7E74D276D
video color trc, xrefs: 00007FF7E74D2713

Memory Dump Source

Source File: 0000000A.00000002.1869547646.00007FF7E74D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7E74D0000, based on PE: true

Associated: 0000000A.00000002.1869530177.00007FF7E74D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000A.00000002.1869595077.00007FF7E74D5000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000A.00000002.1869613697.00007FF7E74D6000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000A.00000002.1869636249.00007FF7E74D9000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff7e74d0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: atoiprintfputs
String ID: Invalid number of audio tracks$Invalid number of video tracks$Must have at least 1 audio track or 1 video track$audio codec$audio track count$file name$muxer settings$stream key$video bitrate$video chroma sample location$video codec$video codec tag$video color primaries$video color range$video color trc$video colorspace$video fps den$video fps num$video height$video max luminance$video track count$video width${stream_key}
API String ID: 3402752964-4246942696
Opcode ID: bbb72588bee9787a683502761444138c14bf0f1375247d53f9cdc5c5b4da8170
Instruction ID: 80e1574d06f01c8dbbc4d374cd3215433db0aada3ed728efd707b0b91a5343b8
Opcode Fuzzy Hash: bbb72588bee9787a683502761444138c14bf0f1375247d53f9cdc5c5b4da8170
Instruction Fuzzy Hash: 79814C6490864291FA90EB51E594AF9D391AB0A780FC34233EFAD47695DF3CE10FD322

Function 00007FF7E74D1C50 Relevance: 42.2, APIs: 22, Strings: 2, Instructions: 215COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7E74D1C70
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7E74D1C8E
fprintf.MSPDB140-MSVCRT ref: 00007FF7E74D1C9E

Part of subcall function 00007FF7E74D2320: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,00007FF7E74D29D8,?,?,?,00007FF7E74D12F1), ref: 00007FF7E74D2357

os_event_wait.OBS ref: 00007FF7E74D1CEF
pthread_mutex_lock.W32-PTHREADS ref: 00007FF7E74D1D0F
memcpy.VCRUNTIME140 ref: 00007FF7E74D1D5D
memcpy.VCRUNTIME140 ref: 00007FF7E74D1D76
memcpy.VCRUNTIME140 ref: 00007FF7E74D1E2D
memcpy.VCRUNTIME140 ref: 00007FF7E74D1E48
os_event_signal.OBS ref: 00007FF7E74D1EB8
fclose.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7E74D200F

Strings

Error writing to '%s', %s, xrefs: 00007FF7E74D1FC3
Error allocating memory for output, xrefs: 00007FF7E74D1C97

Memory Dump Source

Source File: 0000000A.00000002.1869547646.00007FF7E74D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7E74D0000, based on PE: true

Associated: 0000000A.00000002.1869530177.00007FF7E74D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000A.00000002.1869595077.00007FF7E74D5000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000A.00000002.1869613697.00007FF7E74D6000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000A.00000002.1869636249.00007FF7E74D9000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff7e74d0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: memcpy$__acrt_iob_func__stdio_common_vfprintffclosefprintfmallocos_event_signalos_event_waitpthread_mutex_lock
String ID: Error allocating memory for output$Error writing to '%s', %s
API String ID: 2637689336-4070097938
Opcode ID: a31c7b85b8c0d82d0157cb35a6e72543ed071c06804e902690462ed57beb3fc0
Instruction ID: 8e6a924e6549264d7f1e3bd19278cc1bf370c718b1ffec4ce255e2acddac0081
Opcode Fuzzy Hash: a31c7b85b8c0d82d0157cb35a6e72543ed071c06804e902690462ed57beb3fc0
Instruction Fuzzy Hash: D7A15172A08A8685D791AF21E4803FDA360FB4AB88F854036DFED07759DF78D14AC321

Function 00007FFE1A4F8C00 Relevance: 38.6, APIs: 12, Strings: 10, Instructions: 105COMMON

Download Yara Rule

APIs

av_opt_set_int.AVUTIL-58 ref: 00007FFE1A4F8C44
av_opt_set_int.AVUTIL-58 ref: 00007FFE1A4F8C63
av_opt_set_int.AVUTIL-58 ref: 00007FFE1A4F8C82
av_opt_set_int.AVUTIL-58 ref: 00007FFE1A4F8CA3
av_opt_set_int.AVUTIL-58 ref: 00007FFE1A4F8CC4
av_opt_set_int.AVUTIL-58 ref: 00007FFE1A4F8CE5
av_get_channel_layout_nb_channels.AVUTIL-58 ref: 00007FFE1A4F8CFE
av_opt_set_int.AVUTIL-58 ref: 00007FFE1A4F8D15
av_get_channel_layout_nb_channels.AVUTIL-58 ref: 00007FFE1A4F8D2A
av_opt_set_int.AVUTIL-58 ref: 00007FFE1A4F8D41
av_opt_set_int.AVUTIL-58 ref: 00007FFE1A4F8D5C
av_log.AVUTIL-58 ref: 00007FFE1A4F8D9C

Strings

ich, xrefs: 00007FFE1A4F8D0B
uch, xrefs: 00007FFE1A4F8D55
Failed to set option, xrefs: 00007FFE1A4F8D90
osf, xrefs: 00007FFE1A4F8C5C
ocl, xrefs: 00007FFE1A4F8C2B
osr, xrefs: 00007FFE1A4F8C7B
isr, xrefs: 00007FFE1A4F8CDE
isf, xrefs: 00007FFE1A4F8CBD
icl, xrefs: 00007FFE1A4F8C9C
och, xrefs: 00007FFE1A4F8D37

Memory Dump Source

Source File: 0000000A.00000002.1880712702.00007FFE1A4F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE1A4F0000, based on PE: true

Associated: 0000000A.00000002.1880696125.00007FFE1A4F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880739274.00007FFE1A509000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880758605.00007FFE1A512000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880777276.00007FFE1A513000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880794427.00007FFE1A516000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880815026.00007FFE1A517000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffe1a4f0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: av_opt_set_int$av_get_channel_layout_nb_channels$av_log
String ID: Failed to set option$ich$icl$isf$isr$och$ocl$osf$osr$uch
API String ID: 2637049493-2814753009
Opcode ID: 0f1e360016396a0d2e4be37984f8ca9eacfdb0712dded5c64320b3a02cc610f5
Instruction ID: 8ec10962df84eb075e0c041fd8ced74ddd414d40c0e9c67d00d46b568dc3a102
Opcode Fuzzy Hash: 0f1e360016396a0d2e4be37984f8ca9eacfdb0712dded5c64320b3a02cc610f5
Instruction Fuzzy Hash: 98414C22B0DF4241FA10AB17F6906BE16A0EF96BA4F4410F2DF4C8BA65EE2CE441C700

Function 00007FFDFB8D0410 Relevance: 36.1, APIs: 24, Instructions: 131COMMON

Download Yara Rule

APIs

_aligned_free.MSVCRT ref: 00007FFDFB8D043E
_aligned_free.MSVCRT ref: 00007FFDFB8D0475
_aligned_free.MSVCRT ref: 00007FFDFB8D04AD
_aligned_free.MSVCRT ref: 00007FFDFB8D04DD
_aligned_free.MSVCRT ref: 00007FFDFB8D050D
_aligned_free.MSVCRT ref: 00007FFDFB8D0528
_aligned_free.MSVCRT ref: 00007FFDFB8D0531
_aligned_free.MSVCRT ref: 00007FFDFB8D053A
_aligned_free.MSVCRT ref: 00007FFDFB8D0542
_aligned_free.MSVCRT ref: 00007FFDFB8D054A
_aligned_free.MSVCRT ref: 00007FFDFB8D0553
_aligned_free.MSVCRT ref: 00007FFDFB8D055C
_aligned_free.MSVCRT ref: 00007FFDFB8D0564
_aligned_free.MSVCRT ref: 00007FFDFB8D056C
_aligned_free.MSVCRT ref: 00007FFDFB8D0575
_aligned_free.MSVCRT ref: 00007FFDFB8D057E
_aligned_free.MSVCRT ref: 00007FFDFB8D0586
_aligned_free.MSVCRT ref: 00007FFDFB8D058F
_aligned_free.MSVCRT ref: 00007FFDFB8D0598
_aligned_free.MSVCRT ref: 00007FFDFB8D05A1
_aligned_free.MSVCRT ref: 00007FFDFB8D05A9
_aligned_free.MSVCRT ref: 00007FFDFB8D05B2
_aligned_free.MSVCRT ref: 00007FFDFB8D05BC
_aligned_free.MSVCRT ref: 00007FFDFB8D05C6

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _aligned_free
String ID:
API String ID: 2229574080-0
Opcode ID: b1b7e4f8b11abefead583c2dde418006ab1f199e84be47299285f48100eacfdc
Instruction ID: 477483f31d80b27316d8d75d434d2aed345d504d33830735550918148ef87cd0
Opcode Fuzzy Hash: b1b7e4f8b11abefead583c2dde418006ab1f199e84be47299285f48100eacfdc
Instruction Fuzzy Hash: 3A51FD2AB2650392DB54EB52E8A5DBE2726FFCCF44B054576DE2D573E9CE28E401C380

Function 00007FFE1A4FB2B0 Relevance: 35.1, APIs: 13, Strings: 7, Instructions: 120COMMON

Download Yara Rule

APIs

av_channel_layout_from_mask.AVUTIL-58 ref: 00007FFE1A4FB314
av_channel_layout_copy.AVUTIL-58 ref: 00007FFE1A4FB32F
av_opt_set_chlayout.AVUTIL-58 ref: 00007FFE1A4FB34F
av_opt_set_int.AVUTIL-58 ref: 00007FFE1A4FB370
av_opt_set_int.AVUTIL-58 ref: 00007FFE1A4FB394
av_channel_layout_uninit.AVUTIL-58 ref: 00007FFE1A4FB3D2
av_channel_layout_from_mask.AVUTIL-58 ref: 00007FFE1A4FB3E1
av_opt_set_chlayout.AVUTIL-58 ref: 00007FFE1A4FB3F6
av_opt_set_int.AVUTIL-58 ref: 00007FFE1A4FB413
av_opt_set_int.AVUTIL-58 ref: 00007FFE1A4FB433
av_channel_layout_uninit.AVUTIL-58 ref: 00007FFE1A4FB477

Strings

Failed to set option, xrefs: 00007FFE1A4FB460
isf, xrefs: 00007FFE1A4FB366
osf, xrefs: 00007FFE1A4FB409
ochl, xrefs: 00007FFE1A4FB3EC
osr, xrefs: 00007FFE1A4FB429
ichl, xrefs: 00007FFE1A4FB345
isr, xrefs: 00007FFE1A4FB38A

Memory Dump Source

Source File: 0000000A.00000002.1880712702.00007FFE1A4F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE1A4F0000, based on PE: true

Associated: 0000000A.00000002.1880696125.00007FFE1A4F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880739274.00007FFE1A509000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880758605.00007FFE1A512000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880777276.00007FFE1A513000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880794427.00007FFE1A516000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880815026.00007FFE1A517000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffe1a4f0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: av_opt_set_int$av_channel_layout_from_maskav_channel_layout_uninitav_opt_set_chlayout$av_channel_layout_copy
String ID: Failed to set option$ichl$isf$isr$ochl$osf$osr
API String ID: 389780152-1201144049
Opcode ID: c1b362974a6b1451826b30618634720778a4b9fcb98fd731a30a779224ad2209
Instruction ID: 0775a0ca9f41a5e4905338384d3ec2bba56ae044ef4edef414ada3902864a380
Opcode Fuzzy Hash: c1b362974a6b1451826b30618634720778a4b9fcb98fd731a30a779224ad2209
Instruction Fuzzy Hash: 9F419D61B08F4381EA11962BA2607FA1351FF06FE8F8460F3CE0D4A265EE7DE809C240

Function 00007FFDFB8F8800 Relevance: 34.6, APIs: 12, Strings: 11, Instructions: 88stringCOMMON

Download Yara Rule

APIs

strcmp.MSVCRT ref: 00007FFDFB8F8813
strcmp.MSVCRT ref: 00007FFDFB8F882A
strcmp.MSVCRT ref: 00007FFDFB8F8841
strcmp.MSVCRT ref: 00007FFDFB8F8858
strcmp.MSVCRT ref: 00007FFDFB8F886F
strcmp.MSVCRT ref: 00007FFDFB8F8886
strcmp.MSVCRT ref: 00007FFDFB8F889D
strcmp.MSVCRT ref: 00007FFDFB8F88B4
strcmp.MSVCRT ref: 00007FFDFB8F88CB
strcmp.MSVCRT ref: 00007FFDFB8F88DE
strcmp.MSVCRT ref: 00007FFDFB8F88F1
strcmp.MSVCRT ref: 00007FFDFB8F8904

Strings

dblp, xrefs: 00007FFDFB8F88D7
dbl, xrefs: 00007FFDFB8F8868
fltp, xrefs: 00007FFDFB8F88C4
s16p, xrefs: 00007FFDFB8F8896
s32, xrefs: 00007FFDFB8F883A
s16, xrefs: 00007FFDFB8F8823
u8p, xrefs: 00007FFDFB8F887F
s32p, xrefs: 00007FFDFB8F88AD
flt, xrefs: 00007FFDFB8F8851
s64p, xrefs: 00007FFDFB8F88FD
s64, xrefs: 00007FFDFB8F88EA

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: strcmp
String ID: dbl$dblp$flt$fltp$s16$s16p$s32$s32p$s64$s64p$u8p
API String ID: 1004003707-1774405992
Opcode ID: c5f0c382e97445bf1fdad9ea523356781cb8596a76fcd8cb5a790a5f3faa4372
Instruction ID: 6956228aede4871605e860d78064640ff86a8648a1fa78346aed6045803238f1
Opcode Fuzzy Hash: c5f0c382e97445bf1fdad9ea523356781cb8596a76fcd8cb5a790a5f3faa4372
Instruction Fuzzy Hash: 5031C850B2E58380FFA09725ED76A751695EF90385F908432D87D8A2FDED1CED44E312

Function 00007FFE1A4F7650 Relevance: 33.6, APIs: 15, Strings: 4, Instructions: 309COMMON

Download Yara Rule

APIs

av_freep.AVUTIL-58 ref: 00007FFE1A4F7784
av_freep.AVUTIL-58 ref: 00007FFE1A4F7791
av_mallocz.AVUTIL-58 ref: 00007FFE1A4F779B
av_get_bytes_per_sample.AVUTIL-58 ref: 00007FFE1A4F77BB
av_calloc.AVUTIL-58 ref: 00007FFE1A4F782F
memcpy.MSVCRT ref: 00007FFE1A4F78D1
memcpy.MSVCRT ref: 00007FFE1A4F7905
av_reduce.AVUTIL-58 ref: 00007FFE1A4F7934

Strings

Assertion %s failed at %s:%d, xrefs: 00007FFE1A4F7B1A
Unsupported sample format, xrefs: 00007FFE1A4F7AF0
Filter length too large, xrefs: 00007FFE1A4F79E2
src/libswresample/resample.c, xrefs: 00007FFE1A4F7B03

Memory Dump Source

Source File: 0000000A.00000002.1880712702.00007FFE1A4F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE1A4F0000, based on PE: true

Associated: 0000000A.00000002.1880696125.00007FFE1A4F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880739274.00007FFE1A509000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880758605.00007FFE1A512000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880777276.00007FFE1A513000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880794427.00007FFE1A516000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880815026.00007FFE1A517000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffe1a4f0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: av_freepmemcpy$av_callocav_get_bytes_per_sampleav_malloczav_reduce
String ID: Assertion %s failed at %s:%d$Filter length too large$Unsupported sample format$src/libswresample/resample.c
API String ID: 2174235161-2726094951
Opcode ID: c5a204f5f4996df374bfc84a6a3db035d48d9563b93a9ca167c4fa16f58e0cf6
Instruction ID: 7316bd15e87445b33df8388322d19082607f00a74f4d59d4f535d54f826a6e04
Opcode Fuzzy Hash: c5a204f5f4996df374bfc84a6a3db035d48d9563b93a9ca167c4fa16f58e0cf6
Instruction Fuzzy Hash: 57D1F872A08F818AD765CB29D1403BD7394FB45B91F1093B7DA4AA76A1DF3CE445CB00

Function 00007FFDFB8D6890 Relevance: 31.7, APIs: 16, Strings: 2, Instructions: 201COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32 ref: 00007FFDFB8D6903
MultiByteToWideChar.KERNEL32 ref: 00007FFDFB8D6945
GetFullPathNameW.KERNEL32 ref: 00007FFDFB8D696E
GetFullPathNameW.KERNEL32 ref: 00007FFDFB8D69A2
wcslen.MSVCRT ref: 00007FFDFB8D69C1
_wsopen.MSVCRT ref: 00007FFDFB8D69EB
_sopen.MSVCRT ref: 00007FFDFB8D6A15
wcslen.MSVCRT ref: 00007FFDFB8D6A98
wcscpy.MSVCRT ref: 00007FFDFB8D6AE5
wcscat.MSVCRT ref: 00007FFDFB8D6AF0
_errno.MSVCRT ref: 00007FFDFB8D6B77
wcscpy.MSVCRT ref: 00007FFDFB8D6BB8
wcscat.MSVCRT ref: 00007FFDFB8D6BC4
_errno.MSVCRT ref: 00007FFDFB8D6BCE
_errno.MSVCRT ref: 00007FFDFB8D6BE3

Strings

\\?\UNC\, xrefs: 00007FFDFB8D6BAE
\\?\, xrefs: 00007FFDFB8D6ADB

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _errno$ByteCharFullMultiNamePathWidewcscatwcscpywcslen$_sopen_wsopen
String ID: \\?\$\\?\UNC\
API String ID: 2611099503-3019864461
Opcode ID: 8b58886237893d285495af4019e8dee8374e10659ea7d6d5ad0572367657074e
Instruction ID: e19f50025cb8a49aec6d5e4646e769e78ba428a7fc2e8740065e8410d6d7c9f9
Opcode Fuzzy Hash: 8b58886237893d285495af4019e8dee8374e10659ea7d6d5ad0572367657074e
Instruction Fuzzy Hash: 73717225F2A64780EB649B55A824B7A26D0FFC9790F549236EA6E077FDDE7CD440C300

Function 00007FFDFB8DE100 Relevance: 30.1, APIs: 2, Strings: 15, Instructions: 302stringCOMMON

Download Yara Rule

APIs

strtol.MSVCRT ref: 00007FFDFB8DE144
strtol.MSVCRT ref: 00007FFDFB8DE178

Strings

Using CUDA primary device context, xrefs: 00007FFDFB8DE430
Could not dynamically load CUDA, xrefs: 00007FFDFB8DE48E
cu->cuCtxPopCurrent(&dummy), xrefs: 00007FFDFB8DE295, 00007FFDFB8DE5DC
cu->cuCtxCreate(&hwctx->cuda_ctx, desired_flags, hwctx->internal->cuda_device), xrefs: 00007FFDFB8DE258, 00007FFDFB8DE59C
Calling %s, xrefs: 00007FFDFB8DE1AE, 00007FFDFB8DE1F1, 00007FFDFB8DE25F, 00007FFDFB8DE29C, 00007FFDFB8DE30F, 00007FFDFB8DE36D, 00007FFDFB8DE4D2
cu->cuDevicePrimaryCtxRetain(&hwctx->cuda_ctx, hwctx->internal->cuda_device), xrefs: 00007FFDFB8DE366, 00007FFDFB8DE3AF
Primary context already active with incompatible flags., xrefs: 00007FFDFB8DE520
cu->cuDevicePrimaryCtxSetFlags(hwctx->internal->cuda_device, desired_flags), xrefs: 00007FFDFB8DE4CB, 00007FFDFB8DE514
cu->cuInit(0), xrefs: 00007FFDFB8DE1A7, 00007FFDFB8DE555
primary_ctx, xrefs: 00007FFDFB8DE127
-> %s: %s, xrefs: 00007FFDFB8DE3ED, 00007FFDFB8DE610
%s failed, xrefs: 00007FFDFB8DE3C0, 00007FFDFB8DE5E3
cu->cuDevicePrimaryCtxGetState(hwctx->internal->cuda_device, &dev_flags, &dev_active), xrefs: 00007FFDFB8DE308, 00007FFDFB8DE5BC
Disabling use of CUDA primary device context, xrefs: 00007FFDFB8DE151
cu->cuDeviceGet(&hwctx->internal->cuda_device, device_idx), xrefs: 00007FFDFB8DE1EA, 00007FFDFB8DE57C

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: strtol
String ID: -> %s: %s$%s failed$Calling %s$Could not dynamically load CUDA$Disabling use of CUDA primary device context$Primary context already active with incompatible flags.$Using CUDA primary device context$cu->cuCtxCreate(&hwctx->cuda_ctx, desired_flags, hwctx->internal->cuda_device)$cu->cuCtxPopCurrent(&dummy)$cu->cuDeviceGet(&hwctx->internal->cuda_device, device_idx)$cu->cuDevicePrimaryCtxGetState(hwctx->internal->cuda_device, &dev_flags, &dev_active)$cu->cuDevicePrimaryCtxRetain(&hwctx->cuda_ctx, hwctx->internal->cuda_device)$cu->cuDevicePrimaryCtxSetFlags(hwctx->internal->cuda_device, desired_flags)$cu->cuInit(0)$primary_ctx
API String ID: 76114499-3193254869
Opcode ID: b1d8503496d87b39853df48a8e21de1adfc12c32e64f3833a9af2b5287376059
Instruction ID: 69885f6c18b09cff51d3ed6f7445c9477025935eefb600c1c8f1cfbe91f45fb4
Opcode Fuzzy Hash: b1d8503496d87b39853df48a8e21de1adfc12c32e64f3833a9af2b5287376059
Instruction Fuzzy Hash: 40D14F2571AA4391EB589B61E420BBA2361FB88798F909533DE2E177F8DF3DE445C340

Function 00007FFDFB8C8700 Relevance: 28.9, APIs: 12, Strings: 7, Instructions: 414stringCOMMON

Download Yara Rule

APIs

strchr.MSVCRT ref: 00007FFDFB8C87CB

Strings

', xrefs: 00007FFDFB8C8C16
<, xrefs: 00007FFDFB8C8742
&, xrefs: 00007FFDFB8C8926, 00007FFDFB8C8C88, 00007FFDFB8C8CA0
'\'', xrefs: 00007FFDFB8C88BB
, xrefs: 00007FFDFB8C89A7, 00007FFDFB8C89C5, 00007FFDFB8C8AB7, 00007FFDFB8C8AD6
", xrefs: 00007FFDFB8C8771, 00007FFDFB8C8DC8
>, xrefs: 00007FFDFB8C8753

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: strchr
String ID: $&$'$>$<$"$'\''
API String ID: 2830005266-2908976646
Opcode ID: 58878a93e8017a577d70043575bf448a998ddca24cee1ed7eb6ac7db7c468040
Instruction ID: 4262e56ea72ea37831f20b15ab4ab9c45ed0ad9672c8d852ef22f058590e093e
Opcode Fuzzy Hash: 58878a93e8017a577d70043575bf448a998ddca24cee1ed7eb6ac7db7c468040
Instruction Fuzzy Hash: DEE19DD4BBF66344FB6497125471BBA1681AFC2B85F884037CD2D0A6FECE2EA5458342

Function 00007FFDFB8D0BA0 Relevance: 28.6, APIs: 19, Instructions: 115COMMON

Download Yara Rule

APIs

_aligned_free.MSVCRT ref: 00007FFDFB8D0BD6
_aligned_free.MSVCRT ref: 00007FFDFB8D0C0D
_aligned_free.MSVCRT ref: 00007FFDFB8D0C3D
_aligned_free.MSVCRT ref: 00007FFDFB8D0C6D
_aligned_free.MSVCRT ref: 00007FFDFB8D0C89
_aligned_free.MSVCRT ref: 00007FFDFB8D0C92
_aligned_free.MSVCRT ref: 00007FFDFB8D0C9B
_aligned_free.MSVCRT ref: 00007FFDFB8D0CA3
_aligned_free.MSVCRT ref: 00007FFDFB8D0CAB
_aligned_free.MSVCRT ref: 00007FFDFB8D0CB4
_aligned_free.MSVCRT ref: 00007FFDFB8D0CBD
_aligned_free.MSVCRT ref: 00007FFDFB8D0CC5
_aligned_free.MSVCRT ref: 00007FFDFB8D0CCE
_aligned_free.MSVCRT ref: 00007FFDFB8D0CD7
_aligned_free.MSVCRT ref: 00007FFDFB8D0CE0
_aligned_free.MSVCRT ref: 00007FFDFB8D0CE8
_aligned_free.MSVCRT ref: 00007FFDFB8D0CF1
_aligned_free.MSVCRT ref: 00007FFDFB8D0CFB
_aligned_free.MSVCRT ref: 00007FFDFB8D0D05

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _aligned_free
String ID:
API String ID: 2229574080-0
Opcode ID: d09f3d952e3eb66ce5eccd33bd3b0168fb06931170680be69507253bbd36f74d
Instruction ID: 473c9b62c43b4c9bf76b374b705dda491f241fdf2561a093d04b186793f2cefd
Opcode Fuzzy Hash: d09f3d952e3eb66ce5eccd33bd3b0168fb06931170680be69507253bbd36f74d
Instruction Fuzzy Hash: B2412D2AB2A50392DB54EB52E8B5C7A2315FFCCB44B424576DD2D572E9CE28E441C380

Function 00007FFDFB8D6650 Relevance: 24.6, APIs: 10, Strings: 4, Instructions: 111fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FFDFB8D6890: MultiByteToWideChar.KERNEL32 ref: 00007FFDFB8D6903
Part of subcall function 00007FFDFB8D6890: MultiByteToWideChar.KERNEL32 ref: 00007FFDFB8D6945
Part of subcall function 00007FFDFB8D6890: GetFullPathNameW.KERNEL32 ref: 00007FFDFB8D696E
Part of subcall function 00007FFDFB8D6890: GetFullPathNameW.KERNEL32 ref: 00007FFDFB8D69A2
Part of subcall function 00007FFDFB8D6890: wcslen.MSVCRT ref: 00007FFDFB8D69C1
Part of subcall function 00007FFDFB8D6890: _wsopen.MSVCRT ref: 00007FFDFB8D69EB
Part of subcall function 00007FFDFB8D6890: _sopen.MSVCRT ref: 00007FFDFB8D6A15

_fstat64.MSVCRT ref: 00007FFDFB8D66AE
_close.MSVCRT ref: 00007FFDFB8D66D7
_get_osfhandle.MSVCRT ref: 00007FFDFB8D66F3
CreateFileMappingA.KERNEL32 ref: 00007FFDFB8D6718
MapViewOfFile.KERNEL32 ref: 00007FFDFB8D6741
CloseHandle.KERNEL32 ref: 00007FFDFB8D674D
_errno.MSVCRT ref: 00007FFDFB8D6768
_errno.MSVCRT ref: 00007FFDFB8D67B0
_close.MSVCRT ref: 00007FFDFB8D67F1

Strings

Error occurred in fstat(): %s, xrefs: 00007FFDFB8D67DD
Error occurred in MapViewOfFile(), xrefs: 00007FFDFB8D6831
Error occurred in CreateFileMapping(), xrefs: 00007FFDFB8D6800
Cannot read file '%s': %s, xrefs: 00007FFDFB8D679A

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: ByteCharFileFullMultiNamePathWide_close_errno$CloseCreateHandleMappingView_fstat64_get_osfhandle_sopen_wsopenwcslen
String ID: Cannot read file '%s': %s$Error occurred in CreateFileMapping()$Error occurred in MapViewOfFile()$Error occurred in fstat(): %s
API String ID: 741575255-3109280323
Opcode ID: 7267cfeadb9c871bf9fb2dec6a57e72c4003b2fad726f8657ee3e356bb816377
Instruction ID: 341ebfc075ac4957b8fa3abafddefb41f4763dc5a7ff40d51025938d1e3871fe
Opcode Fuzzy Hash: 7267cfeadb9c871bf9fb2dec6a57e72c4003b2fad726f8657ee3e356bb816377
Instruction Fuzzy Hash: 7C415061B2AB4B82EB549B51E820FBA6294FF88798F444136D96E07BE8DF7CD4058740

Function 00007FF7E74D1A40 Relevance: 24.6, APIs: 9, Strings: 5, Instructions: 87stringCOMMON

Download Yara Rule

APIs

strncmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7E74D1A6D

Part of subcall function 00007FF7E74D2030: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF7E74D23A2), ref: 00007FF7E74D204A
Part of subcall function 00007FF7E74D2030: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF7E74D23A2), ref: 00007FF7E74D2065
Part of subcall function 00007FF7E74D2030: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF7E74D23A2), ref: 00007FF7E74D2080
Part of subcall function 00007FF7E74D2030: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF7E74D23A2), ref: 00007FF7E74D209B
Part of subcall function 00007FF7E74D2030: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF7E74D23A2), ref: 00007FF7E74D20B6

avformat_network_init.AVFORMAT-60 ref: 00007FF7E74D1A85
av_guess_format.AVFORMAT-60 ref: 00007FF7E74D1AAF
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7E74D1ABC
fprintf.MSPDB140-MSVCRT ref: 00007FF7E74D1AD0
avformat_alloc_output_context2.AVFORMAT-60 ref: 00007FF7E74D1AEC
av_strerror.AVUTIL-58 ref: 00007FF7E74D1B19
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7E74D1B23
fprintf.MSPDB140-MSVCRT ref: 00007FF7E74D1B38

Part of subcall function 00007FF7E74D2910: calloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF7E74D1B4C), ref: 00007FF7E74D2939

Part of subcall function 00007FF7E74D2370: avcodec_free_context.AVCODEC-60 ref: 00007FF7E74D2388
Part of subcall function 00007FF7E74D2370: av_free.AVUTIL-58 ref: 00007FF7E74D23B1
Part of subcall function 00007FF7E74D2370: avio_context_free.AVFORMAT-60 ref: 00007FF7E74D23BD
Part of subcall function 00007FF7E74D2370: avformat_free_context.AVFORMAT-60 ref: 00007FF7E74D23CC
Part of subcall function 00007FF7E74D2370: avcodec_free_context.AVCODEC-60 ref: 00007FF7E74D2402
Part of subcall function 00007FF7E74D2370: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7E74D2415

Strings

video/M2PT, xrefs: 00007FF7E74D1A9C
mpegts, xrefs: 00007FF7E74D1A92
Couldn't initialize output context: %s, xrefs: 00007FF7E74D1B31
Couldn't find an appropriate muxer for '%s', xrefs: 00007FF7E74D1AC6
http, xrefs: 00007FF7E74D1A5C

Memory Dump Source

Source File: 0000000A.00000002.1869547646.00007FF7E74D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7E74D0000, based on PE: true

Associated: 0000000A.00000002.1869530177.00007FF7E74D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000A.00000002.1869595077.00007FF7E74D5000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000A.00000002.1869613697.00007FF7E74D6000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000A.00000002.1869636249.00007FF7E74D9000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff7e74d0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: strncmp$__acrt_iob_funcavcodec_free_contextfprintf$av_freeav_guess_formatav_strerroravformat_alloc_output_context2avformat_free_contextavformat_network_initavio_context_freecallocfree
String ID: Couldn't find an appropriate muxer for '%s'$Couldn't initialize output context: %s$http$mpegts$video/M2PT
API String ID: 3777911973-2524251934
Opcode ID: 078559d49e555ef7517477361438487f95b7fa6d5945ffa6822e70d97715306d
Instruction ID: 8193ba4e2121195ec9f7c9ddeebd93bc6033e61962d7778804869b948e28537e
Opcode Fuzzy Hash: 078559d49e555ef7517477361438487f95b7fa6d5945ffa6822e70d97715306d
Instruction Fuzzy Hash: 2631F851A0864282FA90BB25D480379E350AF87794FD15233EFFD47691EE3CE44E8722

Function 00007FFE1A4FB4A0 Relevance: 24.2, APIs: 16, Instructions: 234COMMON

Download Yara Rule

APIs

av_channel_layout_from_mask.AVUTIL-58 ref: 00007FFE1A4FB5AA
av_channel_layout_compare.AVUTIL-58 ref: 00007FFE1A4FB5B6
av_channel_layout_uninit.AVUTIL-58 ref: 00007FFE1A4FB606
av_channel_layout_from_mask.AVUTIL-58 ref: 00007FFE1A4FB615
av_channel_layout_compare.AVUTIL-58 ref: 00007FFE1A4FB621
av_channel_layout_uninit.AVUTIL-58 ref: 00007FFE1A4FB649

Part of subcall function 00007FFE1A4FB2B0: av_channel_layout_from_mask.AVUTIL-58 ref: 00007FFE1A4FB314
Part of subcall function 00007FFE1A4FB2B0: av_opt_set_chlayout.AVUTIL-58 ref: 00007FFE1A4FB34F
Part of subcall function 00007FFE1A4FB2B0: av_opt_set_int.AVUTIL-58 ref: 00007FFE1A4FB370
Part of subcall function 00007FFE1A4FB2B0: av_opt_set_int.AVUTIL-58 ref: 00007FFE1A4FB394
Part of subcall function 00007FFE1A4FB2B0: av_channel_layout_uninit.AVUTIL-58 ref: 00007FFE1A4FB3D2
Part of subcall function 00007FFE1A4FB2B0: av_channel_layout_from_mask.AVUTIL-58 ref: 00007FFE1A4FB3E1
Part of subcall function 00007FFE1A4FB2B0: av_opt_set_chlayout.AVUTIL-58 ref: 00007FFE1A4FB3F6
Part of subcall function 00007FFE1A4FB2B0: av_opt_set_int.AVUTIL-58 ref: 00007FFE1A4FB413
Part of subcall function 00007FFE1A4FB2B0: av_opt_set_int.AVUTIL-58 ref: 00007FFE1A4FB433
Part of subcall function 00007FFE1A4FB2B0: av_channel_layout_uninit.AVUTIL-58 ref: 00007FFE1A4FB477

Part of subcall function 00007FFE1A505F8E: av_log.AVUTIL-58 ref: 00007FFE1A505FC9

av_frame_get_buffer.AVUTIL-58 ref: 00007FFE1A4FB706
av_get_bytes_per_sample.AVUTIL-58 ref: 00007FFE1A4FB74B
av_sample_fmt_is_planar.AVUTIL-58 ref: 00007FFE1A4FB763

Memory Dump Source

Source File: 0000000A.00000002.1880712702.00007FFE1A4F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE1A4F0000, based on PE: true

Associated: 0000000A.00000002.1880696125.00007FFE1A4F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880739274.00007FFE1A509000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880758605.00007FFE1A512000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880777276.00007FFE1A513000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880794427.00007FFE1A516000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880815026.00007FFE1A517000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffe1a4f0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: av_channel_layout_from_maskav_channel_layout_uninitav_opt_set_int$av_channel_layout_compareav_opt_set_chlayout$av_frame_get_bufferav_get_bytes_per_sampleav_logav_sample_fmt_is_planar
String ID:
API String ID: 1741793059-0
Opcode ID: 5f9c736c55c51c0448996e1834cac8009cd8094c6cea8c5c45183c0897257ebe
Instruction ID: bad461dc1eae86d18a8808764dd79263307ee1f4a47d79a3bc6606e4906cebb8
Opcode Fuzzy Hash: 5f9c736c55c51c0448996e1834cac8009cd8094c6cea8c5c45183c0897257ebe
Instruction Fuzzy Hash: E5918721B0CA428AFA559E3B95107BE62D5BF42FA5F4464F3DE0D572A5EE3CE8128700

Function 00007FFE1A52A83C Relevance: 22.9, APIs: 15, Instructions: 358COMMON

Download Yara Rule

APIs

DName::operator+.LIBVCRUNTIME ref: 00007FFE1A52A88D
DName::operator+.LIBVCRUNTIME ref: 00007FFE1A52A969
DName::operator+.LIBVCRUNTIME ref: 00007FFE1A52A9B2
DName::operator+.LIBVCRUNTIME ref: 00007FFE1A52A9C3

Memory Dump Source

Source File: 0000000A.00000002.1880848648.00007FFE1A521000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE1A520000, based on PE: true

Associated: 0000000A.00000002.1880831686.00007FFE1A520000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880871127.00007FFE1A531000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880891439.00007FFE1A536000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880909384.00007FFE1A537000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffe1a520000_obs-ffmpeg-mux.jbxd

Similarity

API ID: Name::operator+
String ID:
API String ID: 2943138195-0
Opcode ID: 63ad456de8db332c0b347e2e514b887ab112aaee213ccda8367cb7f767930e9c
Instruction ID: d5cc3458795ad514d52f46b9084db4c14b7fccf1bee96b18b579944a4fea0f06
Opcode Fuzzy Hash: 63ad456de8db332c0b347e2e514b887ab112aaee213ccda8367cb7f767930e9c
Instruction Fuzzy Hash: 16F14B72B0CA82DAE711DFA6D4901FC37A2AB46B58F4440F7EA4D67AA5DF38D509C340

Function 00007FFE1A52D20C Relevance: 21.3, APIs: 7, Strings: 5, Instructions: 349COMMON

Download Yara Rule

APIs

DName::operator+.LIBVCRUNTIME ref: 00007FFE1A52D712

Strings

`generic-method-parameter-, xrefs: 00007FFE1A52D6B7
`generic-class-parameter-, xrefs: 00007FFE1A52D6C7
NULL, xrefs: 00007FFE1A52D2D7
`template-type-parameter-, xrefs: 00007FFE1A52D6D0
nullptr, xrefs: 00007FFE1A52D3FA

Memory Dump Source

Source File: 0000000A.00000002.1880848648.00007FFE1A521000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE1A520000, based on PE: true

Associated: 0000000A.00000002.1880831686.00007FFE1A520000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880871127.00007FFE1A531000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880891439.00007FFE1A536000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880909384.00007FFE1A537000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffe1a520000_obs-ffmpeg-mux.jbxd

Similarity

API ID: Name::operator+
String ID: NULL$`generic-class-parameter-$`generic-method-parameter-$`template-type-parameter-$nullptr
API String ID: 2943138195-2309034085
Opcode ID: 767f6b35ed257beddb1ea2fff1390adae3ecab9bc22a75a6672164d643aa4b64
Instruction ID: 68e47da8d77bff542cbedfb44235dddc4beb06a79f9df40df20250a802e8ebe6
Opcode Fuzzy Hash: 767f6b35ed257beddb1ea2fff1390adae3ecab9bc22a75a6672164d643aa4b64
Instruction Fuzzy Hash: A0E17C63F0CE42C4FA149BE699941BC27A2AF56F64F5401F7DA0E26AB5DF7CA508C340

Function 00007FFDFB8EEA60 Relevance: 21.2, APIs: 6, Strings: 6, Instructions: 176stringCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 00007FFDFB8EEAAA
strchr.MSVCRT ref: 00007FFDFB8EEAE4
strlen.MSVCRT ref: 00007FFDFB8EEB01
strtoul.MSVCRT ref: 00007FFDFB8EEB65

Strings

Invalid alpha value specifier '%s' in '%s', xrefs: 00007FFDFB8EECF0
Cannot find color '%s', xrefs: 00007FFDFB8EED2A
0123456789ABCDEFabcdef, xrefs: 00007FFDFB8EEC1C
Invalid 0xRRGGBB[AA] color string: '%s', xrefs: 00007FFDFB8EED09
bikeshed, xrefs: 00007FFDFB8EEB20
random, xrefs: 00007FFDFB8EEB0A

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: strlen$strchrstrtoul
String ID: 0123456789ABCDEFabcdef$Cannot find color '%s'$Invalid 0xRRGGBB[AA] color string: '%s'$Invalid alpha value specifier '%s' in '%s'$bikeshed$random
API String ID: 643661298-1323625105
Opcode ID: 05b314dcd31ff43a5f327d01538bb3f4bf05cbc92719439464dceff93f7a60bd
Instruction ID: c88350d7ec67a90cd7772021e131fe45d868683ca15b0e749d82c1162e440cff
Opcode Fuzzy Hash: 05b314dcd31ff43a5f327d01538bb3f4bf05cbc92719439464dceff93f7a60bd
Instruction Fuzzy Hash: 75710512B3F68344FBA99B619431B7A6691AFC17C1F448232D96E177FDDEACE4408300

Function 00007FFDFB8E4960 Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 173COMMON

Download Yara Rule

APIs

SetConsoleTextAttribute.KERNEL32 ref: 00007FFDFB8E49C2
GetStdHandle.KERNEL32 ref: 00007FFDFB8E4A74
GetConsoleMode.KERNEL32 ref: 00007FFDFB8E4A8F
GetConsoleScreenBufferInfo.KERNEL32 ref: 00007FFDFB8E4AAF
getenv.MSVCRT ref: 00007FFDFB8E4AD3
getenv.MSVCRT ref: 00007FFDFB8E4AF2

Strings

AV_LOG_FORCE_256COLOR, xrefs: 00007FFDFB8E4AEB
AV_LOG_FORCE_COLOR, xrefs: 00007FFDFB8E4C10
AV_LOG_FORCE_NOCOLOR, xrefs: 00007FFDFB8E4ACC
256color, xrefs: 00007FFDFB8E4B29
TERM, xrefs: 00007FFDFB8E4A60

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: Console$getenv$AttributeBufferHandleInfoModeScreenText
String ID: 256color$AV_LOG_FORCE_256COLOR$AV_LOG_FORCE_COLOR$AV_LOG_FORCE_NOCOLOR$TERM
API String ID: 250312076-468416034
Opcode ID: 01025577c71988898b66c8b0eb027abf6c2326527978ea750917b74e8b6462d0
Instruction ID: 61f586c10668da1831e81a2ee5ab2111e1b0a70afe93df6994680860045cd083
Opcode Fuzzy Hash: 01025577c71988898b66c8b0eb027abf6c2326527978ea750917b74e8b6462d0
Instruction Fuzzy Hash: C3715A61F2F60385FB659B95A874AB92290AF81774F980335CD7D432F9EF3CE4458240

Function 00007FF7E74D14B0 Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 164COMMON

Download Yara Rule

APIs

avcodec_descriptor_get_by_name.AVCODEC-60 ref: 00007FF7E74D14C9
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7E74D14D9
av_memdup.AVUTIL-58 ref: 00007FF7E74D152F
avcodec_alloc_context3.AVCODEC-60 ref: 00007FF7E74D1539
av_content_light_metadata_alloc.AVUTIL-58 ref: 00007FF7E74D1610
av_stream_add_side_data.AVFORMAT-60 ref: 00007FF7E74D162B
av_mastering_display_metadata_alloc.AVUTIL-58 ref: 00007FF7E74D1630

Strings

2, xrefs: 00007FF7E74D16C5
Couldn't find codec '%s', xrefs: 00007FF7E74D14E2
E, xrefs: 00007FF7E74D168B

Memory Dump Source

Source File: 0000000A.00000002.1869547646.00007FF7E74D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7E74D0000, based on PE: true

Associated: 0000000A.00000002.1869530177.00007FF7E74D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000A.00000002.1869595077.00007FF7E74D5000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000A.00000002.1869613697.00007FF7E74D6000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000A.00000002.1869636249.00007FF7E74D9000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff7e74d0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: __acrt_iob_funcav_content_light_metadata_allocav_mastering_display_metadata_allocav_memdupav_stream_add_side_dataavcodec_alloc_context3avcodec_descriptor_get_by_name
String ID: 2$Couldn't find codec '%s'$E
API String ID: 3726879996-2734579634
Opcode ID: 984bf621481a9a25f05ee9f8f0874bf5fd16c3df77fd558344dbfddc274f0f6a
Instruction ID: 54e701e003ff8c3e6819a1dc4e32ad8d71a64eec378858660f82d8100ee7bd0b
Opcode Fuzzy Hash: 984bf621481a9a25f05ee9f8f0874bf5fd16c3df77fd558344dbfddc274f0f6a
Instruction Fuzzy Hash: 7D81E776609780CBD794DF15E58435DBBB0F78AB88F50402AEB8C87B58DB7AD859CB00

Function 00007FF7E74D1250 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 144COMMON

Download Yara Rule

APIs

avcodec_descriptor_get_by_name.AVCODEC-60 ref: 00007FF7E74D126F
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7E74D127F
avcodec_find_encoder.AVCODEC-60 ref: 00007FF7E74D12A9
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7E74D12B9

Strings

title, xrefs: 00007FF7E74D131D
Couldn't find codec '%s', xrefs: 00007FF7E74D12C2
Couldn't find codec descriptor '%s', xrefs: 00007FF7E74D1288

Memory Dump Source

Source File: 0000000A.00000002.1869547646.00007FF7E74D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7E74D0000, based on PE: true

Associated: 0000000A.00000002.1869530177.00007FF7E74D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000A.00000002.1869595077.00007FF7E74D5000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000A.00000002.1869613697.00007FF7E74D6000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000A.00000002.1869636249.00007FF7E74D9000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff7e74d0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: __acrt_iob_func$avcodec_descriptor_get_by_nameavcodec_find_encoder
String ID: Couldn't find codec '%s'$Couldn't find codec descriptor '%s'$title
API String ID: 3715327632-3279048111
Opcode ID: c9720edbb9d548ebec2452977bce4eb4d803eed367fb80ba86fd3ea18017a218
Instruction ID: 59e8e28a8687eeb38c512d4188acad367e69f1405b78fbf9523526332204f207
Opcode Fuzzy Hash: c9720edbb9d548ebec2452977bce4eb4d803eed367fb80ba86fd3ea18017a218
Instruction Fuzzy Hash: AC619B72604B8186DB44DF16E5903ADB7A0FB8AB98F864036DF9E07794DF78E05AC710

Function 00007FFDFB903CB0 Relevance: 21.1, APIs: 14, Instructions: 123COMMON

Download Yara Rule

APIs

_aligned_free.MSVCRT ref: 00007FFDFB903D1B
_aligned_free.MSVCRT ref: 00007FFDFB903D23

Part of subcall function 00007FFDFB903CB0: _aligned_free.MSVCRT ref: 00007FFDFB903CF9

_aligned_free.MSVCRT ref: 00007FFDFB903D4D
_aligned_free.MSVCRT ref: 00007FFDFB903D6F
_aligned_free.MSVCRT ref: 00007FFDFB903D77
_aligned_free.MSVCRT ref: 00007FFDFB903D7F
_aligned_free.MSVCRT ref: 00007FFDFB903DB7
_aligned_free.MSVCRT ref: 00007FFDFB903DD9
_aligned_free.MSVCRT ref: 00007FFDFB903DE1
_aligned_free.MSVCRT ref: 00007FFDFB903E0B
_aligned_free.MSVCRT ref: 00007FFDFB903E2D
_aligned_free.MSVCRT ref: 00007FFDFB903E35
_aligned_free.MSVCRT ref: 00007FFDFB903E3D

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _aligned_free
String ID:
API String ID: 2229574080-0
Opcode ID: 9507d53f166a1d0254cdadf622783abd4b684d210657e614246861b7e6ebef3c
Instruction ID: 01cc7f04214584f0b967c93c193735f8171290d934d277a58a9fee8518c9a326
Opcode Fuzzy Hash: 9507d53f166a1d0254cdadf622783abd4b684d210657e614246861b7e6ebef3c
Instruction Fuzzy Hash: 1D411E19B1E46380DB09EB62D876D7B1755AF89FC0B0A8839DE6D4B3E6CE38D4458380

Function 00007FF7E74D17A0 Relevance: 19.6, APIs: 13, Instructions: 72COMMON

Download Yara Rule

APIs

av_write_trailer.AVFORMAT-60 ref: 00007FF7E74D17B5
pthread_mutex_lock.W32-PTHREADS ref: 00007FF7E74D17DE
os_event_signal.OBS ref: 00007FF7E74D17EA
pthread_mutex_unlock.W32-PTHREADS ref: 00007FF7E74D17F6
pthread_join.W32-PTHREADS ref: 00007FF7E74D180E
os_event_destroy.OBS ref: 00007FF7E74D181A
os_event_destroy.OBS ref: 00007FF7E74D1826
pthread_mutex_destroy.W32-PTHREADS ref: 00007FF7E74D1832
bfree.OBS ref: 00007FF7E74D183E
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7E74D18A3
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7E74D18BA
bfree.OBS ref: 00007FF7E74D18C4
av_packet_free.AVCODEC-60 ref: 00007FF7E74D18E5

Memory Dump Source

Source File: 0000000A.00000002.1869547646.00007FF7E74D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7E74D0000, based on PE: true

Associated: 0000000A.00000002.1869530177.00007FF7E74D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000A.00000002.1869595077.00007FF7E74D5000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000A.00000002.1869613697.00007FF7E74D6000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000A.00000002.1869636249.00007FF7E74D9000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff7e74d0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: bfreefreeos_event_destroy$av_packet_freeav_write_traileros_event_signalpthread_joinpthread_mutex_destroypthread_mutex_lockpthread_mutex_unlock
String ID:
API String ID: 3736584056-0
Opcode ID: 8bdf6fd2e92e54ef71616242ce810bf52dd6c25259264d2bdbef31b8de60417c
Instruction ID: f3b8914739b17d9d7e1c38e29138c7b92aebb478cd52c3a5dd4ae8aecf5f40bc
Opcode Fuzzy Hash: 8bdf6fd2e92e54ef71616242ce810bf52dd6c25259264d2bdbef31b8de60417c
Instruction Fuzzy Hash: D2313222A0858181E791FF30C4953F8A360FF86B48F854133DF9D4A196DF78958AC362

Function 00007FFE1A522CE4 Relevance: 19.6, APIs: 8, Strings: 3, Instructions: 309COMMON

Download Yara Rule

APIs

__FrameHandler3::GetHandlerSearchState.LIBVCRUNTIME ref: 00007FFE1A522D40

Part of subcall function 00007FFE1A525010: _GetEstablisherFrame.LIBVCRUNTIME ref: 00007FFE1A525045
Part of subcall function 00007FFE1A525010: __GetUnwindTryBlock.LIBCMT ref: 00007FFE1A525053
Part of subcall function 00007FFE1A525010: __SetUnwindTryBlock.LIBVCRUNTIME ref: 00007FFE1A525078

Is_bad_exception_allowed.LIBVCRUNTIME ref: 00007FFE1A522E18
terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE1A522E25
__FrameHandler3::ExecutionInCatch.LIBVCRUNTIME ref: 00007FFE1A523060
terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE1A52308E
_GetEstablisherFrame.LIBVCRUNTIME ref: 00007FFE1A5230CC

Part of subcall function 00007FFE1A526710: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FFE1A52239E), ref: 00007FFE1A52671E

abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE1A523154
std::bad_alloc::bad_alloc.LIBCMT ref: 00007FFE1A523189

Strings

csm, xrefs: 00007FFE1A522D5A
csm, xrefs: 00007FFE1A522E3D
csm, xrefs: 00007FFE1A522DC1

Memory Dump Source

Source File: 0000000A.00000002.1880848648.00007FFE1A521000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE1A520000, based on PE: true

Associated: 0000000A.00000002.1880831686.00007FFE1A520000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880871127.00007FFE1A531000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880891439.00007FFE1A536000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880909384.00007FFE1A537000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffe1a520000_obs-ffmpeg-mux.jbxd

Similarity

API ID: Frame$BlockEstablisherHandler3::Unwindabortterminate$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
String ID: csm$csm$csm
API String ID: 3436797354-393685449
Opcode ID: d5e0e3ab29c15918133307a59fdea49d8ed4f7431b693d67295d57de9f2acebd
Instruction ID: 33716ba22d8c008a2870ca80807ab27776e56404ee7798f9272c8e607b3b4dfe
Opcode Fuzzy Hash: d5e0e3ab29c15918133307a59fdea49d8ed4f7431b693d67295d57de9f2acebd
Instruction Fuzzy Hash: 70D14E76B0CB41C6EB109BA6A4412BD77A6FB46BA8F0401B7DE4D57B66CF38E494C700

Function 00007FFE1A4F7400 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 161COMMON

Download Yara Rule

APIs

av_calloc.AVUTIL-58 ref: 00007FFE1A4F7470
memcpy.MSVCRT ref: 00007FFE1A4F74F2
memcpy.MSVCRT ref: 00007FFE1A4F751E
av_freep.AVUTIL-58(?,?), ref: 00007FFE1A4F75A9

Strings

Assertion %s failed at %s:%d, xrefs: 00007FFE1A4F7622
!c->frac && !c->dst_incr_mod, xrefs: 00007FFE1A4F7612
src/libswresample/resample.c, xrefs: 00007FFE1A4F760B

Memory Dump Source

Source File: 0000000A.00000002.1880712702.00007FFE1A4F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE1A4F0000, based on PE: true

Associated: 0000000A.00000002.1880696125.00007FFE1A4F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880739274.00007FFE1A509000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880758605.00007FFE1A512000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880777276.00007FFE1A513000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880794427.00007FFE1A516000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880815026.00007FFE1A517000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffe1a4f0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: memcpy$av_callocav_freep
String ID: !c->frac && !c->dst_incr_mod$Assertion %s failed at %s:%d$src/libswresample/resample.c
API String ID: 1182148616-608564573
Opcode ID: ae225f1ac773ac5f9c1fe2fea1a141108402761e9a2d6cdf13e09e92a9034940
Instruction ID: 6bc0aafa8ea5ae9418e8dd3aa9ee86d31a89f370c4673fb0261f921ea3fc9bb5
Opcode Fuzzy Hash: ae225f1ac773ac5f9c1fe2fea1a141108402761e9a2d6cdf13e09e92a9034940
Instruction Fuzzy Hash: 5661A272B08B028AD758CF2AD19057D77A1EB45B69B105176EA0DC77A8EB3CE451CB40

Function 00007FFDFB8CAE10 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 151stringCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 00007FFDFB8CAE26
memcmp.MSVCRT ref: 00007FFDFB8CAEA5

Strings

mono, xrefs: 00007FFDFB8CAE70

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: memcmpstrlen
String ID: mono
API String ID: 3108337309-2381334079
Opcode ID: 4442f9bb683f4af6272261eaf8af414874aa53633c76ffc30400c404e096c1e0
Instruction ID: b1358e513517a52b7dc72cc43352f9fe9d0d1b39350af0ed79807c4271bd56ae
Opcode Fuzzy Hash: 4442f9bb683f4af6272261eaf8af414874aa53633c76ffc30400c404e096c1e0
Instruction Fuzzy Hash: 115181E2B2AA4346FF609B15F860AB96791AB85BC4F894032DD2D477ECDE7CE4458340

Function 00007FFE1A4F8F70 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 139COMMON

Download Yara Rule

APIs

av_freep.AVUTIL-58 ref: 00007FFE1A4F909C
av_log.AVUTIL-58 ref: 00007FFE1A4F9187
abort.MSVCRT ref: 00007FFE1A4F918C
av_log.AVUTIL-58 ref: 00007FFE1A4F91B5
abort.MSVCRT ref: 00007FFE1A4F91BA

Strings

src/libswresample/swresample.c, xrefs: 00007FFE1A4F9161, 00007FFE1A4F9191
Assertion %s failed at %s:%d, xrefs: 00007FFE1A4F9178, 00007FFE1A4F91AE
a->bps, xrefs: 00007FFE1A4F9198
a->ch_count, xrefs: 00007FFE1A4F9168

Memory Dump Source

Source File: 0000000A.00000002.1880712702.00007FFE1A4F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE1A4F0000, based on PE: true

Associated: 0000000A.00000002.1880696125.00007FFE1A4F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880739274.00007FFE1A509000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880758605.00007FFE1A512000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880777276.00007FFE1A513000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880794427.00007FFE1A516000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880815026.00007FFE1A517000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffe1a4f0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: abortav_log$av_freep
String ID: Assertion %s failed at %s:%d$a->bps$a->ch_count$src/libswresample/swresample.c
API String ID: 2329147549-2798989596
Opcode ID: 8a6bc04a2563c4ca64b9d2f166cec7721cca9d96160b8b29e1ad9d54915bbd6c
Instruction ID: 5324a190e90af980a2ac8901d99b6fe0a184aac1c71cda26d62e859b35dbb56b
Opcode Fuzzy Hash: 8a6bc04a2563c4ca64b9d2f166cec7721cca9d96160b8b29e1ad9d54915bbd6c
Instruction Fuzzy Hash: 5E510875B08A8249EB308F2BA944BFD3354EF45BA9F0051B7DE1D86AA6DF38A504C600

Function 00007FFDFB8CF360 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 170stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FFDFB8E78F0: strlen.MSVCRT ref: 00007FFDFB8E78FF
Part of subcall function 00007FFDFB8E78F0: _aligned_realloc.MSVCRT ref: 00007FFDFB8E791F
Part of subcall function 00007FFDFB8E78F0: memcpy.MSVCRT ref: 00007FFDFB8E7936

_aligned_free.MSVCRT ref: 00007FFDFB8CF410
_aligned_free.MSVCRT ref: 00007FFDFB8CF418
_aligned_free.MSVCRT ref: 00007FFDFB8CF49B
_aligned_free.MSVCRT ref: 00007FFDFB8CF4A5
_aligned_free.MSVCRT ref: 00007FFDFB8CF51E
_aligned_free.MSVCRT ref: 00007FFDFB8CF528
strlen.MSVCRT ref: 00007FFDFB8CF5C0
strlen.MSVCRT ref: 00007FFDFB8CF5CB
memcpy.MSVCRT ref: 00007FFDFB8CF5F9

Strings

%lld, xrefs: 00007FFDFB8CF386

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _aligned_free$strlen$memcpy$_aligned_realloc
String ID: %lld
API String ID: 3853940031-1962030014
Opcode ID: 8ef0d90d922d738ed908a9e8d1ebc5c3fb02acdd9b45e12231443154cef6d25c
Instruction ID: b7ba4dc679ac3dba464bb2b1e1a9496072c69e3cd4e273342ac5936b59d86e8c
Opcode Fuzzy Hash: 8ef0d90d922d738ed908a9e8d1ebc5c3fb02acdd9b45e12231443154cef6d25c
Instruction Fuzzy Hash: 8861C3A6B2A64381FB249B51E960A7A5290BFC8B94F044532EE6D577EDEF3CE444C340

Function 00007FFDFB97AF60 Relevance: 16.7, APIs: 11, Instructions: 159sleepCOMMON

Download Yara Rule

APIs

CreateEventA.KERNEL32 ref: 00007FFDFB97AFE2
Sleep.KERNEL32 ref: 00007FFDFB97AFF7

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: CreateEventSleep
String ID:
API String ID: 3100162736-0
Opcode ID: e5aaf2775736aee3134771c4ec912a0918e928d2149e6c1679b1ab5e8eb6a53e
Instruction ID: c99dbcd24a4d3a31259b203f47eb669deb5f89e771a3521961173efda6288e62
Opcode Fuzzy Hash: e5aaf2775736aee3134771c4ec912a0918e928d2149e6c1679b1ab5e8eb6a53e
Instruction Fuzzy Hash: 42517C76B0A60386E7619B25A868FBB32A4FB457A4F254235DE39473E8DF7CD845C300

Function 00007FFE1A4F9B80 Relevance: 16.2, APIs: 2, Strings: 7, Instructions: 426COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFE1A4F8F70: av_freep.AVUTIL-58 ref: 00007FFE1A4F909C

av_log.AVUTIL-58 ref: 00007FFE1A4FA2CE
abort.MSVCRT ref: 00007FFE1A4FA2D3

Strings

s->dither.noise.ch_count == preout->ch_count, xrefs: 00007FFE1A4FA304
src/libswresample/swresample.c, xrefs: 00007FFE1A4FA2A8, 00007FFE1A4FA2D8, 00007FFE1A4FA2F5, 00007FFE1A4FA312
Assertion %s failed at %s:%d, xrefs: 00007FFE1A4FA2C3
?, xrefs: 00007FFE1A4F9ED2
s->midbuf.ch_count == s->out.ch_count, xrefs: 00007FFE1A4FA2E7
s->midbuf.ch_count == s->used_ch_layout.nb_channels, xrefs: 00007FFE1A4FA2B7
s->in.planar, xrefs: 00007FFE1A4FA321

Memory Dump Source

Source File: 0000000A.00000002.1880712702.00007FFE1A4F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE1A4F0000, based on PE: true

Associated: 0000000A.00000002.1880696125.00007FFE1A4F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880739274.00007FFE1A509000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880758605.00007FFE1A512000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880777276.00007FFE1A513000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880794427.00007FFE1A516000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880815026.00007FFE1A517000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffe1a4f0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: abortav_freepav_log
String ID: ?$Assertion %s failed at %s:%d$s->dither.noise.ch_count == preout->ch_count$s->in.planar$s->midbuf.ch_count == s->out.ch_count$s->midbuf.ch_count == s->used_ch_layout.nb_channels$src/libswresample/swresample.c
API String ID: 3736396223-3190629393
Opcode ID: d26e443fe19845a36fdde429c2a9a759add677dece32294348b5e2c239672df1
Instruction ID: 88514f64d799d222248ba47e15da63334c3a296db2cb5e2ca1d650a4aa597cf7
Opcode Fuzzy Hash: d26e443fe19845a36fdde429c2a9a759add677dece32294348b5e2c239672df1
Instruction Fuzzy Hash: C402E436B08A8686E7608E2B94006FA77A1FB45FA9F5810B7DE4D477A9CF3CE454C710

Function 00007FFE1A52E350 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 196COMMON

Download Yara Rule

Strings

`generic-type-, xrefs: 00007FFE1A52E491
generic-type-, xrefs: 00007FFE1A52E45E
template-parameter-, xrefs: 00007FFE1A52E417
`template-parameter-, xrefs: 00007FFE1A52E44A

Memory Dump Source

Source File: 0000000A.00000002.1880848648.00007FFE1A521000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE1A520000, based on PE: true

Associated: 0000000A.00000002.1880831686.00007FFE1A520000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880871127.00007FFE1A531000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880891439.00007FFE1A536000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880909384.00007FFE1A537000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffe1a520000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID: `generic-type-$`template-parameter-$generic-type-$template-parameter-
API String ID: 0-3207858774
Opcode ID: 6f458657f8fae6e2f2557f40169539ea56a3e6fb73d2116d9b83691f1491e61c
Instruction ID: 3ecb9041a8a3b8461c69d2b2a597e25a674f2b91b17f374a9e9a12db70d91d14
Opcode Fuzzy Hash: 6f458657f8fae6e2f2557f40169539ea56a3e6fb73d2116d9b83691f1491e61c
Instruction Fuzzy Hash: A4914962B1CE8699EB118B62E4502BC2BA2AF96F64F4840F7DE4D037A5DF3CE505D350

Function 00007FFDFB969990 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 155COMMON

Download Yara Rule

APIs

_errno.MSVCRT ref: 00007FFDFB969AF8

Strings

-, xrefs: 00007FFDFB969A98

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _errno
String ID: -
API String ID: 2918714741-2547889144
Opcode ID: f978b8ec28ce8a6f9b5e47dd2052fece94246ae97b2b9cc28d4a0647f4bf6175
Instruction ID: b635df6dcf8b3f0a71c8bcbf19abf432dcdc5ce74335d8563c03dbaa7fc09b10
Opcode Fuzzy Hash: f978b8ec28ce8a6f9b5e47dd2052fece94246ae97b2b9cc28d4a0647f4bf6175
Instruction Fuzzy Hash: 1E51A362F0F25749FB654A36D830BBD27C2AF4A7A4F564534DD3E4A2E9DD2CE8408300

Function 00007FFDFB969BF0 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 147COMMON

Download Yara Rule

APIs

_errno.MSVCRT ref: 00007FFDFB969D38

Strings

-, xrefs: 00007FFDFB969CFA
ambisonic , xrefs: 00007FFDFB969BF9

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _errno
String ID: -$ambisonic
API String ID: 2918714741-2876420257
Opcode ID: c1d0ba877cb9a5e33fb598b34b3d9939bb9d6dbd7a5e029ec6c2859871519c45
Instruction ID: ac09b6fcd13289772a817db740f061103ef63161906bfe1ab408532a85d2d4dd
Opcode Fuzzy Hash: c1d0ba877cb9a5e33fb598b34b3d9939bb9d6dbd7a5e029ec6c2859871519c45
Instruction Fuzzy Hash: 5041F362F0E55309FB644A25D970BBD27C7AF0A7A4F554931ED3E4A2ECED2CE8408310

Function 00007FFE1A52A13C Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 120COMMON

Download Yara Rule

APIs

DName::operator+.LIBVCRUNTIME ref: 00007FFE1A52A198

Part of subcall function 00007FFE1A52722C: DName::operator+=.LIBVCRUNTIME ref: 00007FFE1A527247

DName::operator+.LIBVCRUNTIME ref: 00007FFE1A52A2C5

Strings

union , xrefs: 00007FFE1A52A2F2
struct , xrefs: 00007FFE1A52A2E9
enum , xrefs: 00007FFE1A52A287
`unknown ecsu', xrefs: 00007FFE1A52A164
coclass , xrefs: 00007FFE1A52A27E
cointerface , xrefs: 00007FFE1A52A26C
class , xrefs: 00007FFE1A52A2DA

Memory Dump Source

Source File: 0000000A.00000002.1880848648.00007FFE1A521000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE1A520000, based on PE: true

Associated: 0000000A.00000002.1880831686.00007FFE1A520000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880871127.00007FFE1A531000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880891439.00007FFE1A536000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880909384.00007FFE1A537000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffe1a520000_obs-ffmpeg-mux.jbxd

Similarity

API ID: Name::operator+$Name::operator+=
String ID: `unknown ecsu'$class $coclass $cointerface $enum $struct $union
API String ID: 179159573-1464470183
Opcode ID: 2fc61dd6c602e97fa3c1e55ca06bd20aebc659b0b394667bc2b1a0081ee2f141
Instruction ID: 612b2496eeb269280d465727d918c6cb0cb21e94fd1bba90b9793d06ecae2f4d
Opcode Fuzzy Hash: 2fc61dd6c602e97fa3c1e55ca06bd20aebc659b0b394667bc2b1a0081ee2f141
Instruction Fuzzy Hash: 02514A31F1CE52D9FB14CBA6E8805BC27B1BB16BA4F5041B7EA0D62A68DF69E541C700

Function 00007FFDFB8ED3D0 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 110stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FFDFB8C5FB0: strlen.MSVCRT ref: 00007FFDFB8C5FC9

strspn.MSVCRT ref: 00007FFDFB8ED44B
_aligned_free.MSVCRT ref: 00007FFDFB8ED4BB
_aligned_free.MSVCRT ref: 00007FFDFB8ED4C3
_aligned_free.MSVCRT ref: 00007FFDFB8ED544
_aligned_free.MSVCRT ref: 00007FFDFB8ED54C
_aligned_free.MSVCRT ref: 00007FFDFB8ED57A

Strings

Key '%s' not found., xrefs: 00007FFDFB8ED525
Missing key or no key/value separator found after key '%s', xrefs: 00007FFDFB8ED55B
Setting entry with key '%s' to value '%s', xrefs: 00007FFDFB8ED40E

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _aligned_free$strlenstrspn
String ID: Key '%s' not found.$Missing key or no key/value separator found after key '%s'$Setting entry with key '%s' to value '%s'
API String ID: 1832283230-2858522012
Opcode ID: 6858625f83de9048fadb2900624906809c4cd63edab14c6c68f5989beb2d347c
Instruction ID: 718e9aecb51fc2242427d974ae55c0c36f432c176b5e5ee92ce9154493e346ae
Opcode Fuzzy Hash: 6858625f83de9048fadb2900624906809c4cd63edab14c6c68f5989beb2d347c
Instruction Fuzzy Hash: D1419555B2A68390EB699B52A820ABA5750BFC5BC8F544431ED6F177F9CE3CE089C340

Function 00007FFDFB8E9900 Relevance: 15.3, APIs: 1, Strings: 9, Instructions: 317stringCOMMON

Download Yara Rule

APIs

strcmp.MSVCRT ref: 00007FFDFB8E99A4

Strings

%s%-17s , xrefs: 00007FFDFB8E9A3D
%-12s , xrefs: 00007FFDFB8E9A5D
(default , xrefs: 00007FFDFB8E9D46
I, xrefs: 00007FFDFB8E9D30
%-15s , xrefs: 00007FFDFB8E99B0
(from , xrefs: 00007FFDFB8E9C1B
%c%c%c%c%c%c%c%c%c%c%c, xrefs: 00007FFDFB8E9B55
to , xrefs: 00007FFDFB8E9C59
%s, xrefs: 00007FFDFB8E9B9A

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: strcmp
String ID: %-15s $ %s%-17s $ %s$ (default $ (from $ I$ to $%-12s $%c%c%c%c%c%c%c%c%c%c%c
API String ID: 1004003707-1704579004
Opcode ID: 2ea16860b3427611d439ee252ee5f1f96aacb857c5cfc9ddd7f0c0fe524bede6
Instruction ID: 40baa81e2f0ecef7e2606a59b8a545f56c9b5cab16b33a719a65b11c5527d4bc
Opcode Fuzzy Hash: 2ea16860b3427611d439ee252ee5f1f96aacb857c5cfc9ddd7f0c0fe524bede6
Instruction Fuzzy Hash: 74C1E272B2A68386EB189B65E860BBA2761FBC1794F544135DA2D477F8DF7CE440C340

Function 00007FFDFB8CF640 Relevance: 15.2, APIs: 10, Instructions: 244stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FFDFB8C5FB0: strlen.MSVCRT ref: 00007FFDFB8C5FC9

strspn.MSVCRT ref: 00007FFDFB8CF71E
_aligned_free.MSVCRT ref: 00007FFDFB8CF7E5
_aligned_free.MSVCRT ref: 00007FFDFB8CF7ED

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _aligned_free$strlenstrspn
String ID:
API String ID: 1832283230-0
Opcode ID: 26bc88a9fd69d679ea30a0b0f13b4c0f719b999fe5c0e19c8c29863e318b563f
Instruction ID: 4559c662b101aca2efe5c8b84623c1c91648451b33d1ba2f55811a68298186f1
Opcode Fuzzy Hash: 26bc88a9fd69d679ea30a0b0f13b4c0f719b999fe5c0e19c8c29863e318b563f
Instruction Fuzzy Hash: A4A16FA6B2E68381FB149B51E860B7AA790EFC5B84F044432EA9D577EDDE2CE444C740

Function 00007FFE1A5288E4 Relevance: 15.2, APIs: 10, Instructions: 150COMMON

Download Yara Rule

APIs

DName::operator+.LIBVCRUNTIME ref: 00007FFE1A5289AE
DName::operator+.LIBVCRUNTIME ref: 00007FFE1A5289BE
DName::operator+.LIBVCRUNTIME ref: 00007FFE1A528A0A
DName::operator+.LIBVCRUNTIME ref: 00007FFE1A528A1A
DName::operator+.LIBVCRUNTIME ref: 00007FFE1A528A2A
DName::operator+.LIBVCRUNTIME ref: 00007FFE1A528A9D
DName::operator+.LIBVCRUNTIME ref: 00007FFE1A528AAE
DName::operator+.LIBVCRUNTIME ref: 00007FFE1A528AC0
DName::operator+.LIBVCRUNTIME ref: 00007FFE1A528AEC
DName::operator+.LIBVCRUNTIME ref: 00007FFE1A528AFB

Memory Dump Source

Source File: 0000000A.00000002.1880848648.00007FFE1A521000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE1A520000, based on PE: true

Associated: 0000000A.00000002.1880831686.00007FFE1A520000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880871127.00007FFE1A531000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880891439.00007FFE1A536000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880909384.00007FFE1A537000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffe1a520000_obs-ffmpeg-mux.jbxd

Similarity

API ID: Name::operator+
String ID:
API String ID: 2943138195-0
Opcode ID: 28d39e64d2900046752fe00e0d170ae61e4b908a297697eb59c3c366de5be272
Instruction ID: a841f905618d60b67d9bd42dd1e559ed773f49d7b7ad83c8011753b6c21397a5
Opcode Fuzzy Hash: 28d39e64d2900046752fe00e0d170ae61e4b908a297697eb59c3c366de5be272
Instruction Fuzzy Hash: 54615F62B08B52D8F701DBE2D8811FC27B2BB45BA8B4044B7EE4D2BA69DF78D545C340

Function 00007FFDFB8D09B0 Relevance: 15.1, APIs: 10, Instructions: 135COMMON

Download Yara Rule

APIs

_aligned_free.MSVCRT ref: 00007FFDFB8D0AA6
_aligned_free.MSVCRT ref: 00007FFDFB8D0ADD
_aligned_free.MSVCRT ref: 00007FFDFB8D0AFA
_aligned_free.MSVCRT ref: 00007FFDFB8D0B03
_aligned_free.MSVCRT ref: 00007FFDFB8D0B0C
_aligned_free.MSVCRT ref: 00007FFDFB8D0B14
_aligned_free.MSVCRT ref: 00007FFDFB8D0B1D
_aligned_free.MSVCRT ref: 00007FFDFB8D0B27
_aligned_free.MSVCRT ref: 00007FFDFB8D0B31
_aligned_free.MSVCRT ref: 00007FFDFB8D0B3C

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _aligned_free
String ID:
API String ID: 2229574080-0
Opcode ID: 5319d01e5d1025e7fc0068ae3d94082f79af11993daff4612deb7ef89ba06dda
Instruction ID: b0e0495f8a656254725795922f0c894cab520682d8a558ec94ee705097abb8af
Opcode Fuzzy Hash: 5319d01e5d1025e7fc0068ae3d94082f79af11993daff4612deb7ef89ba06dda
Instruction Fuzzy Hash: E0417626B2A60781EB55AB55D875E7F225AEFCCB84F050636DD2D073E9DE78E840C340

Function 00007FFDFB979840 Relevance: 15.1, APIs: 10, Instructions: 100COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 00007FFDFB97985D

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: de550876fdf94b650e17a9c6284cbc8fe7517bb1ab88a7b2ec8df1b363e153e6
Instruction ID: 17e61736e2d03f3d442526bc4021b58f4fd399c5e541062804846b7f29d371ec
Opcode Fuzzy Hash: de550876fdf94b650e17a9c6284cbc8fe7517bb1ab88a7b2ec8df1b363e153e6
Instruction Fuzzy Hash: CC3149A2B0AA0386EB509F25E824B7937A0FB44B99F544275DD2C073E8EF7CE444C700

Function 00007FF7E74D2030 Relevance: 15.0, APIs: 5, Strings: 5, Instructions: 41stringCOMMON

Download Yara Rule

APIs

strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF7E74D23A2), ref: 00007FF7E74D204A
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF7E74D23A2), ref: 00007FF7E74D2065
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF7E74D23A2), ref: 00007FF7E74D2080
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF7E74D23A2), ref: 00007FF7E74D209B
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF7E74D23A2), ref: 00007FF7E74D20B6

Strings

rist, xrefs: 00007FF7E74D20A9
udp, xrefs: 00007FF7E74D2058
srt, xrefs: 00007FF7E74D2039
tcp, xrefs: 00007FF7E74D2073
http, xrefs: 00007FF7E74D208E

Memory Dump Source

Source File: 0000000A.00000002.1869547646.00007FF7E74D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7E74D0000, based on PE: true

Associated: 0000000A.00000002.1869530177.00007FF7E74D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000A.00000002.1869595077.00007FF7E74D5000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000A.00000002.1869613697.00007FF7E74D6000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000A.00000002.1869636249.00007FF7E74D9000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff7e74d0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: strncmp
String ID: http$rist$srt$tcp$udp
API String ID: 1114863663-504309389
Opcode ID: d2521f5543573ed7a9b47c763349208ce3ea302e6d5c14a99d4cb2250db2cd2e
Instruction ID: 9296b4c82eab14e45e6ecf8ea08e81dfc4c79770ce65fc9afc6b6f8eed68e184
Opcode Fuzzy Hash: d2521f5543573ed7a9b47c763349208ce3ea302e6d5c14a99d4cb2250db2cd2e
Instruction Fuzzy Hash: D301FE90B1450380FF92AB12D4847249364AF46B95FD5503ACB6D87250DF3DE54ED733

Function 00007FFE1A4F5C20 Relevance: 14.3, APIs: 4, Strings: 4, Instructions: 341COMMON

Download Yara Rule

Strings

s-> in_ch_layout.order == AV_CHANNEL_ORDER_UNSPEC || in ->ch_count == s->in_ch_layout.nb_channels, xrefs: 00007FFE1A4F620F
s->out_ch_layout.order == AV_CHANNEL_ORDER_UNSPEC || out->ch_count == s->out_ch_layout.nb_channels, xrefs: 00007FFE1A4F61DF
src/libswresample/rematrix.c, xrefs: 00007FFE1A4F61D0, 00007FFE1A4F6200
Assertion %s failed at %s:%d, xrefs: 00007FFE1A4F61EB

Memory Dump Source

Source File: 0000000A.00000002.1880712702.00007FFE1A4F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE1A4F0000, based on PE: true

Associated: 0000000A.00000002.1880696125.00007FFE1A4F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880739274.00007FFE1A509000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880758605.00007FFE1A512000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880777276.00007FFE1A513000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880794427.00007FFE1A516000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880815026.00007FFE1A517000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffe1a4f0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID: Assertion %s failed at %s:%d$s-> in_ch_layout.order == AV_CHANNEL_ORDER_UNSPEC || in ->ch_count == s->in_ch_layout.nb_channels$s->out_ch_layout.order == AV_CHANNEL_ORDER_UNSPEC || out->ch_count == s->out_ch_layout.nb_channels$src/libswresample/rematrix.c
API String ID: 0-729179064
Opcode ID: 497491d05170ef8247b869581e7d03bb9a59682df4ab4db83a46a576b33f8865
Instruction ID: bb4330328b4bb4ba199e92d27486a5e996e9b55377938e3a4d6aec7253b22ffa
Opcode Fuzzy Hash: 497491d05170ef8247b869581e7d03bb9a59682df4ab4db83a46a576b33f8865
Instruction Fuzzy Hash: E9E10272B09A8286D720CF2AE044BFE77A5FB44B95F4652B2DA4D17768DF38E151CB00

Function 00007FFE1A5231A0 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 314COMMON

Download Yara Rule

APIs

Is_bad_exception_allowed.LIBVCRUNTIME ref: 00007FFE1A52333E
terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE1A52334B

Part of subcall function 00007FFE1A526710: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FFE1A52239E), ref: 00007FFE1A52671E

terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE1A5235F9
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE1A523644
std::bad_alloc::bad_alloc.LIBCMT ref: 00007FFE1A523679

Strings

csm, xrefs: 00007FFE1A523367
csm, xrefs: 00007FFE1A5232E7
csm, xrefs: 00007FFE1A523285

Memory Dump Source

Source File: 0000000A.00000002.1880848648.00007FFE1A521000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE1A520000, based on PE: true

Associated: 0000000A.00000002.1880831686.00007FFE1A520000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880871127.00007FFE1A531000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880891439.00007FFE1A536000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880909384.00007FFE1A537000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffe1a520000_obs-ffmpeg-mux.jbxd

Similarity

API ID: abortterminate$Is_bad_exception_allowedstd::bad_alloc::bad_alloc
String ID: csm$csm$csm
API String ID: 211107550-393685449
Opcode ID: 1f2c6e9c8ad6c1917ecaa8d6efe9c468c91fc9baef10e6d9588306a72b9f3ebc
Instruction ID: 163c779f42af852266aa311dd54f7ee3a6d2ef514fcf3848ca14d6dcc4b8d50b
Opcode Fuzzy Hash: 1f2c6e9c8ad6c1917ecaa8d6efe9c468c91fc9baef10e6d9588306a72b9f3ebc
Instruction Fuzzy Hash: 8AE18372B0CA81CAE7209BA6D4402BD77A2FB56B68F1401B7DA4D57766CF38E485C700

Function 00007FFDFB8E1E20 Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 248COMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 00007FFDFB8E2154

Strings

av_image_get_linesize failed, xrefs: 00007FFDFB8E20D0
Assertion %s failed at %s:%d, xrefs: 00007FFDFB8E2182
((dst_linesize) >= 0 ? (dst_linesize) : (-(dst_linesize))) >= bytewidth, xrefs: 00007FFDFB8E2176
src/libavutil/imgutils.c, xrefs: 00007FFDFB8E2167, 00007FFDFB8E2197
((src_linesize) >= 0 ? (src_linesize) : (-(src_linesize))) >= bytewidth, xrefs: 00007FFDFB8E21A6

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: memcpy
String ID: ((dst_linesize) >= 0 ? (dst_linesize) : (-(dst_linesize))) >= bytewidth$((src_linesize) >= 0 ? (src_linesize) : (-(src_linesize))) >= bytewidth$Assertion %s failed at %s:%d$av_image_get_linesize failed$src/libavutil/imgutils.c
API String ID: 3510742995-882259572
Opcode ID: 0f20995bfb48e77148fec557d5fbaa226202661854b0129ced2db76bb94dc692
Instruction ID: 4cda4c8bbc8c02326ecbf2b7fe0ec6d1c8194ce9ed067afea9ef5209706d58fe
Opcode Fuzzy Hash: 0f20995bfb48e77148fec557d5fbaa226202661854b0129ced2db76bb94dc692
Instruction Fuzzy Hash: 94A1A272B2A78686DB189F51A95056ABBA1FB84BD0F184035EE5D07BE8DF3CF841C700

Function 00007FFDFB8E1A70 Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 243COMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 00007FFDFB8E1B99
memcpy.MSVCRT ref: 00007FFDFB8E1D31
abort.MSVCRT ref: 00007FFDFB8E1DF2

Strings

av_image_get_linesize failed, xrefs: 00007FFDFB8E1D93
Assertion %s failed at %s:%d, xrefs: 00007FFDFB8E1DE2
((dst_linesize) >= 0 ? (dst_linesize) : (-(dst_linesize))) >= bytewidth, xrefs: 00007FFDFB8E1E06
src/libavutil/imgutils.c, xrefs: 00007FFDFB8E1DC7, 00007FFDFB8E1DF7
((src_linesize) >= 0 ? (src_linesize) : (-(src_linesize))) >= bytewidth, xrefs: 00007FFDFB8E1DD6

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: memcpy$abort
String ID: ((dst_linesize) >= 0 ? (dst_linesize) : (-(dst_linesize))) >= bytewidth$((src_linesize) >= 0 ? (src_linesize) : (-(src_linesize))) >= bytewidth$Assertion %s failed at %s:%d$av_image_get_linesize failed$src/libavutil/imgutils.c
API String ID: 3629556515-882259572
Opcode ID: 720129b710e5ed98a497ce0c61193de95d3f52df19d8a310f2021f8bda355e19
Instruction ID: 9df0b199e9ee967252d6eb2cc2aacb43dd9289aaf80e901cd3f7884bb36e7db9
Opcode Fuzzy Hash: 720129b710e5ed98a497ce0c61193de95d3f52df19d8a310f2021f8bda355e19
Instruction Fuzzy Hash: C0A19532B1AB8686DB589F55E45066ABBA0FBC5B90F144135DFAD43BA8DF3CE441C700

Function 00007FFDFB8ED5B0 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 145COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFDFB8EC1D0: strspn.MSVCRT ref: 00007FFDFB8EC1FC
Part of subcall function 00007FFDFB8EC1D0: strspn.MSVCRT ref: 00007FFDFB8EC245
Part of subcall function 00007FFDFB8EC1D0: strchr.MSVCRT ref: 00007FFDFB8EC25D
Part of subcall function 00007FFDFB8EC1D0: memcpy.MSVCRT ref: 00007FFDFB8EC28C

_aligned_free.MSVCRT ref: 00007FFDFB8ED678
_aligned_free.MSVCRT ref: 00007FFDFB8ED682
_aligned_free.MSVCRT ref: 00007FFDFB8ED72C
_aligned_free.MSVCRT ref: 00007FFDFB8ED736

Strings

No option name near '%s', xrefs: 00007FFDFB8ED7FC
Option '%s' not found, xrefs: 00007FFDFB8ED832
Setting '%s' to value '%s', xrefs: 00007FFDFB8ED620
Unable to parse '%s': %s, xrefs: 00007FFDFB8ED7E3

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _aligned_free$strspn$memcpystrchr
String ID: No option name near '%s'$Option '%s' not found$Setting '%s' to value '%s'$Unable to parse '%s': %s
API String ID: 2931229598-2003673103
Opcode ID: 5496a8e94afb4b653dcbea0521884cd186c85a6990d9a2e756bf1473de833a0d
Instruction ID: db229dc9d3d1082eae3505a95b5bb74fb5f1461f02d8ccbdd834d2aebd789102
Opcode Fuzzy Hash: 5496a8e94afb4b653dcbea0521884cd186c85a6990d9a2e756bf1473de833a0d
Instruction Fuzzy Hash: 8C518322719B8791E7648B91E860BAAA7A0FBC4784F404035EEAD47BF9DF7CD048C740

Function 00007FFDFB9444C0 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 142COMMON

Download Yara Rule

APIs

abort.MSVCRT ref: 00007FFDFB9445DA

Strings

!"valid element size", xrefs: 00007FFDFB9445B6
. -_, xrefs: 00007FFDFB94468B
D, xrefs: 00007FFDFB9445CD
Assertion %s failed at %s:%d, xrefs: 00007FFDFB9445C6
src/libavutil/utils.c, xrefs: 00007FFDFB9445AF
[%d], xrefs: 00007FFDFB944603

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: abort
String ID: !"valid element size"$. -_$Assertion %s failed at %s:%d$D$[%d]$src/libavutil/utils.c
API String ID: 4206212132-1952739643
Opcode ID: 8dda062a40ab2f67f05643896e4bd6b922d436051c7bb03a64cbc94b01d14da1
Instruction ID: 9f1c8d833b612185a620bbaf647006b78aac7fc21074133b72c48cec60e8837d
Opcode Fuzzy Hash: 8dda062a40ab2f67f05643896e4bd6b922d436051c7bb03a64cbc94b01d14da1
Instruction Fuzzy Hash: 0751F462F1A25BC5EF208B11A520D793B90FB56B88F55C130CE2D537ECEE3CA695C600

Function 00007FFE1A52BE24 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 111COMMON

Download Yara Rule

APIs

DName::operator+.LIBVCRUNTIME ref: 00007FFE1A52BFD8

Part of subcall function 00007FFE1A528C24: DName::operator+.LIBVCRUNTIME ref: 00007FFE1A52913D
Part of subcall function 00007FFE1A528C24: DName::operator+.LIBVCRUNTIME ref: 00007FFE1A529175

DName::operator+.LIBVCRUNTIME ref: 00007FFE1A52BF8A

Strings

std::nullptr_t , xrefs: 00007FFE1A52BF16
cli::pin_ptr<, xrefs: 00007FFE1A52BFA1
void, xrefs: 00007FFE1A52BE6E
std::nullptr_t, xrefs: 00007FFE1A52BF03
void , xrefs: 00007FFE1A52BE96
cli::array<, xrefs: 00007FFE1A52BF57

Memory Dump Source

Source File: 0000000A.00000002.1880848648.00007FFE1A521000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE1A520000, based on PE: true

Associated: 0000000A.00000002.1880831686.00007FFE1A520000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880871127.00007FFE1A531000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880891439.00007FFE1A536000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880909384.00007FFE1A537000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffe1a520000_obs-ffmpeg-mux.jbxd

Similarity

API ID: Name::operator+
String ID: cli::array<$cli::pin_ptr<$std::nullptr_t$std::nullptr_t $void$void
API String ID: 2943138195-2239912363
Opcode ID: e2dcc5ac231621b7bb9adceaede0f9dd180f9bba2b8fff5e7c5622460418e45f
Instruction ID: df7acc093ad7b6bbb2063dcf6b808a2eb124cebc51698fc17102349faa3fd222
Opcode Fuzzy Hash: e2dcc5ac231621b7bb9adceaede0f9dd180f9bba2b8fff5e7c5622460418e45f
Instruction Fuzzy Hash: DE513662F1CF4698FB118BA2E8812BC77A1BB5AB64F4540F7DA4D12AA5DF3CA044C710

Function 00007FFE1A4F8AB0 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 68COMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 00007FFE1A4F8B22
av_log.AVUTIL-58 ref: 00007FFE1A4F8B83
abort.MSVCRT ref: 00007FFE1A4F8B88

Strings

out->planar == in->planar, xrefs: 00007FFE1A4F8BB9
src/libswresample/swresample.c, xrefs: 00007FFE1A4F8B5D, 00007FFE1A4F8B8D, 00007FFE1A4F8BAA
out->bps == in->bps, xrefs: 00007FFE1A4F8B9C
Assertion %s failed at %s:%d, xrefs: 00007FFE1A4F8B78
out->ch_count == in->ch_count, xrefs: 00007FFE1A4F8B6C

Memory Dump Source

Source File: 0000000A.00000002.1880712702.00007FFE1A4F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE1A4F0000, based on PE: true

Associated: 0000000A.00000002.1880696125.00007FFE1A4F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880739274.00007FFE1A509000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880758605.00007FFE1A512000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880777276.00007FFE1A513000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880794427.00007FFE1A516000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880815026.00007FFE1A517000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffe1a4f0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: abortav_logmemcpy
String ID: Assertion %s failed at %s:%d$out->bps == in->bps$out->ch_count == in->ch_count$out->planar == in->planar$src/libswresample/swresample.c
API String ID: 2496068414-3511948170
Opcode ID: b7f206457b9caba27af6789feee01ca3d186e054d088e26f0222d9f3267d756f
Instruction ID: 6ece17b5b7a37b69fc2f7a56bd5f49f8d020ace4aeb15e6b2d9d66801003f3f0
Opcode Fuzzy Hash: b7f206457b9caba27af6789feee01ca3d186e054d088e26f0222d9f3267d756f
Instruction Fuzzy Hash: 7121E072B0CE0286E225CB16EA440FE37A4EB45B72F9451F7DA4C062B1DF3CE155C600

Function 00007FFE1A5463B0 Relevance: 13.7, APIs: 9, Instructions: 230COMMON

Download Yara Rule

APIs

__scrt_dllmain_crt_thread_attach.LIBCMT ref: 00007FFE1A5463D8
__scrt_initialize_crt.LIBCMT ref: 00007FFE1A54641D
__scrt_acquire_startup_lock.LIBCMT ref: 00007FFE1A54642A
_RTC_Initialize.LIBCMT ref: 00007FFE1A546458
__scrt_dllmain_after_initialize_c.LIBCMT ref: 00007FFE1A54647E
__scrt_release_startup_lock.LIBCMT ref: 00007FFE1A5464A9

Memory Dump Source

Source File: 0000000A.00000002.1880945314.00007FFE1A541000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE1A540000, based on PE: true

Associated: 0000000A.00000002.1880927238.00007FFE1A540000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.1880971811.00007FFE1A548000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.1880989606.00007FFE1A54C000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffe1a540000_obs-ffmpeg-mux.jbxd

Similarity

API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
String ID:
API String ID: 349153199-0
Opcode ID: 05d8b91213d8a4974e84562f7c7d5bb031e6d637f96e7ddce6b44401f1817edf
Instruction ID: 076cb8932408b9074bbae6522694064790996b9eeaa78e100b089e4b14c94a55
Opcode Fuzzy Hash: 05d8b91213d8a4974e84562f7c7d5bb031e6d637f96e7ddce6b44401f1817edf
Instruction Fuzzy Hash: 3F814D61F0CE43C6FA54AB67A4413B96691AF56FA0F4440FFD90C47BB6FE2CE8458620

Function 00007FFDFB8CFAD0 Relevance: 13.7, APIs: 9, Instructions: 221COMMON

Download Yara Rule

APIs

_aligned_free.MSVCRT ref: 00007FFDFB8CFBE6
_aligned_free.MSVCRT ref: 00007FFDFB8CFBF0
_aligned_free.MSVCRT ref: 00007FFDFB8CFC3D
_aligned_free.MSVCRT ref: 00007FFDFB8CFC45

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _aligned_free
String ID:
API String ID: 2229574080-0
Opcode ID: bb8437b69a084f07a8ed3204e31c2741436194e29f9f638b4584538b28a8ba08
Instruction ID: 509b66dcee3f3ed5d22527db46572fbf1ec4ab717e155df22a19e0eaa49f6475
Opcode Fuzzy Hash: bb8437b69a084f07a8ed3204e31c2741436194e29f9f638b4584538b28a8ba08
Instruction Fuzzy Hash: DA817DB6B2A68381FB149B52E460A7A67A0FBC5780F144436EE6D47BE9DF3CE444C740

Function 00007FFDFB8CF080 Relevance: 13.7, APIs: 9, Instructions: 181COMMON

Download Yara Rule

APIs

_aligned_free.MSVCRT ref: 00007FFDFB8CF10E
_aligned_free.MSVCRT ref: 00007FFDFB8CF118
_aligned_free.MSVCRT ref: 00007FFDFB8CF157
_aligned_free.MSVCRT ref: 00007FFDFB8CF15F

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _aligned_free
String ID:
API String ID: 2229574080-0
Opcode ID: 01f721f6df29f9dd6bf7ef2f97b91fefc10836ccc23b581315bb421e2c98f023
Instruction ID: a7dc1f365f168d144386565afa7d7c3d1b20ee47ff0ff70fd4c3777e7607859c
Opcode Fuzzy Hash: 01f721f6df29f9dd6bf7ef2f97b91fefc10836ccc23b581315bb421e2c98f023
Instruction Fuzzy Hash: 776192A6B2BA4341FB659B51E820A7A5290BFC8B94F044132EEAD477E9DE3CE444C300

Function 00007FFDFB8E9D80 Relevance: 13.6, APIs: 2, Strings: 7, Instructions: 146stringCOMMON

Download Yara Rule

APIs

strcmp.MSVCRT ref: 00007FFDFB8E99A4
strcmp.MSVCRT ref: 00007FFDFB8E9DD7

Strings

UINT32_MAX, xrefs: 00007FFDFB8EA2E8
INT_MIN, xrefs: 00007FFDFB8EA301
I64_MAX, xrefs: 00007FFDFB8EA31A
I64_MIN, xrefs: 00007FFDFB8EA2CF
%lld, xrefs: 00007FFDFB8EA29D
%-15s , xrefs: 00007FFDFB8E99B0
INT_MAX, xrefs: 00007FFDFB8EA2B6

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: strcmp
String ID: %-15s $%lld$I64_MAX$I64_MIN$INT_MAX$INT_MIN$UINT32_MAX
API String ID: 1004003707-1419900426
Opcode ID: 60724dc2eec3de23298e2ae44bcb11fdf03ae2348c3838bc2f08ec1f1516dc3e
Instruction ID: d8df8e9d5a32d02a6ee01f65733cf423737c39017883bfc36ca4c831103e1879
Opcode Fuzzy Hash: 60724dc2eec3de23298e2ae44bcb11fdf03ae2348c3838bc2f08ec1f1516dc3e
Instruction Fuzzy Hash: 68516F61B2A28396EB689F91E530BFA2350AF81B54F544132DA3D576FDCFBDE450C240

Function 00007FF7E74D2160 Relevance: 13.6, APIs: 9, Instructions: 98COMMON

Download Yara Rule

APIs

pthread_mutex_lock.W32-PTHREADS ref: 00007FF7E74D21BB
os_event_reset.OBS ref: 00007FF7E74D21E7
pthread_mutex_unlock.W32-PTHREADS ref: 00007FF7E74D21F3
os_event_wait.OBS ref: 00007FF7E74D21FF
pthread_mutex_lock.W32-PTHREADS ref: 00007FF7E74D220B
memcpy.VCRUNTIME140 ref: 00007FF7E74D227B
memcpy.VCRUNTIME140 ref: 00007FF7E74D228E
os_event_signal.OBS ref: 00007FF7E74D22D1
pthread_mutex_unlock.W32-PTHREADS ref: 00007FF7E74D22DD

Memory Dump Source

Source File: 0000000A.00000002.1869547646.00007FF7E74D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7E74D0000, based on PE: true

Associated: 0000000A.00000002.1869530177.00007FF7E74D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000A.00000002.1869595077.00007FF7E74D5000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000A.00000002.1869613697.00007FF7E74D6000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000A.00000002.1869636249.00007FF7E74D9000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff7e74d0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: memcpypthread_mutex_lockpthread_mutex_unlock$os_event_resetos_event_signalos_event_wait
String ID:
API String ID: 2918620995-0
Opcode ID: 2ecd02ec26d4cc9ba7addf2ffba6d2c38598a6939d4a4f97ceb40f02c73610ba
Instruction ID: 5e6f07c26a48babfc1d153dca550b97f22ee2698d0452ef98397eeff0d578d24
Opcode Fuzzy Hash: 2ecd02ec26d4cc9ba7addf2ffba6d2c38598a6939d4a4f97ceb40f02c73610ba
Instruction Fuzzy Hash: 3F417232608A82C1D651EF21E5813ADA760FB86B98F844033EFDD07B5ADF7CD1998711

Function 00007FFDFB977C30 Relevance: 13.6, APIs: 9, Instructions: 96COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFDFB977B90: EnterCriticalSection.KERNEL32(?,?,?,?,00007FFDFB977EA7,?,?,?,?,?,?,?,?,00007FFDFB901502), ref: 00007FFDFB977BB6
Part of subcall function 00007FFDFB977B90: LeaveCriticalSection.KERNEL32(?,?,00007FFDFB977EA7,?,?,?,?,?,?,?,?,00007FFDFB901502), ref: 00007FFDFB977BDB

TryEnterCriticalSection.KERNEL32 ref: 00007FFDFB977CB0
CloseHandle.KERNEL32(?,?,?,?,?,?,00007FFDFB901817), ref: 00007FFDFB977CF8
CloseHandle.KERNEL32(?,?,?,?,?,?,00007FFDFB901817), ref: 00007FFDFB977D02
LeaveCriticalSection.KERNEL32 ref: 00007FFDFB977D07
DeleteCriticalSection.KERNEL32(?,?,?,?,?,?,00007FFDFB901817), ref: 00007FFDFB977D17
DeleteCriticalSection.KERNEL32(?,?,?,?,?,?,00007FFDFB901817), ref: 00007FFDFB977D1C
DeleteCriticalSection.KERNEL32(?,?,?,?,?,?,00007FFDFB901817), ref: 00007FFDFB977D23
free.MSVCRT ref: 00007FFDFB977D28

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: CriticalSection$Delete$CloseEnterHandleLeave$free
String ID:
API String ID: 3899327206-0
Opcode ID: 2505bcbe3cd4d1a469b291fb81c03ba1909a3890b205137eb9b30536ece67948
Instruction ID: 0829df2c0b4f959def1690ffee447ce2b38f3a81542eab5106cb7024a087154a
Opcode Fuzzy Hash: 2505bcbe3cd4d1a469b291fb81c03ba1909a3890b205137eb9b30536ece67948
Instruction Fuzzy Hash: E5313C21B0A90381EB519722E828FBA2695FF45BA8FA54631DD3D473F9DE3CD542D304

Function 00007FF7E74D35E4 Relevance: 13.6, APIs: 9, Instructions: 94COMMON

Download Yara Rule

APIs

__scrt_initialize_crt.LIBCMT ref: 00007FF7E74D35F8
__scrt_acquire_startup_lock.LIBCMT ref: 00007FF7E74D360D
__scrt_release_startup_lock.LIBCMT ref: 00007FF7E74D367B
_register_thread_local_exe_atexit_callback.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E74D36C9
_get_initial_wide_environment.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E74D36CE
__p___wargv.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E74D36D6
__p___argc.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E74D36DE
_cexit.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E74D3700
_exit.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E74D375A

Memory Dump Source

Source File: 0000000A.00000002.1869547646.00007FF7E74D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7E74D0000, based on PE: true

Associated: 0000000A.00000002.1869530177.00007FF7E74D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000A.00000002.1869595077.00007FF7E74D5000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000A.00000002.1869613697.00007FF7E74D6000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000A.00000002.1869636249.00007FF7E74D9000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff7e74d0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: __p___argc__p___wargv__scrt_acquire_startup_lock__scrt_initialize_crt__scrt_release_startup_lock_cexit_exit_get_initial_wide_environment_register_thread_local_exe_atexit_callback
String ID:
API String ID: 1184979102-0
Opcode ID: d1267e791b308d50114738cb6d3fcce0682459912f5f90b2ba963487117e6561
Instruction ID: a02dd868e3774371bfcb68ff90beb8632feafeceac622fbc45ec444c28c56b17
Opcode Fuzzy Hash: d1267e791b308d50114738cb6d3fcce0682459912f5f90b2ba963487117e6561
Instruction Fuzzy Hash: 94312721A0850281EA94BB64D4D53B9D291AF93784FD44037EBED472E7DE3CA40F8633

Function 00007FFE1A502290 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 167COMMON

Download Yara Rule

APIs

VirtualQuery.KERNEL32 ref: 00007FFE1A5023A9

Strings

Address %p has no image-section, xrefs: 00007FFE1A502300, 00007FFE1A502510
VirtualProtect failed with code 0x%x, xrefs: 00007FFE1A5024A2
VirtualQuery failed for %d bytes at address %p, xrefs: 00007FFE1A5024FC
Mingw-w64 runtime failure:, xrefs: 00007FFE1A5022C8

Memory Dump Source

Source File: 0000000A.00000002.1880712702.00007FFE1A4F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE1A4F0000, based on PE: true

Associated: 0000000A.00000002.1880696125.00007FFE1A4F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880739274.00007FFE1A509000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880758605.00007FFE1A512000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880777276.00007FFE1A513000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880794427.00007FFE1A516000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880815026.00007FFE1A517000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffe1a4f0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: QueryVirtual
String ID: VirtualProtect failed with code 0x%x$ VirtualQuery failed for %d bytes at address %p$Address %p has no image-section$Mingw-w64 runtime failure:
API String ID: 1804819252-1534286854
Opcode ID: 177a0442ffddc2d8412e742cb8e5249e265e09483f4b31c5fb5574984be0ec8a
Instruction ID: 60eff6c8c7fdc77157f17f96e5edc6898516ccfd2a9c8018f6b66b2f746bbd85
Opcode Fuzzy Hash: 177a0442ffddc2d8412e742cb8e5249e265e09483f4b31c5fb5574984be0ec8a
Instruction Fuzzy Hash: D1617D72B0DF4282EA109B16E9452BD77A1BB56BF0F5442B6EB5C473A1DE3CE544C300

Function 00007FFDFB9687A0 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 167COMMON

Download Yara Rule

APIs

VirtualQuery.KERNEL32 ref: 00007FFDFB9688B9

Strings

VirtualQuery failed for %d bytes at address %p, xrefs: 00007FFDFB968A0C
VirtualProtect failed with code 0x%x, xrefs: 00007FFDFB9689B2
Mingw-w64 runtime failure:, xrefs: 00007FFDFB9687D8
Address %p has no image-section, xrefs: 00007FFDFB968810, 00007FFDFB968A20

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: QueryVirtual
String ID: VirtualProtect failed with code 0x%x$ VirtualQuery failed for %d bytes at address %p$Address %p has no image-section$Mingw-w64 runtime failure:
API String ID: 1804819252-1534286854
Opcode ID: a8cae70abf7ffee8518c3ea9921427e896fff9301f328d805a1cc0052b195cee
Instruction ID: 75a39c212c8dbeb5bf8cfa1b4aeef61bf73512faf2853ccba8a10c3441aea803
Opcode Fuzzy Hash: a8cae70abf7ffee8518c3ea9921427e896fff9301f328d805a1cc0052b195cee
Instruction Fuzzy Hash: AD61B472B16B038AEB109B11E8A4A7977A1FB45790F644236DB7D077E9EE3CE440C700

Function 00007FFE1A525F0A Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 162COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFE1A5263F0: RtlPcToFileHeader.KERNEL32 ref: 00007FFE1A526434
Part of subcall function 00007FFE1A5263F0: RaiseException.KERNEL32 ref: 00007FFE1A52647A

RtlPcToFileHeader.KERNEL32 ref: 00007FFE1A525FA7
FindMITargetTypeInstance.LIBVCRUNTIME ref: 00007FFE1A526003

Strings

Bad read pointer - no RTTI data!, xrefs: 00007FFE1A526108
Attempted a typeid of nullptr pointer!, xrefs: 00007FFE1A5260E5
Bad dynamic_cast!, xrefs: 00007FFE1A526072
Access violation - no RTTI data!, xrefs: 00007FFE1A525F0A, 00007FFE1A52612B

Memory Dump Source

Source File: 0000000A.00000002.1880848648.00007FFE1A521000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE1A520000, based on PE: true

Associated: 0000000A.00000002.1880831686.00007FFE1A520000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880871127.00007FFE1A531000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880891439.00007FFE1A536000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880909384.00007FFE1A537000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffe1a520000_obs-ffmpeg-mux.jbxd

Similarity

API ID: FileHeader$ExceptionFindInstanceRaiseTargetType
String ID: Access violation - no RTTI data!$Attempted a typeid of nullptr pointer!$Bad dynamic_cast!$Bad read pointer - no RTTI data!
API String ID: 1852475696-928371585
Opcode ID: 7f6c35cefbfcfc98e88ebc0aa35afe6c2c6ede9eabcdb344d1914a97fbaad475
Instruction ID: e2ca834dce7717f22a26b4c4c84e8b655d672dc0a457be976c0e9a4c086ee453
Opcode Fuzzy Hash: 7f6c35cefbfcfc98e88ebc0aa35afe6c2c6ede9eabcdb344d1914a97fbaad475
Instruction Fuzzy Hash: 07516E6271DE86D2EE20CBA6E4905B96361FF95FA8F4044B3DA4E07A75DE3CE505C300

Function 00007FFE1A4F3F10 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 144COMMON

Download Yara Rule

APIs

av_free.AVUTIL-58 ref: 00007FFE1A4F4056
av_log.AVUTIL-58 ref: 00007FFE1A4F4139
abort.MSVCRT ref: 00007FFE1A4F413E

Strings

src/libswresample/dither.c, xrefs: 00007FFE1A4F4113, 00007FFE1A4F414B
*, xrefs: 00007FFE1A4F416A
s->dither.method < SWR_DITHER_NB, xrefs: 00007FFE1A4F4152
Assertion %s failed at %s:%d, xrefs: 00007FFE1A4F412E

Memory Dump Source

Source File: 0000000A.00000002.1880712702.00007FFE1A4F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE1A4F0000, based on PE: true

Associated: 0000000A.00000002.1880696125.00007FFE1A4F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880739274.00007FFE1A509000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880758605.00007FFE1A512000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880777276.00007FFE1A513000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880794427.00007FFE1A516000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880815026.00007FFE1A517000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffe1a4f0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: abortav_freeav_log
String ID: *$Assertion %s failed at %s:%d$s->dither.method < SWR_DITHER_NB$src/libswresample/dither.c
API String ID: 3300847756-1990850000
Opcode ID: ab30c3e9237167edfc00d8e6b718087be1c521b79e3897be0253280de5e0c4da
Instruction ID: 9768a479145000ad0041a5a4e9a83d7f4963198fc65c84eee18cf0555a6a129c
Opcode Fuzzy Hash: ab30c3e9237167edfc00d8e6b718087be1c521b79e3897be0253280de5e0c4da
Instruction Fuzzy Hash: 5A513A31F1CF4249DA22CB3A95411B9B314EF53BA5F10D3B3E61E26665EF3DA096C600

Function 00007FFE1A52E148 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 127COMMON

Download Yara Rule

APIs

DName::operator+.LIBVCRUNTIME ref: 00007FFE1A52E1BC
DName::operator+.LIBVCRUNTIME ref: 00007FFE1A52E1CB
DName::operator+=.LIBVCRUNTIME ref: 00007FFE1A52E2E8

Part of subcall function 00007FFE1A52C3C8: DName::operator+.LIBVCRUNTIME ref: 00007FFE1A52C459
Part of subcall function 00007FFE1A52C3C8: DName::operator+.LIBVCRUNTIME ref: 00007FFE1A52C492
Part of subcall function 00007FFE1A52C3C8: DName::operator+.LIBVCRUNTIME ref: 00007FFE1A52C7BB

DName::operator+.LIBVCRUNTIME ref: 00007FFE1A52E26B
DName::operator+.LIBVCRUNTIME ref: 00007FFE1A52E27B
DName::operator+.LIBVCRUNTIME ref: 00007FFE1A52E325

Strings

{for , xrefs: 00007FFE1A52E1F4

Memory Dump Source

Source File: 0000000A.00000002.1880848648.00007FFE1A521000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE1A520000, based on PE: true

Associated: 0000000A.00000002.1880831686.00007FFE1A520000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880871127.00007FFE1A531000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880891439.00007FFE1A536000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880909384.00007FFE1A537000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffe1a520000_obs-ffmpeg-mux.jbxd

Similarity

API ID: Name::operator+$Name::operator+=
String ID: {for
API String ID: 179159573-864106941
Opcode ID: edc966f78679f2c80b6a90da374f91d2d358e76260b44eb27b7c84d8a506cb89
Instruction ID: a60029afba3899f6bf3d83f85d28d4e719edb6d213facd6d960c98832fb058fb
Opcode Fuzzy Hash: edc966f78679f2c80b6a90da374f91d2d358e76260b44eb27b7c84d8a506cb89
Instruction Fuzzy Hash: 9F514772B0CE85A9E7118F66D4413FD27A2EB56B68F8480F3EA4D07AA5DF78E550C310

Function 00007FFDFB8DD650 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 101COMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32 ref: 00007FFDFB8DD6EA
free.MSVCRT ref: 00007FFDFB8DD6F3

Strings

%s failed, xrefs: 00007FFDFB8DD771
cu->cuCtxDestroy(hwctx->cuda_ctx), xrefs: 00007FFDFB8DD68E, 00007FFDFB8DD7DF
Calling %s, xrefs: 00007FFDFB8DD695, 00007FFDFB8DD728
cu->cuDevicePrimaryCtxRelease(hwctx->internal->cuda_device), xrefs: 00007FFDFB8DD721, 00007FFDFB8DD76A
-> %s: %s, xrefs: 00007FFDFB8DD79E

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: FreeLibraryfree
String ID: -> %s: %s$%s failed$Calling %s$cu->cuCtxDestroy(hwctx->cuda_ctx)$cu->cuDevicePrimaryCtxRelease(hwctx->internal->cuda_device)
API String ID: 155010425-3275200884
Opcode ID: 5bf74a7dc137a0c155993daea2b6d87e70908d77a28ad94112a4fe68d911b2e3
Instruction ID: 37c5e486c7d8bf8397f1308fd0d766487707dd580d2b5c5a5f57d3acdd6c18c7
Opcode Fuzzy Hash: 5bf74a7dc137a0c155993daea2b6d87e70908d77a28ad94112a4fe68d911b2e3
Instruction Fuzzy Hash: 25413C25B1AA4791EB589F61E420FBA6350FB84B84F845532DE6E176B8CF3CE455C340

Function 00007FFE1A4F6770 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 90COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFE1A4F8F70: av_freep.AVUTIL-58 ref: 00007FFE1A4F909C

memcpy.MSVCRT ref: 00007FFE1A4F6814
av_log.AVUTIL-58 ref: 00007FFE1A4F6865
abort.MSVCRT ref: 00007FFE1A4F686A
av_freep.AVUTIL-58 ref: 00007FFE1A4F6885

Strings

Assertion %s failed at %s:%d, xrefs: 00007FFE1A4F6856
a->planar, xrefs: 00007FFE1A4F6846
src/libswresample/resample.c, xrefs: 00007FFE1A4F683F

Memory Dump Source

Source File: 0000000A.00000002.1880712702.00007FFE1A4F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE1A4F0000, based on PE: true

Associated: 0000000A.00000002.1880696125.00007FFE1A4F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880739274.00007FFE1A509000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880758605.00007FFE1A512000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880777276.00007FFE1A513000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880794427.00007FFE1A516000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880815026.00007FFE1A517000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffe1a4f0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: av_freep$abortav_logmemcpy
String ID: Assertion %s failed at %s:%d$a->planar$src/libswresample/resample.c
API String ID: 932020481-1037444191
Opcode ID: 2fed7eb9d3f7d8d6d6ab3b2d75b72cd75ee98cc0c08d437b01389e601e0e5f9a
Instruction ID: 1ed057a2e9d8056a1641ae03d025063668da50c2681fe0216f959c83ab441640
Opcode Fuzzy Hash: 2fed7eb9d3f7d8d6d6ab3b2d75b72cd75ee98cc0c08d437b01389e601e0e5f9a
Instruction Fuzzy Hash: 25312433F09A828BE724CB7AD9410FD73A1FB85B69F0581B6DA0847665EF38E501C700

Function 00007FFDFB8EC1D0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 89stringCOMMON

Download Yara Rule

APIs

strspn.MSVCRT ref: 00007FFDFB8EC1FC
strspn.MSVCRT ref: 00007FFDFB8EC245
strchr.MSVCRT ref: 00007FFDFB8EC25D
memcpy.MSVCRT ref: 00007FFDFB8EC28C

Strings

ambisonic , xrefs: 00007FFDFB8EC1D7
, xrefs: 00007FFDFB8EC1EF, 00007FFDFB8EC23B

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: strspn$memcpystrchr
String ID: $ambisonic
API String ID: 2918080867-3257024572
Opcode ID: 0f5482def2ad202852d1b32bcf54bb77238b5e8d6a621b367dc68f81b01bffa8
Instruction ID: 3bf84bfd115d33780142b410d04d62a9ec7348cf7b65b8435902e1aab24fc578
Opcode Fuzzy Hash: 0f5482def2ad202852d1b32bcf54bb77238b5e8d6a621b367dc68f81b01bffa8
Instruction Fuzzy Hash: FC313822F1A64394EB259FA9E9609BA2791AF897D4F488032DD3C577FDDE3CE441C600

Function 00007FFDFB969860 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 89stringCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 00007FFDFB969878
_errno.MSVCRT ref: 00007FFDFB969897
rand.MSVCRT ref: 00007FFDFB969910
_sopen.MSVCRT ref: 00007FFDFB96995F
_errno.MSVCRT ref: 00007FFDFB969970

Strings

XXXX, xrefs: 00007FFDFB96988F
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789, xrefs: 00007FFDFB9698FE

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _errno$_sopenrandstrlen
String ID: XXXX$abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789
API String ID: 1081397658-1416102993
Opcode ID: 7ac93ad39a8cb676dc86535b40274021b571b1fd82cfda16182900e2eb2af889
Instruction ID: 8555ee9b8f24e0840a69cc88039a13f8d437dbbfbab543ba8b7e9dc98ca71fa5
Opcode Fuzzy Hash: 7ac93ad39a8cb676dc86535b40274021b571b1fd82cfda16182900e2eb2af889
Instruction Fuzzy Hash: BD315822F0A5535AEB219B28DD2097C1BD2AB497A4F498231CE2C477E9EE2DE8018310

Function 00007FFE1A5268AC Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 88libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(?,?,?,00007FFE1A526A6B,?,?,00000000,00007FFE1A52689C,?,?,?,?,00007FFE1A5265E5), ref: 00007FFE1A526931
GetLastError.KERNEL32(?,?,?,00007FFE1A526A6B,?,?,00000000,00007FFE1A52689C,?,?,?,?,00007FFE1A5265E5), ref: 00007FFE1A52693F
wcsncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FFE1A526A6B,?,?,00000000,00007FFE1A52689C,?,?,?,?,00007FFE1A5265E5), ref: 00007FFE1A526958
LoadLibraryExW.KERNEL32(?,?,?,00007FFE1A526A6B,?,?,00000000,00007FFE1A52689C,?,?,?,?,00007FFE1A5265E5), ref: 00007FFE1A52696A
FreeLibrary.KERNEL32(?,?,?,00007FFE1A526A6B,?,?,00000000,00007FFE1A52689C,?,?,?,?,00007FFE1A5265E5), ref: 00007FFE1A5269B0
GetProcAddress.KERNEL32(?,?,?,00007FFE1A526A6B,?,?,00000000,00007FFE1A52689C,?,?,?,?,00007FFE1A5265E5), ref: 00007FFE1A5269BC

Strings

api-ms-, xrefs: 00007FFE1A526951

Memory Dump Source

Source File: 0000000A.00000002.1880848648.00007FFE1A521000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE1A520000, based on PE: true

Associated: 0000000A.00000002.1880831686.00007FFE1A520000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880871127.00007FFE1A531000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880891439.00007FFE1A536000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880909384.00007FFE1A537000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffe1a520000_obs-ffmpeg-mux.jbxd

Similarity

API ID: Library$Load$AddressErrorFreeLastProcwcsncmp
String ID: api-ms-
API String ID: 916704608-2084034818
Opcode ID: 45bb9c456b18d615664943834e4003b355ea3ec7f5874fc1f64106649d67ca5c
Instruction ID: 0d1df70ec0763a455a0c10bf6c743f7312ee5119319c8c4b3fb23e7020a400b3
Opcode Fuzzy Hash: 45bb9c456b18d615664943834e4003b355ea3ec7f5874fc1f64106649d67ca5c
Instruction Fuzzy Hash: DC319C21B0EF42D1EE119B53A8005B522A6FF46FB0F5905B7DD2D0ABA4EF3CE5448360

Function 00007FFDFB8D0D30 Relevance: 12.2, APIs: 8, Instructions: 150COMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 00007FFDFB8D0E09
memcpy.MSVCRT ref: 00007FFDFB8D0E31
memcpy.MSVCRT ref: 00007FFDFB8D0E64
_aligned_free.MSVCRT ref: 00007FFDFB8D0EFD
_aligned_free.MSVCRT ref: 00007FFDFB8D0F22
_aligned_free.MSVCRT ref: 00007FFDFB8D0F2B
_aligned_free.MSVCRT ref: 00007FFDFB8D0F34
_aligned_free.MSVCRT ref: 00007FFDFB8D0F3C

Part of subcall function 00007FFDFB8D09B0: _aligned_free.MSVCRT ref: 00007FFDFB8D0AA6
Part of subcall function 00007FFDFB8D09B0: _aligned_free.MSVCRT ref: 00007FFDFB8D0ADD
Part of subcall function 00007FFDFB8D09B0: _aligned_free.MSVCRT ref: 00007FFDFB8D0AFA
Part of subcall function 00007FFDFB8D09B0: _aligned_free.MSVCRT ref: 00007FFDFB8D0B03
Part of subcall function 00007FFDFB8D09B0: _aligned_free.MSVCRT ref: 00007FFDFB8D0B0C
Part of subcall function 00007FFDFB8D09B0: _aligned_free.MSVCRT ref: 00007FFDFB8D0B14
Part of subcall function 00007FFDFB8D09B0: _aligned_free.MSVCRT ref: 00007FFDFB8D0B1D
Part of subcall function 00007FFDFB8D09B0: _aligned_free.MSVCRT ref: 00007FFDFB8D0B27
Part of subcall function 00007FFDFB8D09B0: _aligned_free.MSVCRT ref: 00007FFDFB8D0B31

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _aligned_free$memcpy
String ID:
API String ID: 2399556850-0
Opcode ID: 3c9d650dbb13996a3ec22da08a15398705cb45436fe499cb8ebfbe706efbcf1e
Instruction ID: 065a4a91d2b601524991365220af2d6255d852ba083e7f7e973b74067ef9003b
Opcode Fuzzy Hash: 3c9d650dbb13996a3ec22da08a15398705cb45436fe499cb8ebfbe706efbcf1e
Instruction Fuzzy Hash: 4151C526B2A64685DB509B16E464B7D67A0FBCCBC4F144136EE5E07BE9DF3CE4408300

Function 00007FFDFB97BC90 Relevance: 12.1, APIs: 8, Instructions: 89timethreadCOMMON

Download Yara Rule

APIs

QueryPerformanceFrequency.KERNEL32 ref: 00007FFDFB97BCBD
QueryPerformanceCounter.KERNEL32 ref: 00007FFDFB97BCD0
GetCurrentThread.KERNEL32 ref: 00007FFDFB97BD39
GetThreadTimes.KERNEL32 ref: 00007FFDFB97BD5B
GetCurrentProcess.KERNEL32 ref: 00007FFDFB97BDA8
GetProcessTimes.KERNEL32 ref: 00007FFDFB97BDCA
_errno.MSVCRT ref: 00007FFDFB97BDD4
GetSystemTimeAsFileTime.KERNEL32 ref: 00007FFDFB97BDF5

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: CurrentPerformanceProcessQueryThreadTimeTimes$CounterFileFrequencySystem_errno
String ID:
API String ID: 3786581644-0
Opcode ID: d139243207ebbece3588048b73cc12c1a18ec046571d34b62e2ee2edf8e95ea4
Instruction ID: b96e2c36c9507896e5274e0d1ebb5d9db0207e011e01b6a27c5659e102c80eef
Opcode Fuzzy Hash: d139243207ebbece3588048b73cc12c1a18ec046571d34b62e2ee2edf8e95ea4
Instruction Fuzzy Hash: 4C3192F6B19A4782DF548F25E434A7A73A5FB84B84B109036D69E47BA8DE3CD404CB10

Function 00007FFDFB8F1C90 Relevance: 12.1, APIs: 2, Strings: 6, Instructions: 85stringCOMMON

Download Yara Rule

APIs

strcmp.MSVCRT ref: 00007FFDFB8F1D24

Strings

rgba, xrefs: 00007FFDFB8F1CD3
bgra, xrefs: 00007FFDFB8F1D40
%s%s, xrefs: 00007FFDFB8F1D63
bgr32, xrefs: 00007FFDFB8F1CC3
rgb32, xrefs: 00007FFDFB8F1C9A
yuv420p, xrefs: 00007FFDFB8F1CE5, 00007FFDFB8F1D74

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: strcmp
String ID: %s%s$bgr32$bgra$rgb32$rgba$yuv420p
API String ID: 1004003707-3566121812
Opcode ID: 98d685d57b4154a566717737cbd7b33df6296256410a4f9ae653ec1de5376476
Instruction ID: 9706c6b48a2e0438451a04d64538443d52da31bba4f430023fb602e565f7597a
Opcode Fuzzy Hash: 98d685d57b4154a566717737cbd7b33df6296256410a4f9ae653ec1de5376476
Instruction Fuzzy Hash: 20319551F1E58354FFA5AB129920AB52B616F81B88F580135CD2E072FCEF6CE901C310

Function 00007FFDFB8C6810 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 226COMMON

Download Yara Rule

Strings

Assertion %s failed at %s:%d, xrefs: 00007FFDFB8C6A0D
src/libavutil/avstring.c, xrefs: 00007FFDFB8C69F6
tail_len <= 5, xrefs: 00007FFDFB8C69FD

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID: Assertion %s failed at %s:%d$src/libavutil/avstring.c$tail_len <= 5
API String ID: 0-789252298
Opcode ID: 329d394584cb3486badaf9e4265f6a7098fb55d9a784c86af4291aec6c9427e0
Instruction ID: 524e546d8e222f175a8470434f3ba0c5dc374aaeccf5b5d29b534679385f58c0
Opcode Fuzzy Hash: 329d394584cb3486badaf9e4265f6a7098fb55d9a784c86af4291aec6c9427e0
Instruction Fuzzy Hash: 397102E3F2EA4302EB634B246D20B796591BF857A4F588233DE3D077E9ED6DA445C200

Function 00007FFDFB8DAF20 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 189COMMON

Download Yara Rule

Strings

orig_dst_frames == ((void *)0) || orig_dst_frames == dst->hw_frames_ctx, xrefs: 00007FFDFB8DB11C
Invalid mapping found when attempting unmap., xrefs: 00007FFDFB8DB0F6
Assertion %s failed at %s:%d, xrefs: 00007FFDFB8DB12C
src/libavutil/hwcontext.c, xrefs: 00007FFDFB8DB115
Failed to map frame into derived frame context: %d., xrefs: 00007FFDFB8DB1DD

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID: Assertion %s failed at %s:%d$Failed to map frame into derived frame context: %d.$Invalid mapping found when attempting unmap.$orig_dst_frames == ((void *)0) || orig_dst_frames == dst->hw_frames_ctx$src/libavutil/hwcontext.c
API String ID: 0-1886799933
Opcode ID: 7de98eef6f36daff8acd38367cc58669d168e51f435deb3ddf0eda039419a1c9
Instruction ID: 1e04f711f4bb02b0560dc85894a18e3fc5c6b4882115605f74c1bedad9a04162
Opcode Fuzzy Hash: 7de98eef6f36daff8acd38367cc58669d168e51f435deb3ddf0eda039419a1c9
Instruction Fuzzy Hash: 28719576B1AA4781EB508B16D460E6A27A0FB88BD4F548637DE2D477F8DF38E841C740

Function 00007FFDFB8E5366 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 148stringCOMMON

Download Yara Rule

APIs

strcmp.MSVCRT ref: 00007FFDFB8E4F79
strcpy.MSVCRT ref: 00007FFDFB8E4FC5
strlen.MSVCRT ref: 00007FFDFB8E52C6

Strings

[%s] , xrefs: 00007FFDFB8E5316
Last message repeated %d times, xrefs: 00007FFDFB8E4FA2
?, xrefs: 00007FFDFB8E50A8
debug, xrefs: 00007FFDFB8E5366
%s%s%s%s, xrefs: 00007FFDFB8E4F2A

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: strcmpstrcpystrlen
String ID: Last message repeated %d times$%s%s%s%s$?$[%s] $debug
API String ID: 895318938-486550452
Opcode ID: 1bc9e0b77ceed3842ae2b5e7fb56ecccc4e0069f3b8ae22bfc2df3ac513e0b58
Instruction ID: 7e5463a99bf2cf5f4f531f3957eb27e6945cf689abd13521f19597b8a85deb32
Opcode Fuzzy Hash: 1bc9e0b77ceed3842ae2b5e7fb56ecccc4e0069f3b8ae22bfc2df3ac513e0b58
Instruction Fuzzy Hash: F5618161B1E68745EB689B91A430BFE6791BFC2744F844036EAAD172EEDE3DE404C740

Function 00007FFDFB8E535D Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 148stringCOMMON

Download Yara Rule

APIs

strcmp.MSVCRT ref: 00007FFDFB8E4F79
strcpy.MSVCRT ref: 00007FFDFB8E4FC5
strlen.MSVCRT ref: 00007FFDFB8E52C6

Strings

[%s] , xrefs: 00007FFDFB8E5316
Last message repeated %d times, xrefs: 00007FFDFB8E4FA2
trace, xrefs: 00007FFDFB8E535D
?, xrefs: 00007FFDFB8E50A8
%s%s%s%s, xrefs: 00007FFDFB8E4F2A

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: strcmpstrcpystrlen
String ID: Last message repeated %d times$%s%s%s%s$?$[%s] $trace
API String ID: 895318938-1090435506
Opcode ID: 388eb94d59a67a7935202ee3fbd654646914f8ea13633ebb36aa983399d9d6e5
Instruction ID: b2a5f8e87d7cfa7273305da0f7f0921973dad85d23ec4ab6ba06dae56bb64ada
Opcode Fuzzy Hash: 388eb94d59a67a7935202ee3fbd654646914f8ea13633ebb36aa983399d9d6e5
Instruction Fuzzy Hash: 28617161B1E68745EB689B91A430BFE6791BFC2744F844036EAAD172EEDE3DE404C740

Function 00007FFDFB8E5339 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 148stringCOMMON

Download Yara Rule

APIs

strcmp.MSVCRT ref: 00007FFDFB8E4F79
strcpy.MSVCRT ref: 00007FFDFB8E4FC5
strlen.MSVCRT ref: 00007FFDFB8E52C6

Strings

[%s] , xrefs: 00007FFDFB8E5316
Last message repeated %d times, xrefs: 00007FFDFB8E4FA2
fatal, xrefs: 00007FFDFB8E5339
?, xrefs: 00007FFDFB8E50A8
%s%s%s%s, xrefs: 00007FFDFB8E4F2A

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: strcmpstrcpystrlen
String ID: Last message repeated %d times$%s%s%s%s$?$[%s] $fatal
API String ID: 895318938-1232420508
Opcode ID: 5564261fac44c2804085dbb4aa80a2cc84f05d2c4e199730b9fad23d48acbc1c
Instruction ID: abd0266dc8372909b934658411be7359f6d3603a9f2a8191dd16cae36a1f3159
Opcode Fuzzy Hash: 5564261fac44c2804085dbb4aa80a2cc84f05d2c4e199730b9fad23d48acbc1c
Instruction Fuzzy Hash: 31618161B1E68745EB689B91A430BFE6791BFC2744F844036EAAD172EEDE3DE404C740

Function 00007FFDFB8E5330 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 148stringCOMMON

Download Yara Rule

APIs

strcmp.MSVCRT ref: 00007FFDFB8E4F79
strcpy.MSVCRT ref: 00007FFDFB8E4FC5
strlen.MSVCRT ref: 00007FFDFB8E52C6

Strings

[%s] , xrefs: 00007FFDFB8E5316
Last message repeated %d times, xrefs: 00007FFDFB8E4FA2
?, xrefs: 00007FFDFB8E50A8
error, xrefs: 00007FFDFB8E5330
%s%s%s%s, xrefs: 00007FFDFB8E4F2A

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: strcmpstrcpystrlen
String ID: Last message repeated %d times$%s%s%s%s$?$[%s] $error
API String ID: 895318938-746115170
Opcode ID: 290f8d961d26d619dfad9ec8fbf528cba7d9e151612daada1adc1da91ff29958
Instruction ID: cbab6cad197e1ea616dda5965330eb411299dee54656904c61d91c858adfd4fb
Opcode Fuzzy Hash: 290f8d961d26d619dfad9ec8fbf528cba7d9e151612daada1adc1da91ff29958
Instruction Fuzzy Hash: 7D618161B1E68745EB689B91A430BFE6791BFC2744F844036EAAD172EEDE3DE404C740

Function 00007FFDFB8E5327 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 148stringCOMMON

Download Yara Rule

APIs

strcmp.MSVCRT ref: 00007FFDFB8E4F79
strcpy.MSVCRT ref: 00007FFDFB8E4FC5
strlen.MSVCRT ref: 00007FFDFB8E52C6

Strings

[%s] , xrefs: 00007FFDFB8E5316
panic, xrefs: 00007FFDFB8E5327
Last message repeated %d times, xrefs: 00007FFDFB8E4FA2
?, xrefs: 00007FFDFB8E50A8
%s%s%s%s, xrefs: 00007FFDFB8E4F2A

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: strcmpstrcpystrlen
String ID: Last message repeated %d times$%s%s%s%s$?$[%s] $panic
API String ID: 895318938-4009946497
Opcode ID: 76949ceaf3e161934144b751887d61ea7784a81ae46f4df191c02a4c19fb6b98
Instruction ID: 32246d6f6d43e80a261301f06fc653013e70e722398bc7607af809a6b7e77835
Opcode Fuzzy Hash: 76949ceaf3e161934144b751887d61ea7784a81ae46f4df191c02a4c19fb6b98
Instruction Fuzzy Hash: F6618161B1E68745EB689B91A430BFE6791BFC2744F844036EAAD172EEDE3DE404C740

Function 00007FFDFB8E5354 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 148stringCOMMON

Download Yara Rule

APIs

strcmp.MSVCRT ref: 00007FFDFB8E4F79
strcpy.MSVCRT ref: 00007FFDFB8E4FC5
strlen.MSVCRT ref: 00007FFDFB8E52C6

Strings

[%s] , xrefs: 00007FFDFB8E5316
Last message repeated %d times, xrefs: 00007FFDFB8E4FA2
warning, xrefs: 00007FFDFB8E5354
?, xrefs: 00007FFDFB8E50A8
%s%s%s%s, xrefs: 00007FFDFB8E4F2A

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: strcmpstrcpystrlen
String ID: Last message repeated %d times$%s%s%s%s$?$[%s] $warning
API String ID: 895318938-1705345410
Opcode ID: 08d12eebc39462adb75762280ad986e564744e38b177ed1b8a4005c961454d7e
Instruction ID: 43b46f5a44385d0a4bbeda447f6a93e47364905cb6a1aae0809fd44f030648ce
Opcode Fuzzy Hash: 08d12eebc39462adb75762280ad986e564744e38b177ed1b8a4005c961454d7e
Instruction Fuzzy Hash: 95618161B1E68745EB689B91A430BFE6791BFC2744F844036EAAD172EEDE3DE404C740

Function 00007FFDFB8E534B Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 148stringCOMMON

Download Yara Rule

APIs

strcmp.MSVCRT ref: 00007FFDFB8E4F79
strcpy.MSVCRT ref: 00007FFDFB8E4FC5
strlen.MSVCRT ref: 00007FFDFB8E52C6

Strings

[%s] , xrefs: 00007FFDFB8E5316
Last message repeated %d times, xrefs: 00007FFDFB8E4FA2
info, xrefs: 00007FFDFB8E534B
?, xrefs: 00007FFDFB8E50A8
%s%s%s%s, xrefs: 00007FFDFB8E4F2A

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: strcmpstrcpystrlen
String ID: Last message repeated %d times$%s%s%s%s$?$[%s] $info
API String ID: 895318938-3747654419
Opcode ID: 94470c2433cdf86f563b52056e8aa694089832e0010874791d716f3e200e382d
Instruction ID: c6470864301b3de7ed2b61c0db30539d419efec3f6f201e08c1716e61b7681ef
Opcode Fuzzy Hash: 94470c2433cdf86f563b52056e8aa694089832e0010874791d716f3e200e382d
Instruction Fuzzy Hash: 82618161B1E68745EB689B91A430BFE6791BFC2744F844036EAAD172EEDE3DE404C740

Function 00007FFDFB8E5342 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 148stringCOMMON

Download Yara Rule

APIs

strcmp.MSVCRT ref: 00007FFDFB8E4F79
strcpy.MSVCRT ref: 00007FFDFB8E4FC5
strlen.MSVCRT ref: 00007FFDFB8E52C6

Strings

[%s] , xrefs: 00007FFDFB8E5316
Last message repeated %d times, xrefs: 00007FFDFB8E4FA2
?, xrefs: 00007FFDFB8E50A8
%s%s%s%s, xrefs: 00007FFDFB8E4F2A
verbose, xrefs: 00007FFDFB8E5342

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: strcmpstrcpystrlen
String ID: Last message repeated %d times$%s%s%s%s$?$[%s] $verbose
API String ID: 895318938-125437466
Opcode ID: a2fd106a1c9acae8677d10434890b9ef8f33735a9d1e14c72d708d45250e3eb7
Instruction ID: a9dd3c5b71815268d45f990f785eea151b45a7b42add12a36253db6509128961
Opcode Fuzzy Hash: a2fd106a1c9acae8677d10434890b9ef8f33735a9d1e14c72d708d45250e3eb7
Instruction Fuzzy Hash: 22618161B1E68745EB689B91A430BFE6791BFC2744F844036EAAD172EEDE3DE404C740

Function 00007FFE1A525520 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 132COMMON

Download Yara Rule

APIs

RtlPcToFileHeader.KERNEL32 ref: 00007FFE1A5255E9
_local_unwind.LIBVCRUNTIME ref: 00007FFE1A52568C

Strings

RCC, xrefs: 00007FFE1A52556E
MOC, xrefs: 00007FFE1A525562
csm, xrefs: 00007FFE1A5256D0
csm, xrefs: 00007FFE1A525584

Memory Dump Source

Source File: 0000000A.00000002.1880848648.00007FFE1A521000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE1A520000, based on PE: true

Associated: 0000000A.00000002.1880831686.00007FFE1A520000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880871127.00007FFE1A531000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880891439.00007FFE1A536000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880909384.00007FFE1A537000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffe1a520000_obs-ffmpeg-mux.jbxd

Similarity

API ID: FileHeader_local_unwind
String ID: MOC$RCC$csm$csm
API String ID: 2627209546-1441736206
Opcode ID: 385ada566cdd30ad99b7ac5e1d5c8025a7264eea7c22efa234297d7bd0e399d8
Instruction ID: 27194a9c02aad2fb733e5560ce7d44bfa56a259f3f2190736ea642fbedd1522c
Opcode Fuzzy Hash: 385ada566cdd30ad99b7ac5e1d5c8025a7264eea7c22efa234297d7bd0e399d8
Instruction Fuzzy Hash: 33517272B0DA51C6EA609FB6904137D76A2FF46FA8F1400F3EA4E56765DF3CE4418A01

Function 00007FFE1A4FAC80 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 92COMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 00007FFE1A4FAD29
av_log.AVUTIL-58 ref: 00007FFE1A4FAD9C

Strings

adding %d audio samples of silence, xrefs: 00007FFE1A4FAD8D

Memory Dump Source

Source File: 0000000A.00000002.1880712702.00007FFE1A4F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE1A4F0000, based on PE: true

Associated: 0000000A.00000002.1880696125.00007FFE1A4F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880739274.00007FFE1A509000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880758605.00007FFE1A512000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880777276.00007FFE1A513000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880794427.00007FFE1A516000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880815026.00007FFE1A517000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffe1a4f0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: av_logmemset
String ID: adding %d audio samples of silence
API String ID: 1585849880-1798122562
Opcode ID: 43dec4429a85b2510075a362c729a0e6794df002455a30ccca771920209cc6fe
Instruction ID: f2fe6ece64acc58cd9fa1aede36986582028ec7ae8b89ebf8cdd3d02accfdb56
Opcode Fuzzy Hash: 43dec4429a85b2510075a362c729a0e6794df002455a30ccca771920209cc6fe
Instruction Fuzzy Hash: CE310621B08A6246F755861BA049FFF224AFB45FA2F4060F7DE0D9779ACE2DE501C744

Function 00007FFE1A52D740 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 89COMMON

Download Yara Rule

APIs

atol.API-MS-WIN-CRT-CONVERT-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFE1A52CE14), ref: 00007FFE1A52D803
DName::DName.LIBVCRUNTIME ref: 00007FFE1A52D822

Strings

`template-parameter, xrefs: 00007FFE1A52D830
void, xrefs: 00007FFE1A52D786

Memory Dump Source

Source File: 0000000A.00000002.1880848648.00007FFE1A521000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE1A520000, based on PE: true

Associated: 0000000A.00000002.1880831686.00007FFE1A520000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880871127.00007FFE1A531000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880891439.00007FFE1A536000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880909384.00007FFE1A537000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffe1a520000_obs-ffmpeg-mux.jbxd

Similarity

API ID: NameName::atol
String ID: `template-parameter$void
API String ID: 2130343216-4057429177
Opcode ID: 2821a58495c29764098872c6b010649cccddcb6c42941e500fb92a9452cac6b1
Instruction ID: 90b81c479a42ab17ce807e378c22ac7194a3f4e766b33db4fbc4a525f3c0b6e2
Opcode Fuzzy Hash: 2821a58495c29764098872c6b010649cccddcb6c42941e500fb92a9452cac6b1
Instruction Fuzzy Hash: 82412722B08F56C8FB009BA6D8512BD2372BF46BA4F5410B7CE0D56A65DF7CA509C340

Function 00007FFE1A528624 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 85COMMON

Download Yara Rule

APIs

DName::operator+.LIBVCRUNTIME ref: 00007FFE1A5286DB

Strings

..., xrefs: 00007FFE1A528724
void, xrefs: 00007FFE1A528759
,..., xrefs: 00007FFE1A5286A8
,<ellipsis>, xrefs: 00007FFE1A5286B8
<ellipsis>, xrefs: 00007FFE1A528734

Memory Dump Source

Source File: 0000000A.00000002.1880848648.00007FFE1A521000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE1A520000, based on PE: true

Associated: 0000000A.00000002.1880831686.00007FFE1A520000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880871127.00007FFE1A531000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880891439.00007FFE1A536000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880909384.00007FFE1A537000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffe1a520000_obs-ffmpeg-mux.jbxd

Similarity

API ID: Name::operator+
String ID: ,...$,<ellipsis>$...$<ellipsis>$void
API String ID: 2943138195-2211150622
Opcode ID: 16d5b7056506ac1aa3be62c87a897449e0af35361c1a5b370ad614f7e7c3f2e7
Instruction ID: 15f9452778cae83defc5c95d5afeae7d9952b108d866b0013a60f36c6b186158
Opcode Fuzzy Hash: 16d5b7056506ac1aa3be62c87a897449e0af35361c1a5b370ad614f7e7c3f2e7
Instruction Fuzzy Hash: AA410572B1CF4688FB028BA6E8802BC37A1BB5AB58F4441F7EA4D52664DF3CA545C750

Function 00007FFE1A52A31C Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 83COMMON

Download Yara Rule

APIs

DName::operator+.LIBVCRUNTIME ref: 00007FFE1A52A40F

Strings

int , xrefs: 00007FFE1A52A38D
short , xrefs: 00007FFE1A52A39C
long , xrefs: 00007FFE1A52A37E
char , xrefs: 00007FFE1A52A3A5
unsigned , xrefs: 00007FFE1A52A3E3

Memory Dump Source

Source File: 0000000A.00000002.1880848648.00007FFE1A521000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE1A520000, based on PE: true

Associated: 0000000A.00000002.1880831686.00007FFE1A520000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880871127.00007FFE1A531000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880891439.00007FFE1A536000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880909384.00007FFE1A537000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffe1a520000_obs-ffmpeg-mux.jbxd

Similarity

API ID: Name::operator+
String ID: char $int $long $short $unsigned
API String ID: 2943138195-3894466517
Opcode ID: 1a667bf595c3f0eddcec5e75b1b20bf055c895b242c78c01af1086ecda962d52
Instruction ID: 464fd02f9de96c28ec3d6348bc6dc7c5be75456f395684db0fa49720762a8906
Opcode Fuzzy Hash: 1a667bf595c3f0eddcec5e75b1b20bf055c895b242c78c01af1086ecda962d52
Instruction Fuzzy Hash: 77414C32B1CE56C9E7258FAAE8441BC37A2BB56B64F4481F7CA0C56B68DF389544C710

Function 00007FFDFB8CAD20 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 80stringCOMMON

Download Yara Rule

APIs

strcmp.MSVCRT ref: 00007FFDFB8CAD79

Strings

U, xrefs: 00007FFDFB8CADC0
AMBI, xrefs: 00007FFDFB8CAD2A
R, xrefs: 00007FFDFB8CADD4
S, xrefs: 00007FFDFB8CADC6

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: strcmp
String ID: AMBI$R$S$U
API String ID: 1004003707-1923686996
Opcode ID: 2c03c1ff48f72caf1a01bafe690d171ef4b5263fdc57e4468dab7bf39da5722a
Instruction ID: 5bc7cab341e6fe0bd1e6b8a78b1950acb11c08440f6db8fed2fc7f117ccd3ab0
Opcode Fuzzy Hash: 2c03c1ff48f72caf1a01bafe690d171ef4b5263fdc57e4468dab7bf39da5722a
Instruction Fuzzy Hash: F2219493B2A54355FB218B28B820AB51750AB813AAF889472DF2D065FDEE7CD584C304

Function 00007FFDFB8E1880 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 77COMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 00007FFDFB8E191C

Strings

Assertion %s failed at %s:%d, xrefs: 00007FFDFB8E1951
((dst_linesize) >= 0 ? (dst_linesize) : (-(dst_linesize))) >= bytewidth, xrefs: 00007FFDFB8E1975
src/libavutil/imgutils.c, xrefs: 00007FFDFB8E1936, 00007FFDFB8E1966
((src_linesize) >= 0 ? (src_linesize) : (-(src_linesize))) >= bytewidth, xrefs: 00007FFDFB8E1945

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: memcpy
String ID: ((dst_linesize) >= 0 ? (dst_linesize) : (-(dst_linesize))) >= bytewidth$((src_linesize) >= 0 ? (src_linesize) : (-(src_linesize))) >= bytewidth$Assertion %s failed at %s:%d$src/libavutil/imgutils.c
API String ID: 3510742995-1436408019
Opcode ID: 29eedba0b8a561808ce1373c0d83b9e424659025d8d80de6197fb189af70282f
Instruction ID: fb42e805f1a335d222382592d0e1ef821c126576015cd3fbdaab812dcc875e87
Opcode Fuzzy Hash: 29eedba0b8a561808ce1373c0d83b9e424659025d8d80de6197fb189af70282f
Instruction Fuzzy Hash: D52145A3F0BA5B45FB65AB51BC109EA6645BB887D8F884132DD6C063FDEE3CE141C200

Function 00007FFDFB8ED160 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 65COMMON

Download Yara Rule

Strings

Unable to parse option value "%s" as boolean, xrefs: 00007FFDFB8ED3A8
true,y,yes,enable,enabled,on, xrefs: 00007FFDFB8ED2C8
false,n,no,disable,disabled,off, xrefs: 00007FFDFB8ED326
auto, xrefs: 00007FFDFB8ED169

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID: Unable to parse option value "%s" as boolean$auto$false,n,no,disable,disabled,off$true,y,yes,enable,enabled,on
API String ID: 0-3796170252
Opcode ID: 80dcf72f5eaf96136f939c22b2c5b1b32456b8058e2967939369524f2b68426d
Instruction ID: 7c734030c9e210b5a71a5303dd722196ce0ca76416ec4c0929f906add325c5de
Opcode Fuzzy Hash: 80dcf72f5eaf96136f939c22b2c5b1b32456b8058e2967939369524f2b68426d
Instruction Fuzzy Hash: 10217156F1AA0355FB469B60A830B765241BFC17D8F504671D83E272F9EF3CE48A9304

Function 00007FFDFB8D6860 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 64stringCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 00007FFDFB8D6C25

Part of subcall function 00007FFDFB969860: strlen.MSVCRT ref: 00007FFDFB969878
Part of subcall function 00007FFDFB969860: _errno.MSVCRT ref: 00007FFDFB969897

_errno.MSVCRT ref: 00007FFDFB8D6C93

Strings

ff_tempfile: Cannot allocate file name, xrefs: 00007FFDFB8D6CD6
/tmp/%sXXXXXX, xrefs: 00007FFDFB8D6C49
./%sXXXXXX, xrefs: 00007FFDFB8D6C77
ff_tempfile: Cannot open temporary file %s, xrefs: 00007FFDFB8D6CA2

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _errnostrlen
String ID: ./%sXXXXXX$/tmp/%sXXXXXX$ff_tempfile: Cannot allocate file name$ff_tempfile: Cannot open temporary file %s
API String ID: 860928405-2152079688
Opcode ID: 0f688c71126fc59946a20c54ec96a80db71b419569075c9b5168e78452e7bea4
Instruction ID: 2dbc230ba24428a1b0908e028ce49b711c4d190852c17a53694ef321e063783e
Opcode Fuzzy Hash: 0f688c71126fc59946a20c54ec96a80db71b419569075c9b5168e78452e7bea4
Instruction Fuzzy Hash: 80214F66B2AA4781EB40DB51E8648AA2364EF88794F844533E96D477F9EE3CE404C700

Function 00007FFDFB8E1990 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 61COMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 00007FFDFB8E19F9
abort.MSVCRT ref: 00007FFDFB8E1A3F

Strings

Assertion %s failed at %s:%d, xrefs: 00007FFDFB8E1A2F
((dst_linesize) >= 0 ? (dst_linesize) : (-(dst_linesize))) >= bytewidth, xrefs: 00007FFDFB8E1A53
src/libavutil/imgutils.c, xrefs: 00007FFDFB8E1A14, 00007FFDFB8E1A44
((src_linesize) >= 0 ? (src_linesize) : (-(src_linesize))) >= bytewidth, xrefs: 00007FFDFB8E1A23

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: abortmemcpy
String ID: ((dst_linesize) >= 0 ? (dst_linesize) : (-(dst_linesize))) >= bytewidth$((src_linesize) >= 0 ? (src_linesize) : (-(src_linesize))) >= bytewidth$Assertion %s failed at %s:%d$src/libavutil/imgutils.c
API String ID: 985927305-1436408019
Opcode ID: 57f52b22eac4459bf228b66986decd4f74425c1849e3cd511780a932ceefaf11
Instruction ID: 1c2508fc76d4f357ba078700edfe1a0f70ed29e8cc322287de2ed71aaa4d13f0
Opcode Fuzzy Hash: 57f52b22eac4459bf228b66986decd4f74425c1849e3cd511780a932ceefaf11
Instruction Fuzzy Hash: 9E110A62F2B55341EB75EB94A911DF96A90AF89384F880534DE2C06BF9DE3CE540C700

Function 00007FF7E74D2370 Relevance: 10.6, APIs: 7, Instructions: 55COMMON

Download Yara Rule

APIs

avcodec_free_context.AVCODEC-60 ref: 00007FF7E74D2388
avformat_free_context.AVFORMAT-60 ref: 00007FF7E74D23CC

Part of subcall function 00007FF7E74D2030: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF7E74D23A2), ref: 00007FF7E74D204A
Part of subcall function 00007FF7E74D2030: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF7E74D23A2), ref: 00007FF7E74D2065
Part of subcall function 00007FF7E74D2030: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF7E74D23A2), ref: 00007FF7E74D2080
Part of subcall function 00007FF7E74D2030: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF7E74D23A2), ref: 00007FF7E74D209B
Part of subcall function 00007FF7E74D2030: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF7E74D23A2), ref: 00007FF7E74D20B6

av_free.AVUTIL-58 ref: 00007FF7E74D23B1
avio_context_free.AVFORMAT-60 ref: 00007FF7E74D23BD
avio_close.AVFORMAT-60 ref: 00007FF7E74D23C4
avcodec_free_context.AVCODEC-60 ref: 00007FF7E74D2402
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7E74D2415

Memory Dump Source

Source File: 0000000A.00000002.1869547646.00007FF7E74D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7E74D0000, based on PE: true

Associated: 0000000A.00000002.1869530177.00007FF7E74D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000A.00000002.1869595077.00007FF7E74D5000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000A.00000002.1869613697.00007FF7E74D6000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000A.00000002.1869636249.00007FF7E74D9000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff7e74d0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: strncmp$avcodec_free_context$av_freeavformat_free_contextavio_closeavio_context_freefree
String ID:
API String ID: 1086289117-0
Opcode ID: 5750c0e3cd2fb8260dfd87b4c22098c1e8e3cbc363b4994d39577057d30215b3
Instruction ID: bfa17928c626f19a567b808771fcbf8572be6f8e93f9aa6c399f36f6da50851e
Opcode Fuzzy Hash: 5750c0e3cd2fb8260dfd87b4c22098c1e8e3cbc363b4994d39577057d30215b3
Instruction Fuzzy Hash: 4D217162A04651C2EB91BF25D09037CA3A0FB45F44F565533DF9D47649CF38D45B8322

Function 00007FFDFB97A660 Relevance: 10.6, APIs: 7, Instructions: 52COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFDFB979840: TlsGetValue.KERNEL32 ref: 00007FFDFB97985D

longjmp.MSVCRT ref: 00007FFDFB97A69B
TlsGetValue.KERNEL32 ref: 00007FFDFB97A6A7
CloseHandle.KERNEL32 ref: 00007FFDFB97A6D3
_endthreadex.MSVCRT ref: 00007FFDFB97A6EB
CloseHandle.KERNEL32 ref: 00007FFDFB97A6FD
TlsSetValue.KERNEL32 ref: 00007FFDFB97A71B
CloseHandle.KERNEL32 ref: 00007FFDFB97A72E

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: CloseHandleValue$_endthreadexlongjmp
String ID:
API String ID: 3990644698-0
Opcode ID: 73060f70dbe4c489cd31e19d1776919e8e936670c78b2bffbe7749b2f46d11de
Instruction ID: 4244422c472406c6a8561bb164fa89c68a7f3133310c4073a82b064ed31e4bcc
Opcode Fuzzy Hash: 73060f70dbe4c489cd31e19d1776919e8e936670c78b2bffbe7749b2f46d11de
Instruction Fuzzy Hash: BB213965A0B68386EB949B11E464B7A36A4FF84B04F168075CE2A073E8EF7CA844C700

Function 00007FFDFB8CD810 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 40COMMON

Download Yara Rule

APIs

abort.MSVCRT ref: 00007FFDFB8CD85F

Strings

src/libavutil/crc.c, xrefs: 00007FFDFB8CD834, 00007FFDFB8CD894
av_crc_init(av_crc_table[AV_CRC_32_IEEE_LE], 1, 32, 0xEDB88320, sizeof(av_crc_table[AV_CRC_32_IEEE_LE])) >= 0, xrefs: 00007FFDFB8CD83B
Assertion %s failed at %s:%d, xrefs: 00007FFDFB8CD84B, 00007FFDFB8CD8AB
av_crc_init(av_crc_table[AV_CRC_16_ANSI_LE], 1, 16, 0xA001, sizeof(av_crc_table[AV_CRC_16_ANSI_LE])) >= 0, xrefs: 00007FFDFB8CD89B

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: abort
String ID: Assertion %s failed at %s:%d$av_crc_init(av_crc_table[AV_CRC_16_ANSI_LE], 1, 16, 0xA001, sizeof(av_crc_table[AV_CRC_16_ANSI_LE])) >= 0$av_crc_init(av_crc_table[AV_CRC_32_IEEE_LE], 1, 32, 0xEDB88320, sizeof(av_crc_table[AV_CRC_32_IEEE_LE])) >= 0$src/libavutil/crc.c
API String ID: 4206212132-3869419772
Opcode ID: 96f5f185df5af9d250496bea1b812434c02eec593cc3f23363683570a2ddd386
Instruction ID: 8572e59ca5daf5e9f1af5685ea8cc8ee385aaf88d91dbe963f5b268966b04988
Opcode Fuzzy Hash: 96f5f185df5af9d250496bea1b812434c02eec593cc3f23363683570a2ddd386
Instruction Fuzzy Hash: 39118EA5F1AA0791E704AB60E821AFE2764EF85304FD48136D92D4A6F9DF3DE206C714

Function 00007FFDFB8E8E40 Relevance: 9.1, APIs: 1, Strings: 5, Instructions: 136stringCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 00007FFDFB8E8F33

Strings

%lld:%02d:%02d.%06d, xrefs: 00007FFDFB8E8FE4
%d:%02d.%06d, xrefs: 00007FFDFB8E8EE2
INT64_MAX, xrefs: 00007FFDFB8E901B
INT64_MIN, xrefs: 00007FFDFB8E9056
%d.%06d, xrefs: 00007FFDFB8E907B

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: strlen
String ID: %d.%06d$%d:%02d.%06d$%lld:%02d:%02d.%06d$INT64_MAX$INT64_MIN
API String ID: 39653677-2240581584
Opcode ID: cf4f16006c1c0a862bb4f663b07b40e742fc65853bf7fc4d11485ba963f2ff38
Instruction ID: 8fd66b8ed76a1ab5c9f6b833c3ca8f0396a6abf8e5f40319c0b09695dcd0e13a
Opcode Fuzzy Hash: cf4f16006c1c0a862bb4f663b07b40e742fc65853bf7fc4d11485ba963f2ff38
Instruction Fuzzy Hash: B5410AD1B2A78B45EF7CCBA668256BD55825BC4BC4F848132DE3D5B7EDDE7CA1048200

Function 00007FFE1A541920 Relevance: 9.1, APIs: 6, Instructions: 124COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFE1A545530: _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00007FFE1A541688), ref: 00007FFE1A545552

_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE1A541980
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE1A5419DE
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE1A541A07
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE1A541A1C
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFE1A541A73
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFE1A541A86

Memory Dump Source

Source File: 0000000A.00000002.1880945314.00007FFE1A541000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE1A540000, based on PE: true

Associated: 0000000A.00000002.1880927238.00007FFE1A540000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.1880971811.00007FFE1A548000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.1880989606.00007FFE1A54C000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffe1a540000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _errno$free
String ID:
API String ID: 4247730083-0
Opcode ID: 34b5fe769a158e21acccb4ad1b5a9f683f14a6e55ea9ebd6d8c1efb0b3076924
Instruction ID: f4580743e246de26b8bfb2daf9a29df2f9cca5cfa71ddaa94fa29f7b3f21c5c2
Opcode Fuzzy Hash: 34b5fe769a158e21acccb4ad1b5a9f683f14a6e55ea9ebd6d8c1efb0b3076924
Instruction Fuzzy Hash: 5551E922B1CF1692EA109B23A54017933A4BB56BB4F4441FADB5D436F6FF28E865C780

Function 00007FFE1A5262D0 Relevance: 9.1, APIs: 6, Instructions: 84stringCOMMON

Download Yara Rule

APIs

__unDName.LIBVCRUNTIME ref: 00007FFE1A526326
malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFE1A526369
strcpy_s.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FFE1A526393
InterlockedPushEntrySList.KERNEL32 ref: 00007FFE1A5263B0
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFE1A5263BC
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFE1A5263C5

Memory Dump Source

Source File: 0000000A.00000002.1880848648.00007FFE1A521000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE1A520000, based on PE: true

Associated: 0000000A.00000002.1880831686.00007FFE1A520000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880871127.00007FFE1A531000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880891439.00007FFE1A536000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880909384.00007FFE1A537000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffe1a520000_obs-ffmpeg-mux.jbxd

Similarity

API ID: free$EntryInterlockedListNamePush__unmallocstrcpy_s
String ID:
API String ID: 3741236498-0
Opcode ID: 6447550c70440ae48e9dc09acfbe7fa3055870e3a5d625089a78ddc05dba8847
Instruction ID: e64f3ce8d40430b0a74a3e61f62a04b84196e5c0ba485dde0c2b56cf5fd74f95
Opcode Fuzzy Hash: 6447550c70440ae48e9dc09acfbe7fa3055870e3a5d625089a78ddc05dba8847
Instruction Fuzzy Hash: 1531D222B1DB9180EB118B67A8041B933A1FF5AFE0B5445B7DE2D037A0DE3DD442C310

Function 00007FFE1A543AB0 Relevance: 9.1, APIs: 6, Instructions: 66threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00007FFE1A543B29
GetCurrentProcess.KERNEL32 ref: 00007FFE1A543B35
GetCurrentThread.KERNEL32 ref: 00007FFE1A543B3E
GetCurrentProcess.KERNEL32 ref: 00007FFE1A543B47
DuplicateHandle.KERNEL32 ref: 00007FFE1A543B6C

Memory Dump Source

Source File: 0000000A.00000002.1880945314.00007FFE1A541000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE1A540000, based on PE: true

Associated: 0000000A.00000002.1880927238.00007FFE1A540000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.1880971811.00007FFE1A548000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.1880989606.00007FFE1A54C000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffe1a540000_obs-ffmpeg-mux.jbxd

Similarity

API ID: Current$ProcessThread$DuplicateHandle
String ID:
API String ID: 4285418203-0
Opcode ID: 122369a1c330d7f29e53f35644df85b62e1c336a8a69c3fc79a39b0e983c8277
Instruction ID: 17fda4c5a699605c14db89b7951da20fa6c7adf629c63f54884e80e41cbd95fc
Opcode Fuzzy Hash: 122369a1c330d7f29e53f35644df85b62e1c336a8a69c3fc79a39b0e983c8277
Instruction Fuzzy Hash: F1314531A0CFC186E7219F22A8452BA7760FB56BA4F1441B9DE8D06B75EF3CD185C700

Function 00007FFE1A545C10 Relevance: 9.0, APIs: 6, Instructions: 44COMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32 ref: 00007FFE1A545C22
OpenProcess.KERNEL32 ref: 00007FFE1A545C36
GetLastError.KERNEL32 ref: 00007FFE1A545C41
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE1A545C57
CloseHandle.KERNEL32 ref: 00007FFE1A545C72
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE1A545C7C

Memory Dump Source

Source File: 0000000A.00000002.1880945314.00007FFE1A541000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE1A540000, based on PE: true

Associated: 0000000A.00000002.1880927238.00007FFE1A540000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.1880971811.00007FFE1A548000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.1880989606.00007FFE1A54C000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffe1a540000_obs-ffmpeg-mux.jbxd

Similarity

API ID: Process_errno$CloseCurrentErrorHandleLastOpen
String ID:
API String ID: 3861255796-0
Opcode ID: e8f9237df677979dc71b34d724e04c16cd4c67e5f51f945e8c435fea502eb581
Instruction ID: 358e91004b052c6596f00abbcae94aecf1a1b035fbf5f3470f4a361e4ae37d54
Opcode Fuzzy Hash: e8f9237df677979dc71b34d724e04c16cd4c67e5f51f945e8c435fea502eb581
Instruction Fuzzy Hash: B4015621B1CE0282EB555B7BB4842395191EF8AF74F4551BDDA2D477A5EE3CD8848700

Function 00007FFDFB8C8250 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 196stringCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 00007FFDFB8C828B
strftime.MSVCRT ref: 00007FFDFB8C832A

Strings

[truncated strftime output], xrefs: 00007FFDFB8C840E, 00007FFDFB8C8421, 00007FFDFB8C84F1

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: strftimestrlen
String ID: [truncated strftime output]
API String ID: 1668665056-4273287863
Opcode ID: 48fee134cde3df212bc8b5240acc974637bc91c92b5dcb55f0befaaa1fd8cc70
Instruction ID: 7836559ade3b776687347c0c45532b781f126a0bbcee1e26af87f8d34f6f95ef
Opcode Fuzzy Hash: 48fee134cde3df212bc8b5240acc974637bc91c92b5dcb55f0befaaa1fd8cc70
Instruction Fuzzy Hash: 5471D7F2B6665346DB15CF29D8A893D2391ABC8794F558236DE39833E8DE3CE845C304

Function 00007FFE1A5238A8 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 189COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFE1A526710: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FFE1A52239E), ref: 00007FFE1A52671E

EncodePointer.KERNEL32 ref: 00007FFE1A523918
_CallSETranslator.LIBVCRUNTIME ref: 00007FFE1A523963
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE1A523B91

Strings

RCC, xrefs: 00007FFE1A523934
MOC, xrefs: 00007FFE1A52392C

Memory Dump Source

Source File: 0000000A.00000002.1880848648.00007FFE1A521000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE1A520000, based on PE: true

Associated: 0000000A.00000002.1880831686.00007FFE1A520000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880871127.00007FFE1A531000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880891439.00007FFE1A536000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880909384.00007FFE1A537000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffe1a520000_obs-ffmpeg-mux.jbxd

Similarity

API ID: abort$CallEncodePointerTranslator
String ID: MOC$RCC
API String ID: 2889003569-2084237596
Opcode ID: 63425386b35f735f5eb303e83bfbe55818570f32e5447e3767ff35a3eaf3afb3
Instruction ID: 5f0ca13b2daec687c3767072e54eacb742df6beb78e037cd1e1076de5ef7fbf5
Opcode Fuzzy Hash: 63425386b35f735f5eb303e83bfbe55818570f32e5447e3767ff35a3eaf3afb3
Instruction Fuzzy Hash: D7914E73A08B85CAE710CBA6E4802BD7BA1F745BA8F1441A7EA8D17765DF38D195C700

Function 00007FFDFB8E13C0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 188COMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 00007FFDFB8E15FB
_aligned_free.MSVCRT ref: 00007FFDFB8E1633

Strings

Picture size %ux%u is invalid, xrefs: 00007FFDFB8E1649
Formats with a palette require a minimum alignment of 4, xrefs: 00007FFDFB8E1604

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _aligned_freememset
String ID: Formats with a palette require a minimum alignment of 4$Picture size %ux%u is invalid
API String ID: 4139559148-2772728507
Opcode ID: d2bce35dc7bea88bc8b002da499a7abb22af52d3ac8cced75f3b84996035a56c
Instruction ID: 763a2fde17705e32279c0dde3cde5813f07f5f31653d04afbc70f2336a386c15
Opcode Fuzzy Hash: d2bce35dc7bea88bc8b002da499a7abb22af52d3ac8cced75f3b84996035a56c
Instruction Fuzzy Hash: 19610562B2A68346EB189B95D821B7D6A92BFC57D4F048135DE6E477FCDF3CE4008600

Function 00007FFDFB901850 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 172COMMON

Download Yara Rule

APIs

abort.MSVCRT ref: 00007FFDFB901AF8

Part of subcall function 00007FFDFB97AF60: CreateEventA.KERNEL32 ref: 00007FFDFB97AFE2
Part of subcall function 00007FFDFB97AF60: Sleep.KERNEL32 ref: 00007FFDFB97AFF7

Strings

nb_threads >= 0, xrefs: 00007FFDFB901AD4
j, xrefs: 00007FFDFB901AEB
Assertion %s failed at %s:%d, xrefs: 00007FFDFB901AE4
src/libavutil/slicethread.c, xrefs: 00007FFDFB901ACD

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: CreateEventSleepabort
String ID: Assertion %s failed at %s:%d$j$nb_threads >= 0$src/libavutil/slicethread.c
API String ID: 723382662-4085466978
Opcode ID: 0dd97ee1e1389a45ab9eeccc6ffecfb3266947cce79cf5f2d17546453878bf81
Instruction ID: d098ef66ee80122a5fc67c71903d5847f9fbaaee92ffa245bbb4a58ca2525dca
Opcode Fuzzy Hash: 0dd97ee1e1389a45ab9eeccc6ffecfb3266947cce79cf5f2d17546453878bf81
Instruction Fuzzy Hash: B971B476B0A78385E7249B21E560BAA72E1FF84784F184131EEAD477E9DF3CE4508740

Function 00007FFE1A52BB70 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 167COMMON

Download Yara Rule

APIs

DName::operator+.LIBVCRUNTIME ref: 00007FFE1A52BC50

Part of subcall function 00007FFE1A528C24: DName::operator+.LIBVCRUNTIME ref: 00007FFE1A52913D
Part of subcall function 00007FFE1A528C24: DName::operator+.LIBVCRUNTIME ref: 00007FFE1A529175

Strings

std::nullptr_t , xrefs: 00007FFE1A52BDC5
std::nullptr_t, xrefs: 00007FFE1A52BDF1
volatile , xrefs: 00007FFE1A52BBD3, 00007FFE1A52BD21
volatile, xrefs: 00007FFE1A52BBE2, 00007FFE1A52BD30

Memory Dump Source

Source File: 0000000A.00000002.1880848648.00007FFE1A521000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE1A520000, based on PE: true

Associated: 0000000A.00000002.1880831686.00007FFE1A520000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880871127.00007FFE1A531000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880891439.00007FFE1A536000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880909384.00007FFE1A537000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffe1a520000_obs-ffmpeg-mux.jbxd

Similarity

API ID: Name::operator+
String ID: std::nullptr_t$std::nullptr_t $volatile$volatile
API String ID: 2943138195-757766384
Opcode ID: 8ec89114dc1e92fb087ff84a90b975bd849231731579a14e6ae3ff20f009c8f1
Instruction ID: 091878ae236bf39047c18706084ca6ba34e2a9ca825f8cfebeec7753007b2ccd
Opcode Fuzzy Hash: 8ec89114dc1e92fb087ff84a90b975bd849231731579a14e6ae3ff20f009c8f1
Instruction Fuzzy Hash: 67715C71B0CE46C4EB148FA6D9851BC66A2BF46BA4F4485F7DA4D17AB9DF3CA250C300

Function 00007FFE1A503660 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 166COMMON

Download Yara Rule

APIs

av_get_packed_sample_fmt.AVUTIL-58 ref: 00007FFE1A503693
av_get_packed_sample_fmt.AVUTIL-58 ref: 00007FFE1A50369E
av_get_bytes_per_sample.AVUTIL-58 ref: 00007FFE1A50386F
av_log.AVUTIL-58 ref: 00007FFE1A5038CE

Strings

Requested noise shaping dither not available at this sampling rate, using triangular hp dither, xrefs: 00007FFE1A5038BF

Memory Dump Source

Source File: 0000000A.00000002.1880712702.00007FFE1A4F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE1A4F0000, based on PE: true

Associated: 0000000A.00000002.1880696125.00007FFE1A4F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880739274.00007FFE1A509000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880758605.00007FFE1A512000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880777276.00007FFE1A513000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880794427.00007FFE1A516000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880815026.00007FFE1A517000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffe1a4f0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: av_get_packed_sample_fmt$av_get_bytes_per_sampleav_log
String ID: Requested noise shaping dither not available at this sampling rate, using triangular hp dither
API String ID: 3201340904-3665241142
Opcode ID: 3aabd3796ad4e8e3c28a21a01194fa0efc64d4ec367513780e46d480d1dae623
Instruction ID: 272470db77d9bfedba25331d37f8845a41fc356e6f27e145358213f3ca7a6c25
Opcode Fuzzy Hash: 3aabd3796ad4e8e3c28a21a01194fa0efc64d4ec367513780e46d480d1dae623
Instruction Fuzzy Hash: 2961F835F1CE4549E356CB36861137F6251BF5BFA4F0483F3DA0E662A1EF6CA5858600

Function 00007FFE1A523690 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 145COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFE1A526710: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FFE1A52239E), ref: 00007FFE1A52671E

EncodePointer.KERNEL32 ref: 00007FFE1A5236DC
_CallSETranslator.LIBVCRUNTIME ref: 00007FFE1A52372B
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE1A52389F

Strings

RCC, xrefs: 00007FFE1A5236F9
MOC, xrefs: 00007FFE1A5236F0

Memory Dump Source

Source File: 0000000A.00000002.1880848648.00007FFE1A521000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE1A520000, based on PE: true

Associated: 0000000A.00000002.1880831686.00007FFE1A520000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880871127.00007FFE1A531000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880891439.00007FFE1A536000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880909384.00007FFE1A537000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffe1a520000_obs-ffmpeg-mux.jbxd

Similarity

API ID: abort$CallEncodePointerTranslator
String ID: MOC$RCC
API String ID: 2889003569-2084237596
Opcode ID: bda6881e4fb6ddd96fb50e60b72b5d1eaa618bcc944dda4a5bc0b193bb5b3b27
Instruction ID: 29e48efa95917043053229bd694ea36b29b5f355a09b95108c6552f3137d9f74
Opcode Fuzzy Hash: bda6881e4fb6ddd96fb50e60b72b5d1eaa618bcc944dda4a5bc0b193bb5b3b27
Instruction Fuzzy Hash: 6D615976A09B85CAEB148FA6D0803BD77A2FB45BA8F0441A7EE4917B65CF38E155C700

Function 00007FFE1A503000 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 123COMMON

Download Yara Rule

APIs

_errno.MSVCRT ref: 00007FFE1A5030A0
_errno.MSVCRT ref: 00007FFE1A5030F0

Strings

exp, xrefs: 00007FFE1A5030C6, 00007FFE1A50310B, 00007FFE1A503145

Memory Dump Source

Source File: 0000000A.00000002.1880712702.00007FFE1A4F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE1A4F0000, based on PE: true

Associated: 0000000A.00000002.1880696125.00007FFE1A4F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880739274.00007FFE1A509000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880758605.00007FFE1A512000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880777276.00007FFE1A513000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880794427.00007FFE1A516000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880815026.00007FFE1A517000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffe1a4f0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _errno
String ID: exp
API String ID: 2918714741-113136155
Opcode ID: e892162a4feb91c5f06d0adc05f7b2a5d8b4b961a27d821f26560dc97cede207
Instruction ID: 91f7d25af0b05ee52588ae24f5160a548a9538540f4b4446dcc6edcde36777e3
Opcode Fuzzy Hash: e892162a4feb91c5f06d0adc05f7b2a5d8b4b961a27d821f26560dc97cede207
Instruction Fuzzy Hash: 25512D12E0CE8582E7025B35E91227F6720FF97764F50E3A2EA89305B7FF1DE5948A40

Function 00007FFDFB96D620 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 123COMMON

Download Yara Rule

APIs

_errno.MSVCRT ref: 00007FFDFB96D6C0
_errno.MSVCRT ref: 00007FFDFB96D710

Strings

exp, xrefs: 00007FFDFB96D6E6, 00007FFDFB96D72B, 00007FFDFB96D765

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _errno
String ID: exp
API String ID: 2918714741-113136155
Opcode ID: e90ec1942e2a92b2f1d0ed0121cc3710e2463ace097223b5873384d11cd1195e
Instruction ID: 87876ba138dcc1afdd08fae46bc2e03238421b7544f6f7422257ed2d873e4149
Opcode Fuzzy Hash: e90ec1942e2a92b2f1d0ed0121cc3710e2463ace097223b5873384d11cd1195e
Instruction Fuzzy Hash: AB51FA52F0DA8686E7025B34E82127A7364FF96344F50E321EA9D345EEFF2DE5948A40

Function 00007FFDFB8C9750 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 121COMMON

Download Yara Rule

Strings

pool->alloc || pool->alloc2, xrefs: 00007FFDFB8C98D0
src/libavutil/buffer.c, xrefs: 00007FFDFB8C98C9
Assertion %s failed at %s:%d, xrefs: 00007FFDFB8C98E6

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID: Assertion %s failed at %s:%d$pool->alloc || pool->alloc2$src/libavutil/buffer.c
API String ID: 0-4265094632
Opcode ID: d76ba869af0c935bc261349364afef7ac018e203dbb1c970f62eb4bb728a1136
Instruction ID: b6446ba5bfaa755a7f3a9b701206da3d40b74725f94b9dfcfa158b7f2703f0fc
Opcode Fuzzy Hash: d76ba869af0c935bc261349364afef7ac018e203dbb1c970f62eb4bb728a1136
Instruction Fuzzy Hash: 29518CB2716B8681EB559F11E864BBA37A8FB88B88F544176DE6D073E8DF38D444C340

Function 00007FFDFB8E6510 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 119COMMON

Download Yara Rule

APIs

abort.MSVCRT ref: 00007FFDFB8E66C3

Strings

in_ts != ((int64_t)0x8000000000000000ULL), xrefs: 00007FFDFB8E66A7
duration >= 0, xrefs: 00007FFDFB8E66D7
Assertion %s failed at %s:%d, xrefs: 00007FFDFB8E66B3
src/libavutil/mathematics.c, xrefs: 00007FFDFB8E6698, 00007FFDFB8E66C8

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: abort
String ID: Assertion %s failed at %s:%d$duration >= 0$in_ts != ((int64_t)0x8000000000000000ULL)$src/libavutil/mathematics.c
API String ID: 4206212132-3367517387
Opcode ID: 513caed045a4db0526df902e940f6b02687e0721ee3627fbbd4727eb2fb21fc4
Instruction ID: 49c5d2845a943e1016399199fd08d86698a8ce3e89fbf7c22cb7f5574cb7009d
Opcode Fuzzy Hash: 513caed045a4db0526df902e940f6b02687e0721ee3627fbbd4727eb2fb21fc4
Instruction Fuzzy Hash: A441B42271AB4680EB24CB81FD54AAAA764BB897D4F454036EE9D07BF9DF7CD1418700

Function 00007FFDFB9061E0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 85COMMON

Download Yara Rule

APIs

abort.MSVCRT ref: 00007FFDFB9062C2

Strings

src/libavutil/tx.c, xrefs: 00007FFDFB906297, 00007FFDFB906312
dual_stride <= basis, xrefs: 00007FFDFB906321
!dual_stride || !(dual_stride & (dual_stride - 1)), xrefs: 00007FFDFB9062A6
Assertion %s failed at %s:%d, xrefs: 00007FFDFB9062B2

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: abort
String ID: !dual_stride || !(dual_stride & (dual_stride - 1))$Assertion %s failed at %s:%d$dual_stride <= basis$src/libavutil/tx.c
API String ID: 4206212132-1907613106
Opcode ID: b2d68d41104b27e6dcc2f546f5ee05c62e4ee261660e14a4176fa03e21371bc5
Instruction ID: 9990a19c1faef95be7940b0c632716704901de153855ef613e6e0ec7fab6f323
Opcode Fuzzy Hash: b2d68d41104b27e6dcc2f546f5ee05c62e4ee261660e14a4176fa03e21371bc5
Instruction Fuzzy Hash: 0131AA36B0E68787E3648F64A850FAA76A1FB48394F544135EAAD43BE8DF7CD144CB00

Function 00007FFE1A4FAEC0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 67COMMON

Download Yara Rule

APIs

av_log.AVUTIL-58 ref: 00007FFE1A4FAF42
abort.MSVCRT ref: 00007FFE1A4FAF47

Strings

src/libswresample/swresample.c, xrefs: 00007FFE1A4FAF1C
s->out_sample_rate == s->in_sample_rate, xrefs: 00007FFE1A4FAF23
Assertion %s failed at %s:%d, xrefs: 00007FFE1A4FAF33

Memory Dump Source

Source File: 0000000A.00000002.1880712702.00007FFE1A4F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE1A4F0000, based on PE: true

Associated: 0000000A.00000002.1880696125.00007FFE1A4F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880739274.00007FFE1A509000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880758605.00007FFE1A512000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880777276.00007FFE1A513000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880794427.00007FFE1A516000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880815026.00007FFE1A517000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffe1a4f0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: abortav_log
String ID: Assertion %s failed at %s:%d$s->out_sample_rate == s->in_sample_rate$src/libswresample/swresample.c
API String ID: 208496458-2566888546
Opcode ID: 6f075df65b6eed603a674aefd9f5f2e9a38cef1fcc3b0318237051135531fcf6
Instruction ID: 6d6fd46ad6c53d1adf2419c89914c00051f5a673e2a80be7fde80d5550c24053
Opcode Fuzzy Hash: 6f075df65b6eed603a674aefd9f5f2e9a38cef1fcc3b0318237051135531fcf6
Instruction Fuzzy Hash: 0F218261F0EB4285EA258B2E94443B927A0EF85F29F5452F6D60C4A7F4CF3CE552C610

Function 00007FFDFB8EE750 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 63stringCOMMON

Download Yara Rule

APIs

strcmp.MSVCRT ref: 00007FFDFB8EE792

Strings

ntsc, xrefs: 00007FFDFB8EE76B
none, xrefs: 00007FFDFB8EE755

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: strcmp
String ID: none$ntsc
API String ID: 1004003707-2486863473
Opcode ID: 6b738e6fadc790c156b69ca33ae2bb0c185686464ba8ef256ca71794a6c641fc
Instruction ID: 61147d194290af26c49a060464518ca21cd46bd392aa77cefce97413b57852e4
Opcode Fuzzy Hash: 6b738e6fadc790c156b69ca33ae2bb0c185686464ba8ef256ca71794a6c641fc
Instruction Fuzzy Hash: B5112962F1A25391F7644F69EC50AB66790AB88BE9F484031DE6C4B3FCDE6CE441C340

Function 00007FFDFB979780 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 54threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00007FFDFB9797D6
_ultoa.MSVCRT ref: 00007FFDFB9797E9
OutputDebugStringA.KERNEL32 ref: 00007FFDFB97982D
abort.MSVCRT ref: 00007FFDFB979833

Strings

Error cleaning up spin_keys for thread , xrefs: 00007FFDFB9797BE

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: CurrentDebugOutputStringThread_ultoaabort
String ID: Error cleaning up spin_keys for thread
API String ID: 4191895893-2906507043
Opcode ID: 81378f2af0811eeb7f04898ebd31de8b15f56f487cc7d9f9e4b7e3e7059bb688
Instruction ID: 0908614a1ea35cd465a86ed9b6ed604be43691149ab483d4ba922cd59daddccd
Opcode Fuzzy Hash: 81378f2af0811eeb7f04898ebd31de8b15f56f487cc7d9f9e4b7e3e7059bb688
Instruction Fuzzy Hash: F211E262B0E64391FB604728F424BB92BD1EF46764FA44671DA7C4A7F8DE2CE845C301

Function 00007FFE1A542780 Relevance: 7.7, APIs: 5, Instructions: 200synchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32 ref: 00007FFE1A542829

Memory Dump Source

Source File: 0000000A.00000002.1880945314.00007FFE1A541000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE1A540000, based on PE: true

Associated: 0000000A.00000002.1880927238.00007FFE1A540000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.1880971811.00007FFE1A548000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.1880989606.00007FFE1A54C000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffe1a540000_obs-ffmpeg-mux.jbxd

Similarity

API ID: ObjectSingleWait
String ID:
API String ID: 24740636-0
Opcode ID: 128c7c0c7c4041ad80a73ece8c7e6e0e6db133071bd0854d49eb70ad7e1cdf79
Instruction ID: 53660ace3dde3eb20a534c63f863790842d20515c47f09672ca4f39dc88bb2bc
Opcode Fuzzy Hash: 128c7c0c7c4041ad80a73ece8c7e6e0e6db133071bd0854d49eb70ad7e1cdf79
Instruction Fuzzy Hash: EE915222B0CF5686E7718B27940037E72A0AF86BB4F5542BADE5D862E5FF78E4418740

Function 00007FFDFB9778B0 Relevance: 7.7, APIs: 5, Instructions: 180synchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32 ref: 00007FFDFB977957

Part of subcall function 00007FFDFB978840: WaitForMultipleObjects.KERNEL32 ref: 00007FFDFB9788B4

ResetEvent.KERNEL32 ref: 00007FFDFB977917
WaitForSingleObject.KERNEL32 ref: 00007FFDFB977998

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: Wait$ObjectSingle$EventMultipleObjectsReset
String ID:
API String ID: 654736092-0
Opcode ID: 34fbc9e2f4b500ec35d71564d19f70a292e06c702ea4cefd25497b8e02179aaa
Instruction ID: e7e2a8f6c19987ee95271c281e5e7ef05e38f9565535299870e077f0aee7565a
Opcode Fuzzy Hash: 34fbc9e2f4b500ec35d71564d19f70a292e06c702ea4cefd25497b8e02179aaa
Instruction Fuzzy Hash: 40514921F0B50381FBA55226B962F7B41D1FF80798F790532DD6E822FAED6CE9818201

Function 00007FFDFB978970 Relevance: 7.6, APIs: 5, Instructions: 102threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00007FFDFB9789B0

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: CurrentThread
String ID:
API String ID: 2882836952-0
Opcode ID: 64ab8e10bfe97489d8a8b5c547ce0e4a8904eff289fa1a41a4582324bccb7b1a
Instruction ID: f2714e1f075f4319a83a05b7a482c06c08ceba01cb2e49b829940c4396ca4b2d
Opcode Fuzzy Hash: 64ab8e10bfe97489d8a8b5c547ce0e4a8904eff289fa1a41a4582324bccb7b1a
Instruction Fuzzy Hash: 0A31E833B0611346FB568B16B9A9F7A26D4EF403A0F254535DE2C862E9EE7CDC81C341

Function 00007FFE1A529FA4 Relevance: 7.6, APIs: 5, Instructions: 94COMMON

Download Yara Rule

APIs

DName::DName.LIBVCRUNTIME ref: 00007FFE1A52A01D
DName::operator+.LIBVCRUNTIME ref: 00007FFE1A52A03F
DName::DName.LIBVCRUNTIME ref: 00007FFE1A52A052
DName::DName.LIBVCRUNTIME ref: 00007FFE1A52A089
DName::DName.LIBVCRUNTIME ref: 00007FFE1A52A094

Memory Dump Source

Source File: 0000000A.00000002.1880848648.00007FFE1A521000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE1A520000, based on PE: true

Associated: 0000000A.00000002.1880831686.00007FFE1A520000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880871127.00007FFE1A531000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880891439.00007FFE1A536000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880909384.00007FFE1A537000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffe1a520000_obs-ffmpeg-mux.jbxd

Similarity

API ID: NameName::$Name::operator+
String ID:
API String ID: 826178784-0
Opcode ID: 7682a6ebcb32bf14f43659220100a1b4a5a4a6e3db385e7ce84af32120df353b
Instruction ID: 51dae45fd3e4a8ec7c38475de939305eabf78f72527b453c495ba15e69626027
Opcode Fuzzy Hash: 7682a6ebcb32bf14f43659220100a1b4a5a4a6e3db385e7ce84af32120df353b
Instruction Fuzzy Hash: C2413622B0DE56C8EB10CBA2D8801F937A6BB5AFA0B5440F7DA4D537A5DF38E955C300

Function 00007FFDFB8EA167 Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 72stringCOMMON

Download Yara Rule

APIs

strcmp.MSVCRT ref: 00007FFDFB8E99A4

Strings

false, xrefs: 00007FFDFB8EA180
%-15s , xrefs: 00007FFDFB8E99B0
auto, xrefs: 00007FFDFB8EA16A
true, xrefs: 00007FFDFB8EA179

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: strcmp
String ID: %-15s $auto$false$true
API String ID: 1004003707-1025821387
Opcode ID: fb3527bd10113371e98a9a1ec61775ec9984070070ae132d8b4dc0cee117fe9d
Instruction ID: 5fc0df797176868e49378750614f9ce124320061e80dc369a9a77ea1ab19ee02
Opcode Fuzzy Hash: fb3527bd10113371e98a9a1ec61775ec9984070070ae132d8b4dc0cee117fe9d
Instruction Fuzzy Hash: 7B315B71B2A78396EB689B91E560AFA2361FF80784F440032DA6D47AE9DF7CF450C740

Function 00007FFE1A5039E6 Relevance: 7.6, APIs: 5, Instructions: 57COMMON

Download Yara Rule

APIs

av_channel_layout_subset.AVUTIL-58 ref: 00007FFE1A503A11
av_channel_layout_subset.AVUTIL-58 ref: 00007FFE1A503A2C
av_channel_layout_subset.AVUTIL-58 ref: 00007FFE1A503A47
av_channel_layout_subset.AVUTIL-58 ref: 00007FFE1A503A62
av_channel_layout_subset.AVUTIL-58 ref: 00007FFE1A503A81

Memory Dump Source

Source File: 0000000A.00000002.1880712702.00007FFE1A4F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE1A4F0000, based on PE: true

Associated: 0000000A.00000002.1880696125.00007FFE1A4F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880739274.00007FFE1A509000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880758605.00007FFE1A512000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880777276.00007FFE1A513000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880794427.00007FFE1A516000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880815026.00007FFE1A517000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffe1a4f0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: av_channel_layout_subset
String ID:
API String ID: 2965862492-0
Opcode ID: ffdd762dd7e7d539b56224ab97a8e7a7bb2a5354903c6b430eecf0b001850afc
Instruction ID: 5846351ee5f6b0306eb30b87e75b23fc6c18d1660444d7080fc36070a82fb7c7
Opcode Fuzzy Hash: ffdd762dd7e7d539b56224ab97a8e7a7bb2a5354903c6b430eecf0b001850afc
Instruction Fuzzy Hash: 0F118B44B5FB0280FE555A26425633E12C25F87FB0F5888FACA0E0A3D6EE2CE904C210

Function 00007FFDFB977400 Relevance: 7.6, APIs: 5, Instructions: 57COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 00007FFDFB977418
ReleaseSemaphore.KERNEL32 ref: 00007FFDFB977446
LeaveCriticalSection.KERNEL32 ref: 00007FFDFB977453
LeaveCriticalSection.KERNEL32 ref: 00007FFDFB977473
LeaveCriticalSection.KERNEL32 ref: 00007FFDFB977498

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: CriticalSection$Leave$EnterReleaseSemaphore
String ID:
API String ID: 2813224205-0
Opcode ID: f1a7a2740e80d1d3259fae1787131c9bb634157a3b26bf56fc66d50a79331669
Instruction ID: 021b29ba4a2d4bed8407c5c7b2d74f39bd7c1ac55e551d8076b5da1b3f17f2ee
Opcode Fuzzy Hash: f1a7a2740e80d1d3259fae1787131c9bb634157a3b26bf56fc66d50a79331669
Instruction Fuzzy Hash: 4D01F963F0611742E7458B277CA5A75A281BF997A6F948976CD2D427E4DD3CD8C28300

Function 00007FFE1A545BA0 Relevance: 7.5, APIs: 5, Instructions: 31COMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32 ref: 00007FFE1A545BAC
OpenProcess.KERNEL32 ref: 00007FFE1A545BC0
GetLastError.KERNEL32 ref: 00007FFE1A545BCB
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE1A545BE1
CloseHandle.KERNEL32 ref: 00007FFE1A545BF7

Memory Dump Source

Source File: 0000000A.00000002.1880945314.00007FFE1A541000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE1A540000, based on PE: true

Associated: 0000000A.00000002.1880927238.00007FFE1A540000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.1880971811.00007FFE1A548000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.1880989606.00007FFE1A54C000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffe1a540000_obs-ffmpeg-mux.jbxd

Similarity

API ID: Process$CloseCurrentErrorHandleLastOpen_errno
String ID:
API String ID: 202612177-0
Opcode ID: 59d5a97e427603bb888d026b8b2610f650cbaf0f5f7bb9ca25a91e49a38cba3c
Instruction ID: dead99281fa9b6d0fa0af43d34ae81b72817db5151e18952330261f7270ec2ea
Opcode Fuzzy Hash: 59d5a97e427603bb888d026b8b2610f650cbaf0f5f7bb9ca25a91e49a38cba3c
Instruction Fuzzy Hash: A9F05E61B1DA0242FB295BB3A4943342190AF4AF35F4440FECA2E867A0FE2C68858310

Function 00007FFDFB8D4910 Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 306stringCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 00007FFDFB8D494B
_aligned_free.MSVCRT ref: 00007FFDFB8D4E0E

Strings

Invalid chars '%s' at the end of expression '%s', xrefs: 00007FFDFB8D4A7D
d, xrefs: 00007FFDFB8D49CB

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _aligned_freestrlen
String ID: Invalid chars '%s' at the end of expression '%s'$d
API String ID: 1887580107-3215087449
Opcode ID: 5a1976bc1fae1619cc5837e51ad9f9ceb58bf78b7d192d9c0debe48df1a25819
Instruction ID: 1651ec12c8e2c22abe374865c745da6a0b87b6a34963d41342b528a3d4c814e6
Opcode Fuzzy Hash: 5a1976bc1fae1619cc5837e51ad9f9ceb58bf78b7d192d9c0debe48df1a25819
Instruction Fuzzy Hash: 13E12C2672AA4781DB10EB16E4A0AAA6770FFC9B90F140132EB9D477FADF39D441C740

Function 00007FFE1A4F3C60 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 204COMMON

Download Yara Rule

APIs

abort.MSVCRT ref: 00007FFE1A4F3EFB

Strings

ctx->channels == out->ch_count, xrefs: 00007FFE1A4F3ED7
Assertion %s failed at %s:%d, xrefs: 00007FFE1A4F3EE7
src/libswresample/audioconvert.c, xrefs: 00007FFE1A4F3ED0

Memory Dump Source

Source File: 0000000A.00000002.1880712702.00007FFE1A4F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE1A4F0000, based on PE: true

Associated: 0000000A.00000002.1880696125.00007FFE1A4F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880739274.00007FFE1A509000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880758605.00007FFE1A512000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880777276.00007FFE1A513000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880794427.00007FFE1A516000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880815026.00007FFE1A517000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffe1a4f0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: abort
String ID: Assertion %s failed at %s:%d$ctx->channels == out->ch_count$src/libswresample/audioconvert.c
API String ID: 4206212132-1145592257
Opcode ID: 866e3859ebfbb8229919b961fbf36017d54387b83d359a5ec9b00af1929c4d7d
Instruction ID: b756c5bb4a4253a454f44f99d52ac0cef583bee1be247e0a57d60110a0ffaf24
Opcode Fuzzy Hash: 866e3859ebfbb8229919b961fbf36017d54387b83d359a5ec9b00af1929c4d7d
Instruction Fuzzy Hash: 2F611332B19A4682EA64CB0BD044BBA7351FF54FA6F05A1B6CE2D077A4EE3CF4508700

Function 00007FFE1A4FAFA0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 193COMMON

Download Yara Rule

Strings

compensating audio timestamp drift:%f compensation:%d in:%d, xrefs: 00007FFE1A4FB181
Failed to compensate for timestamp delta of %f, xrefs: 00007FFE1A4FB250

Memory Dump Source

Source File: 0000000A.00000002.1880712702.00007FFE1A4F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE1A4F0000, based on PE: true

Associated: 0000000A.00000002.1880696125.00007FFE1A4F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880739274.00007FFE1A509000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880758605.00007FFE1A512000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880777276.00007FFE1A513000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880794427.00007FFE1A516000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880815026.00007FFE1A517000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffe1a4f0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID: Failed to compensate for timestamp delta of %f$compensating audio timestamp drift:%f compensation:%d in:%d
API String ID: 0-3137371971
Opcode ID: 9453577323ccaac385d38161161e3fdd902f05c07b8afe89a999298048375f23
Instruction ID: 919c7c0880b2ea3fcbf511ac17879938124332db89d5b9757ca204d3a3bf1069
Opcode Fuzzy Hash: 9453577323ccaac385d38161161e3fdd902f05c07b8afe89a999298048375f23
Instruction Fuzzy Hash: EE711A22F18F9A89E6128F3B95053B95264AF57FD5F0DD3B3DD0D263A4DF38A9528200

Function 00007FFE1A524044 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 163COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFE1A526710: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FFE1A52239E), ref: 00007FFE1A52671E

abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE1A5241C3

Strings

csm, xrefs: 00007FFE1A524093
, xrefs: 00007FFE1A524114
csm, xrefs: 00007FFE1A5241FD

Memory Dump Source

Source File: 0000000A.00000002.1880848648.00007FFE1A521000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE1A520000, based on PE: true

Associated: 0000000A.00000002.1880831686.00007FFE1A520000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880871127.00007FFE1A531000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880891439.00007FFE1A536000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880909384.00007FFE1A537000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffe1a520000_obs-ffmpeg-mux.jbxd

Similarity

API ID: abort
String ID: $csm$csm
API String ID: 4206212132-1512788406
Opcode ID: a1e41bd14f4dc8a012b9b6851bae8dba3a2639313cd67671a1d4b299b7556132
Instruction ID: 86577e43a63b351a4afc586beed9ffc01bc5ca9040e8859c12bbba9fb76ff9df
Opcode Fuzzy Hash: a1e41bd14f4dc8a012b9b6851bae8dba3a2639313cd67671a1d4b299b7556132
Instruction Fuzzy Hash: D971923660CA91C6D7648BA2D4407B97FB2FB46FA4F0481B7EF4D07AA6CB28D491C741

Function 00007FFDFB9015C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 122COMMON

Download Yara Rule

APIs

abort.MSVCRT ref: 00007FFDFB901747

Strings

Assertion %s failed at %s:%d, xrefs: 00007FFDFB901733
nb_jobs > 0, xrefs: 00007FFDFB901723
src/libavutil/slicethread.c, xrefs: 00007FFDFB90171C

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: abort
String ID: Assertion %s failed at %s:%d$nb_jobs > 0$src/libavutil/slicethread.c
API String ID: 4206212132-1031856425
Opcode ID: 6ee0518d565bae88eeec7544e1c0ff8f03f36ef7bb88ca07a7aea4a2878acd5c
Instruction ID: 8166d3d74a71c78f03f907fc5b2e77c1a91fd629cf3880120828cfe648381d13
Opcode Fuzzy Hash: 6ee0518d565bae88eeec7544e1c0ff8f03f36ef7bb88ca07a7aea4a2878acd5c
Instruction Fuzzy Hash: 4741C637B0660286EB24CF26E850A6A77A1FB84B98F5C8135DE5D036A8DF3DE442C740

Function 00007FFDFB8C5FB0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 98stringCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 00007FFDFB8C5FC9
strspn.MSVCRT ref: 00007FFDFB8C6030
strspn.MSVCRT ref: 00007FFDFB8C60B6

Strings

, xrefs: 00007FFDFB8C5FEA, 00007FFDFB8C60A3

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: strspn$strlen
String ID:
API String ID: 697951671-596783616
Opcode ID: c2f3e75c8f79a9c271b989593eea45416c26161b9ab45691b9c7843e23effee5
Instruction ID: 6529ce789c8628fb1e252f4d57388c30d4f2e7d5bca6b04864f93f30f0174d3b
Opcode Fuzzy Hash: c2f3e75c8f79a9c271b989593eea45416c26161b9ab45691b9c7843e23effee5
Instruction Fuzzy Hash: 433173D1B1E29350EF964B115E20A795AA25F85BC8F488472DE7D6B2EECE2DE4428301

Function 00007FFDFB8E8990 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 94stringCOMMON

Download Yara Rule

APIs

strtol.MSVCRT ref: 00007FFDFB8E8A4A

Strings

Unable to parse option value "%s" as %s, xrefs: 00007FFDFB8E8A79
Value %d for parameter '%s' out of %s format range [%d - %d], xrefs: 00007FFDFB8E8ADA
none, xrefs: 00007FFDFB8E89B2

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: strtol
String ID: Unable to parse option value "%s" as %s$Value %d for parameter '%s' out of %s format range [%d - %d]$none
API String ID: 76114499-2908652078
Opcode ID: 3dc9da589c42dd02856a593b1258d03a0b292f87372d4db75a7a8f83acead3ae
Instruction ID: 6e5815f02fa47af6ec48967329570fc7c82d9e15c9a911f379666e0bff55015b
Opcode Fuzzy Hash: 3dc9da589c42dd02856a593b1258d03a0b292f87372d4db75a7a8f83acead3ae
Instruction Fuzzy Hash: BF310962B1EA8345E7658B71A820AAE6251ABC17E8F144331ED7D536FCDF3CD4408701

Function 00007FFE1A52A714 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 74COMMON

Download Yara Rule

APIs

DName::DName.LIBVCRUNTIME ref: 00007FFE1A52A778

Strings

%lf, xrefs: 00007FFE1A52A7BE

Memory Dump Source

Source File: 0000000A.00000002.1880848648.00007FFE1A521000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE1A520000, based on PE: true

Associated: 0000000A.00000002.1880831686.00007FFE1A520000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880871127.00007FFE1A531000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880891439.00007FFE1A536000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880909384.00007FFE1A537000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffe1a520000_obs-ffmpeg-mux.jbxd

Similarity

API ID: NameName::
String ID: %lf
API String ID: 1333004437-2891890143
Opcode ID: f37b8968dc856f8c22d72c120ca4476383f363961e161f929d9d255907aecf6d
Instruction ID: 97e20e806bd1a4f9f482ba13a666b34c9380a6245b2b6523d7ca5ef4bed5ebc0
Opcode Fuzzy Hash: f37b8968dc856f8c22d72c120ca4476383f363961e161f929d9d255907aecf6d
Instruction Fuzzy Hash: 63318222B0CE85C5EA20CB66B85027A6361FB86F94F5481F7EA9D47665CF3CD505C740

Function 00007FF7E74D2990 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 36COMMON

Download Yara Rule

APIs

avformat_new_stream.AVFORMAT-60(?,?,?,00007FF7E74D12F1), ref: 00007FF7E74D29AD
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,00007FF7E74D12F1), ref: 00007FF7E74D29C0
fprintf.MSPDB140-MSVCRT ref: 00007FF7E74D29D3

Part of subcall function 00007FF7E74D2320: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,00007FF7E74D29D8,?,?,?,00007FF7E74D12F1), ref: 00007FF7E74D2357

Strings

Couldn't create stream for encoder '%s', xrefs: 00007FF7E74D29C9

Memory Dump Source

Source File: 0000000A.00000002.1869547646.00007FF7E74D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7E74D0000, based on PE: true

Associated: 0000000A.00000002.1869530177.00007FF7E74D0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000A.00000002.1869595077.00007FF7E74D5000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000A.00000002.1869613697.00007FF7E74D6000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000A.00000002.1869636249.00007FF7E74D9000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff7e74d0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: __acrt_iob_func__stdio_common_vfprintfavformat_new_streamfprintf
String ID: Couldn't create stream for encoder '%s'
API String ID: 306180413-3485626053
Opcode ID: 97d36ac62344db8522675eb32487dc47749b1acbad2880230df25e82e6eb689d
Instruction ID: ece4914b2c24cc790d342dbc8a37a0030216aba821a60662737a14b162e78678
Opcode Fuzzy Hash: 97d36ac62344db8522675eb32487dc47749b1acbad2880230df25e82e6eb689d
Instruction Fuzzy Hash: 31F06272B19B8181EA84DB16F491169B760FB8DBD0B89D036EF5D03719DE3CD556CB00

Function 00007FFDFB8DD880 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 31stringCOMMON

Download Yara Rule

APIs

strtol.MSVCRT ref: 00007FFDFB8DD8AF

Strings

Using CUDA primary device context, xrefs: 00007FFDFB8DD8E0
primary_ctx, xrefs: 00007FFDFB8DD889
Disabling use of CUDA primary device context, xrefs: 00007FFDFB8DD8B8

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: strtol
String ID: Disabling use of CUDA primary device context$Using CUDA primary device context$primary_ctx
API String ID: 76114499-1919470267
Opcode ID: 3c091e27e2dbc98c8e65e12db3f15324b02cb9e40d48561a3b36329f0690444e
Instruction ID: 9b8da95a43497ce93ab342f2b3affbbed700549d974a281c76f505daeacdf91b
Opcode Fuzzy Hash: 3c091e27e2dbc98c8e65e12db3f15324b02cb9e40d48561a3b36329f0690444e
Instruction Fuzzy Hash: 60F03655F2A60350FB54A76AA831FB913405FC9791FD06932DC2D4A7F9DD2CE445C340

Function 00007FFE1A522400 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 28COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFE1A526710: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FFE1A52239E), ref: 00007FFE1A52671E

terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE1A52243E

Strings

RCC, xrefs: 00007FFE1A522410
csm, xrefs: 00007FFE1A522420
MOC, xrefs: 00007FFE1A522418

Memory Dump Source

Source File: 0000000A.00000002.1880848648.00007FFE1A521000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE1A520000, based on PE: true

Associated: 0000000A.00000002.1880831686.00007FFE1A520000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880871127.00007FFE1A531000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880891439.00007FFE1A536000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880909384.00007FFE1A537000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffe1a520000_obs-ffmpeg-mux.jbxd

Similarity

API ID: abortterminate
String ID: MOC$RCC$csm
API String ID: 661698970-2671469338
Opcode ID: b838753ef247b2fc749e3877e0128dea9035de62b0ba29f15289213c97603889
Instruction ID: 6c9b61b40c19ec7c5ae3a23bcc49e1935a54955d17067e92f9ba712d929e5c32
Opcode Fuzzy Hash: b838753ef247b2fc749e3877e0128dea9035de62b0ba29f15289213c97603889
Instruction Fuzzy Hash: C7F03C3AA1CA86C1EB505FA2A18107D3676FB89FA0F0950F3D74906662CF7CD4A0C651

Function 00007FFDFB8C9960 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 27COMMON

Download Yara Rule

APIs

abort.MSVCRT ref: 00007FFDFB8C99A4

Strings

buf, xrefs: 00007FFDFB8C9980
src/libavutil/buffer.c, xrefs: 00007FFDFB8C9979
Assertion %s failed at %s:%d, xrefs: 00007FFDFB8C9990

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: abort
String ID: Assertion %s failed at %s:%d$buf$src/libavutil/buffer.c
API String ID: 4206212132-2693306993
Opcode ID: 6a1729c8ae82779914f64dfb9c10cf82327e2bfa5a8fbcb130779104fee64848
Instruction ID: ce5e8dd60dc07fab81b4cb6a57a6db8e6471ebce604fddf0f2945c4274fda336
Opcode Fuzzy Hash: 6a1729c8ae82779914f64dfb9c10cf82327e2bfa5a8fbcb130779104fee64848
Instruction Fuzzy Hash: 8BE06DA1B1AB4780EF149F65E8208E927A0EF88744FD48036DA6C033F8DF3CE105C604

Function 00007FFDFB8E7500 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 14COMMON

Download Yara Rule

APIs

abort.MSVCRT ref: 00007FFDFB8E752F

Strings

src/libavutil/mem.c, xrefs: 00007FFDFB8E7504
Assertion %s failed at %s:%d, xrefs: 00007FFDFB8E7516
val || !min_size, xrefs: 00007FFDFB8E750F

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: abort
String ID: Assertion %s failed at %s:%d$src/libavutil/mem.c$val || !min_size
API String ID: 4206212132-3343232236
Opcode ID: 9f2d832eee8a386a6791954090d46eb0d2479cb7aefd3148675639f8814a35ca
Instruction ID: 6a4e9dcc6333d0ccb5fc1177ef05a1bb4784895f44139c2dfb74a3db51d45a26
Opcode Fuzzy Hash: 9f2d832eee8a386a6791954090d46eb0d2479cb7aefd3148675639f8814a35ca
Instruction Fuzzy Hash: CEE04661A0BB4381EB18AF50A824AF937A4FB89308F954236D46E16AB8CF3CE1058744

Function 00007FFDFB8D55A0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 12COMMON

Download Yara Rule

APIs

abort.MSVCRT ref: 00007FFDFB8D55CF

Strings

Assertion %s failed at %s:%d, xrefs: 00007FFDFB8D55B6
cur_size >= size, xrefs: 00007FFDFB8D55AF
src/libavutil/fifo.c, xrefs: 00007FFDFB8D55A4

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: abort
String ID: Assertion %s failed at %s:%d$cur_size >= size$src/libavutil/fifo.c
API String ID: 4206212132-2007657860
Opcode ID: 88a5e5efd281f7ab3c7b4b2a72e72c85cd5da5ff7f8b021ecd333fd393f9dcb8
Instruction ID: 267e952129f9b6ee796a93447c8e16edd027dc1900928e28282d812eb37238d8
Opcode Fuzzy Hash: 88a5e5efd281f7ab3c7b4b2a72e72c85cd5da5ff7f8b021ecd333fd393f9dcb8
Instruction Fuzzy Hash: 5DD0E272B1AE4794E715EF60A831AE967A1EB89304FD08536D56D022B9CF3CE209C604

Function 00007FFE1A529CC0 Relevance: 6.2, APIs: 4, Instructions: 193COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFE1A52C3C8: DName::operator+.LIBVCRUNTIME ref: 00007FFE1A52C459
Part of subcall function 00007FFE1A52C3C8: DName::operator+.LIBVCRUNTIME ref: 00007FFE1A52C492
Part of subcall function 00007FFE1A52C3C8: DName::operator+.LIBVCRUNTIME ref: 00007FFE1A52C7BB

DName::operator+.LIBVCRUNTIME ref: 00007FFE1A529E19
DName::operator+.LIBVCRUNTIME ref: 00007FFE1A529E78
DName::operator+.LIBVCRUNTIME ref: 00007FFE1A529EAA
DName::operator+.LIBVCRUNTIME ref: 00007FFE1A529EBA

Memory Dump Source

Source File: 0000000A.00000002.1880848648.00007FFE1A521000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE1A520000, based on PE: true

Associated: 0000000A.00000002.1880831686.00007FFE1A520000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880871127.00007FFE1A531000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880891439.00007FFE1A536000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880909384.00007FFE1A537000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffe1a520000_obs-ffmpeg-mux.jbxd

Similarity

API ID: Name::operator+
String ID:
API String ID: 2943138195-0
Opcode ID: f50f9f5b0f4c072e52125a456639a7d4e2bd829a5a5137cb56b4f6bb80237050
Instruction ID: 0d18410716d5f0e493f7eeae526e1288950ba66d058a97b3b3bbf19dbbac5bb5
Opcode Fuzzy Hash: f50f9f5b0f4c072e52125a456639a7d4e2bd829a5a5137cb56b4f6bb80237050
Instruction Fuzzy Hash: 21914922F0CA96C9F7118BA2D8403BC2BB2BB46BA4F5440F7DA4D577A5DF78A845C350

Function 00007FFE1A52A44C Relevance: 6.1, APIs: 4, Instructions: 134COMMON

Download Yara Rule

APIs

DName::DName.LIBVCRUNTIME ref: 00007FFE1A52A4F1
DName::operator+.LIBVCRUNTIME ref: 00007FFE1A52A501
DName::operator+.LIBVCRUNTIME ref: 00007FFE1A52A51E
DName::operator+.LIBVCRUNTIME ref: 00007FFE1A52A553

Memory Dump Source

Source File: 0000000A.00000002.1880848648.00007FFE1A521000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE1A520000, based on PE: true

Associated: 0000000A.00000002.1880831686.00007FFE1A520000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880871127.00007FFE1A531000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880891439.00007FFE1A536000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880909384.00007FFE1A537000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffe1a520000_obs-ffmpeg-mux.jbxd

Similarity

API ID: Name::operator+$NameName::
String ID:
API String ID: 168861036-0
Opcode ID: fdc850366a52cc8509fdc883a27d076c67a20e363f2b2ed3a2a440fa302089d7
Instruction ID: 9d6bfd9ee1b5691ca247e3d6e0e086f65cdea2892ce8a1fb7047e3b9835909bd
Opcode Fuzzy Hash: fdc850366a52cc8509fdc883a27d076c67a20e363f2b2ed3a2a440fa302089d7
Instruction Fuzzy Hash: FC513A72F1CE5689EB11CBA2E8403BD37A2BB96B64F5440F3DA0E476A5DF39A441C740

Function 00007FFE1A543BE0 Relevance: 6.1, APIs: 4, Instructions: 126synchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32 ref: 00007FFE1A543C3E
ResetEvent.KERNEL32 ref: 00007FFE1A543C8E
WaitForSingleObject.KERNEL32 ref: 00007FFE1A543D0F

Memory Dump Source

Source File: 0000000A.00000002.1880945314.00007FFE1A541000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE1A540000, based on PE: true

Associated: 0000000A.00000002.1880927238.00007FFE1A540000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.1880971811.00007FFE1A548000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.1880989606.00007FFE1A54C000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffe1a540000_obs-ffmpeg-mux.jbxd

Similarity

API ID: ObjectSingleWait$EventReset
String ID:
API String ID: 466820088-0
Opcode ID: 23d1a419ce0311e38330c9e7fff77312c1ba9e2a20c5924deb88d3609af00be2
Instruction ID: e01b9c2fc7e47c062d20ddc4cbfe664420563e8b2ed226077e24b72690913a75
Opcode Fuzzy Hash: 23d1a419ce0311e38330c9e7fff77312c1ba9e2a20c5924deb88d3609af00be2
Instruction Fuzzy Hash: 64414232B1CE4182EB55DF22E4402B97761EF85FA4F4840BADB4D476AAEF38D445DB40

Function 00007FFE1A4F1010 Relevance: 6.1, APIs: 4, Instructions: 124sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32 ref: 00007FFE1A4F105D
_amsg_exit.MSVCRT ref: 00007FFE1A4F1086

Memory Dump Source

Source File: 0000000A.00000002.1880712702.00007FFE1A4F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE1A4F0000, based on PE: true

Associated: 0000000A.00000002.1880696125.00007FFE1A4F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880739274.00007FFE1A509000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880758605.00007FFE1A512000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880777276.00007FFE1A513000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880794427.00007FFE1A516000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880815026.00007FFE1A517000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffe1a4f0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: Sleep_amsg_exit
String ID:
API String ID: 1015461914-0
Opcode ID: b553eb0038be5d07e6e415a4f5416fb2498995f0916b4543aad5407793640784
Instruction ID: b6334e03f5a24a1ec5049b449bc5c019537b05ab1755a508d205448730cd4471
Opcode Fuzzy Hash: b553eb0038be5d07e6e415a4f5416fb2498995f0916b4543aad5407793640784
Instruction Fuzzy Hash: 24414C22B0DA4285F6524B1FEA503B922A5AB8AFB1F4450F7CE0C473B5DE2DE8918300

Function 00007FFDFB8C1010 Relevance: 6.1, APIs: 4, Instructions: 124sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32 ref: 00007FFDFB8C105D
_amsg_exit.MSVCRT ref: 00007FFDFB8C1086

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: Sleep_amsg_exit
String ID:
API String ID: 1015461914-0
Opcode ID: 3224bf86eb5cef696b33d2aba6a83138660028b8981cd15249a10f7ce29e597b
Instruction ID: b438eb01c644cc03dcc6961d4fc2eda778038a51badd02beea6b8ef6967916f2
Opcode Fuzzy Hash: 3224bf86eb5cef696b33d2aba6a83138660028b8981cd15249a10f7ce29e597b
Instruction Fuzzy Hash: 48414AB2B1B54385F752AB16ECA1A7926A5AF84B90F545433DD3C473F9DE3CE9818300

Function 00007FFDFB8C66B0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 104stringCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 00007FFDFB8C66D8
strchr.MSVCRT ref: 00007FFDFB8C670F
strlen.MSVCRT ref: 00007FFDFB8C67FB

Strings

ALL, xrefs: 00007FFDFB8C66F8

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: strlen$strchr
String ID: ALL
API String ID: 3013107155-2914988887
Opcode ID: fcefe4586e90ed2a4975fb323870bf9105dc7dc9ba43fdb0f7cef785815bcb23
Instruction ID: 98e8e5c4d9c6b768d6389cbd7a984e2da3fda18f20e50ee997f4f9e738359f7a
Opcode Fuzzy Hash: fcefe4586e90ed2a4975fb323870bf9105dc7dc9ba43fdb0f7cef785815bcb23
Instruction Fuzzy Hash: 9831D6D6B2B16780FF66CB316E24F7909D21B85780F684932CD2917AEDDE6C98868300

Function 00007FFE1A541CF0 Relevance: 6.1, APIs: 4, Instructions: 102threadCOMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFE1A541D5C
_beginthreadex.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE1A541DDB
ResumeThread.KERNEL32 ref: 00007FFE1A541E0A

Part of subcall function 00007FFE1A5456D0: CloseHandle.KERNEL32 ref: 00007FFE1A545775
Part of subcall function 00007FFE1A5456D0: CloseHandle.KERNEL32 ref: 00007FFE1A545785

free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFE1A541E42

Memory Dump Source

Source File: 0000000A.00000002.1880945314.00007FFE1A541000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE1A540000, based on PE: true

Associated: 0000000A.00000002.1880927238.00007FFE1A540000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.1880971811.00007FFE1A548000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.1880989606.00007FFE1A54C000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffe1a540000_obs-ffmpeg-mux.jbxd

Similarity

API ID: CloseHandle$ResumeThread_beginthreadexfreemalloc
String ID:
API String ID: 1141387253-0
Opcode ID: 66f779a04675420d10c3e0e1a40261c3780ffcd5451449fc6e1faf9f36e06287
Instruction ID: cb1baf749ba0d49463cf62051b021121d6629d0575ce8f39cbc0fff0237fd9ff
Opcode Fuzzy Hash: 66f779a04675420d10c3e0e1a40261c3780ffcd5451449fc6e1faf9f36e06287
Instruction Fuzzy Hash: 6C41B432B0CF8186E7618F12A4002BA77A0FB95B64F5451BAEE8D07760EF38D551C740

Function 00007FFE1A541AE0 Relevance: 6.1, APIs: 4, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1880945314.00007FFE1A541000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE1A540000, based on PE: true

Associated: 0000000A.00000002.1880927238.00007FFE1A540000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.1880971811.00007FFE1A548000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.1880989606.00007FFE1A54C000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffe1a540000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a5ed3023e85355d8c7d662a5ea9ebd51d1dc57e461f8a813a7e81e918f6af5b3
Instruction ID: 1d9a75257c7bd92be71547b6db250c58561fc531083ec078b11f199cd80110cb
Opcode Fuzzy Hash: a5ed3023e85355d8c7d662a5ea9ebd51d1dc57e461f8a813a7e81e918f6af5b3
Instruction Fuzzy Hash: 9B413772B0CF0282EA159B22A84013933A1BF86F64B5984FADA4D477A5FF3CE855C600

Function 00007FFE1A541790 Relevance: 6.1, APIs: 4, Instructions: 96threadsynchronizationinjectionCOMMON

Download Yara Rule

APIs

SuspendThread.KERNEL32 ref: 00007FFE1A541845
WaitForSingleObject.KERNEL32 ref: 00007FFE1A541850
ResumeThread.KERNEL32 ref: 00007FFE1A54188E

Memory Dump Source

Source File: 0000000A.00000002.1880945314.00007FFE1A541000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE1A540000, based on PE: true

Associated: 0000000A.00000002.1880927238.00007FFE1A540000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.1880971811.00007FFE1A548000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.1880989606.00007FFE1A54C000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffe1a540000_obs-ffmpeg-mux.jbxd

Similarity

API ID: Thread$ObjectResumeSingleSuspendWait
String ID:
API String ID: 879609812-0
Opcode ID: e0952a9e7b9d2dd58eff9cf88d52fd7236f715f562f819b9b31cf785f32f6f21
Instruction ID: 0547fc4c226998a7ca2916a1ad65a3f4fa34e055f58d935751c171dee83c4983
Opcode Fuzzy Hash: e0952a9e7b9d2dd58eff9cf88d52fd7236f715f562f819b9b31cf785f32f6f21
Instruction Fuzzy Hash: 21417132B0CA8592E7218B26D0403B973B1FB95F68F5440B6DB4D476A6EF3CE985CB40

Function 00007FFDFB976900 Relevance: 6.1, APIs: 4, Instructions: 92COMMON

Download Yara Rule

APIs

IsDBCSLeadByteEx.KERNEL32 ref: 00007FFDFB97695A
MultiByteToWideChar.KERNEL32 ref: 00007FFDFB97699A

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: Byte$CharLeadMultiWide
String ID:
API String ID: 2561704868-0
Opcode ID: 1a996603528365f6f637cd234a293156ba757802906f7287cb03bbb997d6b298
Instruction ID: 1aebfb71f347ebd747abc5d97085a4e97103277f714e48d063ff2343fe9d92fa
Opcode Fuzzy Hash: 1a996603528365f6f637cd234a293156ba757802906f7287cb03bbb997d6b298
Instruction Fuzzy Hash: 9831A5B2B0D28286EB608F24B820B6D76D0FB95794F648135DAB8477EDDF3DD5848B00

Function 00007FFE1A52C87C Relevance: 6.1, APIs: 4, Instructions: 85COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFE1A52C3C8: DName::operator+.LIBVCRUNTIME ref: 00007FFE1A52C459
Part of subcall function 00007FFE1A52C3C8: DName::operator+.LIBVCRUNTIME ref: 00007FFE1A52C492
Part of subcall function 00007FFE1A52C3C8: DName::operator+.LIBVCRUNTIME ref: 00007FFE1A52C7BB

DName::operator+.LIBVCRUNTIME ref: 00007FFE1A52C8F7
DName::operator+.LIBVCRUNTIME ref: 00007FFE1A52C906
DName::operator+.LIBVCRUNTIME ref: 00007FFE1A52C982
DName::operator+.LIBVCRUNTIME ref: 00007FFE1A52C991

Memory Dump Source

Source File: 0000000A.00000002.1880848648.00007FFE1A521000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE1A520000, based on PE: true

Associated: 0000000A.00000002.1880831686.00007FFE1A520000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880871127.00007FFE1A531000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880891439.00007FFE1A536000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880909384.00007FFE1A537000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffe1a520000_obs-ffmpeg-mux.jbxd

Similarity

API ID: Name::operator+
String ID:
API String ID: 2943138195-0
Opcode ID: 010c9cc7b649f2daabbc83b7255f351f4a32df461fe661a6f710ba75eaae01a6
Instruction ID: f88377882646e83e3aad436ae60234deaba76799816dbdbbe92bb2de32abe4a6
Opcode Fuzzy Hash: 010c9cc7b649f2daabbc83b7255f351f4a32df461fe661a6f710ba75eaae01a6
Instruction Fuzzy Hash: 6C416772A08F85C9E701CFA5E8413BC37A0BB86B68F5480A6DA4D5776ADF789441C310

Function 00007FFDFB97BF60 Relevance: 6.1, APIs: 4, Instructions: 84timeCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32 ref: 00007FFDFB97BF93
GetSystemTimeAsFileTime.KERNEL32 ref: 00007FFDFB97BFF9
_errno.MSVCRT ref: 00007FFDFB97C056
_errno.MSVCRT ref: 00007FFDFB97C083

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: Time$FileSystem_errno
String ID:
API String ID: 3586254970-0
Opcode ID: 49a1365162b2beb6e2a3ccfb8f5b0d34ed3bda1431d8c2c1350c42e5770df44f
Instruction ID: b33c9f5868c442ef30d866c77ff7962bcf8cab3ccdcf5633926ead741ddebcf1
Opcode Fuzzy Hash: 49a1365162b2beb6e2a3ccfb8f5b0d34ed3bda1431d8c2c1350c42e5770df44f
Instruction Fuzzy Hash: 5D31A272B0A64B86EF549B25EA1057963E1EB95B94F288231DD2D47BF8EE3CE4018240

Function 00007FFE1A542670 Relevance: 6.1, APIs: 4, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1880945314.00007FFE1A541000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE1A540000, based on PE: true

Associated: 0000000A.00000002.1880927238.00007FFE1A540000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.1880971811.00007FFE1A548000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.1880989606.00007FFE1A54C000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffe1a540000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 199528771ef270659c4c603ab843dedc8cd56cbcb61e71196821b80f414cc4d2
Instruction ID: 91e79bc74a201c23cb3988afbe7e036717f8ed9af1738e7f6fbee04086070714
Opcode Fuzzy Hash: 199528771ef270659c4c603ab843dedc8cd56cbcb61e71196821b80f414cc4d2
Instruction Fuzzy Hash: 86313A76B09F6186EB698F16E44023C77A4EB49FA4B5980BADB4C43764EF38E850C740

Function 00007FFDFB97B1F0 Relevance: 6.1, APIs: 4, Instructions: 69synchronizationCOMMON

Download Yara Rule

APIs

GetHandleInformation.KERNEL32 ref: 00007FFDFB97B221

Part of subcall function 00007FFDFB979840: TlsGetValue.KERNEL32 ref: 00007FFDFB97985D

WaitForSingleObject.KERNEL32 ref: 00007FFDFB97B27E
CloseHandle.KERNEL32(?,?,?,-00000028,?,00007FFDFB9017F6), ref: 00007FFDFB97B290
CloseHandle.KERNEL32(?,?,?,-00000028,?,00007FFDFB9017F6), ref: 00007FFDFB97B29C

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: Handle$Close$InformationObjectSingleValueWait
String ID:
API String ID: 3336430066-0
Opcode ID: 549c524895db14aa5244f77738d71316e65da89358fac4c80a16bd5f07bf5018
Instruction ID: 124a010cb6d788af860097c34e3ee9a13ebca341393aea424f765e2dc538aa17
Opcode Fuzzy Hash: 549c524895db14aa5244f77738d71316e65da89358fac4c80a16bd5f07bf5018
Instruction Fuzzy Hash: 06212A26B0B60341FB519B61E478FBE63D4EF54BA0F680231DE3D462E8DE28D842C304

Function 00007FFDFB8E81C0 Relevance: 6.1, APIs: 4, Instructions: 69COMMON

Download Yara Rule

APIs

_aligned_free.MSVCRT ref: 00007FFDFB8E822F
_aligned_malloc.MSVCRT ref: 00007FFDFB8E8249
memset.MSVCRT ref: 00007FFDFB8E825C

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _aligned_free_aligned_mallocmemset
String ID:
API String ID: 881591362-0
Opcode ID: cb9fa4dfdc566d95d76ac6a2519e6b12bbd1fac9c9e4a918d491552342bc60f3
Instruction ID: 2e5e6690de4ac29756b56bd0750391a75656d3db708c933ad84e9a40bc250357
Opcode Fuzzy Hash: cb9fa4dfdc566d95d76ac6a2519e6b12bbd1fac9c9e4a918d491552342bc60f3
Instruction Fuzzy Hash: C3217FA2B1AB4385FB555F95F92077C73E1AB84BD4F448130CA6C177E8EE7C94858300

Function 00007FFDFB8F2150 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 69stringCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 00007FFDFB8F2184

Part of subcall function 00007FFDFB8C5DA0: strlen.MSVCRT ref: 00007FFDFB8C5DF3

strlen.MSVCRT ref: 00007FFDFB8F21AC
strcmp.MSVCRT ref: 00007FFDFB8F21FC

Part of subcall function 00007FFDFB8C66B0: strlen.MSVCRT ref: 00007FFDFB8C66D8
Part of subcall function 00007FFDFB8C66B0: strchr.MSVCRT ref: 00007FFDFB8C670F

Strings

yuv420p, xrefs: 00007FFDFB8F21DA

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: strlen$strchrstrcmp
String ID: yuv420p
API String ID: 3490844034-503634524
Opcode ID: 633ea0c1e1550fd14e7121fbcdf51e94ec169c277e73b1c36fc1efad037321a4
Instruction ID: cd26b9c8f0c60f1c2ef6d84fef149e9281134e12ccaa790515c45a83da17b05a
Opcode Fuzzy Hash: 633ea0c1e1550fd14e7121fbcdf51e94ec169c277e73b1c36fc1efad037321a4
Instruction Fuzzy Hash: 5921E751F2E1C301FF25AB20A431AB99A906F81B84F444235DA3D066FDDD6CE995C311

Function 00007FFE1A545E70 Relevance: 6.1, APIs: 4, Instructions: 61COMMON

Download Yara Rule

APIs

_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00007FFE1A541B64,?,?,?,?,?,00000002,00000000,00007FFE1A544983), ref: 00007FFE1A545F1E

Memory Dump Source

Source File: 0000000A.00000002.1880945314.00007FFE1A541000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE1A540000, based on PE: true

Associated: 0000000A.00000002.1880927238.00007FFE1A540000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.1880971811.00007FFE1A548000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.1880989606.00007FFE1A54C000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffe1a540000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _errno
String ID:
API String ID: 2918714741-0
Opcode ID: 96d3de31802f6f9abf018a6055aabe2c4eb702216a45d5bc26d38f291c6951f2
Instruction ID: 392cc00125d1e77c9b18482e779e7fd6e09709249c317092fe8e71deda148ddb
Opcode Fuzzy Hash: 96d3de31802f6f9abf018a6055aabe2c4eb702216a45d5bc26d38f291c6951f2
Instruction Fuzzy Hash: 64215E32B1CF4282F764DB22A44013A76A1AB85BA4F5445BAEB5D43BA4FF38EC15C700

Function 00007FFDFB8D05F0 Relevance: 6.1, APIs: 4, Instructions: 57COMMON

Download Yara Rule

APIs

_aligned_free.MSVCRT ref: 00007FFDFB8D0678
_aligned_free.MSVCRT ref: 00007FFDFB8D0682
_aligned_free.MSVCRT ref: 00007FFDFB8D068C
_aligned_free.MSVCRT ref: 00007FFDFB8D0697

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _aligned_free
String ID:
API String ID: 2229574080-0
Opcode ID: d8a117b9735c8cceecb487bba0c084549c0ddfc89fe5e4f491a561c101f37a0f
Instruction ID: f5485675b7458937fc6eae1088a833bb312a450a8fcc9c1f745283b509ca373f
Opcode Fuzzy Hash: d8a117b9735c8cceecb487bba0c084549c0ddfc89fe5e4f491a561c101f37a0f
Instruction Fuzzy Hash: C111E726F2770342EB5AA749E879E6A119AEFCC790F400635DE1D073E6DE389C40C384

Function 00007FFE1A5458A0 Relevance: 6.1, APIs: 4, Instructions: 55COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFE1A5458C5

Part of subcall function 00007FFE1A543E30: TlsSetValue.KERNEL32 ref: 00007FFE1A543F19

_endthreadex.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE1A545929
_endthreadex.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE1A54594E

Memory Dump Source

Source File: 0000000A.00000002.1880945314.00007FFE1A541000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE1A540000, based on PE: true

Associated: 0000000A.00000002.1880927238.00007FFE1A540000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.1880971811.00007FFE1A548000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.1880989606.00007FFE1A54C000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffe1a540000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _endthreadex$Valuefree
String ID:
API String ID: 1763976194-0
Opcode ID: ad5126445cb35a49f1ec9a11fd8a50259baa29f677a2b30741e53d48839e9ca9
Instruction ID: 1a9ea0f0b8d5280160501a1f7f10529c3d84216db825880996a9bbfb6a75d5bc
Opcode Fuzzy Hash: ad5126445cb35a49f1ec9a11fd8a50259baa29f677a2b30741e53d48839e9ca9
Instruction Fuzzy Hash: A4212172708E0182DB109F29E49017D6760E789F75B24117ADA6E477B5EF3DD895C700

Function 00007FFE1A545CF0 Relevance: 6.1, APIs: 4, Instructions: 52sleepCOMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(?,?,?,00007FFE1A541BA8,?,?,?,?,?,00000002,00000000,00007FFE1A544983), ref: 00007FFE1A545D3C

Part of subcall function 00007FFE1A542F10: SetEvent.KERNEL32(?,?,?,?,?,?,?,?,00000018,00007FFE1A5425B8), ref: 00007FFE1A542FFF

_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00007FFE1A541BA8,?,?,?,?,?,00000002,00000000,00007FFE1A544983), ref: 00007FFE1A545D54
Sleep.KERNEL32(?,?,?,00007FFE1A541BA8,?,?,?,?,?,00000002,00000000,00007FFE1A544983), ref: 00007FFE1A545D92
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFE1A541BA8,?,?,?,?,?,00000002,00000000,00007FFE1A544983), ref: 00007FFE1A545DA9

Memory Dump Source

Source File: 0000000A.00000002.1880945314.00007FFE1A541000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE1A540000, based on PE: true

Associated: 0000000A.00000002.1880927238.00007FFE1A540000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.1880971811.00007FFE1A548000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.1880989606.00007FFE1A54C000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffe1a540000_obs-ffmpeg-mux.jbxd

Similarity

API ID: CloseEventHandleSleep_errnofree
String ID:
API String ID: 1909294951-0
Opcode ID: fb46983425866d5872816068a530570fbf95f67e655fb18db1a897369a563da2
Instruction ID: 3bef3adf3213e7844fc28f0f703f349e1c0a2019fdc7e6ffb33ef566e2def6fe
Opcode Fuzzy Hash: fb46983425866d5872816068a530570fbf95f67e655fb18db1a897369a563da2
Instruction Fuzzy Hash: 8A114F2170CE5382EA249F23E44427E6260EF46F64F9444FADA5E46AB5EF3CE945C740

Function 00007FFE1A524710 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 116COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFE1A526710: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FFE1A52239E), ref: 00007FFE1A52671E

_CreateFrameInfo.LIBVCRUNTIME ref: 00007FFE1A5247E6
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE1A524844

Strings

csm, xrefs: 00007FFE1A5248EA

Memory Dump Source

Source File: 0000000A.00000002.1880848648.00007FFE1A521000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE1A520000, based on PE: true

Associated: 0000000A.00000002.1880831686.00007FFE1A520000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880871127.00007FFE1A531000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880891439.00007FFE1A536000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880909384.00007FFE1A537000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffe1a520000_obs-ffmpeg-mux.jbxd

Similarity

API ID: abort$CreateFrameInfo
String ID: csm
API String ID: 2697087660-1018135373
Opcode ID: f6943bea1c78c8542bb5a279c29cdd6a6ec40214996e776607272464948ef889
Instruction ID: 0c0a57cd4882c80cc97185911098a9c452a4fa8752e79d79c56e5f85769aa219
Opcode Fuzzy Hash: f6943bea1c78c8542bb5a279c29cdd6a6ec40214996e776607272464948ef889
Instruction Fuzzy Hash: AD51197661CB81C6D6209B56A04027E77B6FB8AFA0F1405B7DB8D07B66CF38E461CB00

Function 00007FFE1A529BAC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 68COMMON

Download Yara Rule

APIs

DName::operator+.LIBVCRUNTIME ref: 00007FFE1A529CAA

Strings

void, xrefs: 00007FFE1A529C0C
void , xrefs: 00007FFE1A529C34

Memory Dump Source

Source File: 0000000A.00000002.1880848648.00007FFE1A521000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE1A520000, based on PE: true

Associated: 0000000A.00000002.1880831686.00007FFE1A520000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880871127.00007FFE1A531000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880891439.00007FFE1A536000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880909384.00007FFE1A537000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffe1a520000_obs-ffmpeg-mux.jbxd

Similarity

API ID: Name::operator+
String ID: void$void
API String ID: 2943138195-3746155364
Opcode ID: ff67bb32e799e4a453516f5f2b265aba841f0c9d9f12838b8a28f15594d75a10
Instruction ID: 34076ebcd83ada1703b2892f2d7f77867f532adeab1ef965b22af1125e5c300f
Opcode Fuzzy Hash: ff67bb32e799e4a453516f5f2b265aba841f0c9d9f12838b8a28f15594d75a10
Instruction Fuzzy Hash: 83311562F18E55C8FB008BA2E8810FC37B1BB89B98B4405B7DA4D63B69DF389144C750

Function 00007FFE1A502EC0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON

Download Yara Rule

APIs

_errno.MSVCRT ref: 00007FFE1A502F3C

Strings

cos, xrefs: 00007FFE1A502F4A, 00007FFE1A502F9C

Memory Dump Source

Source File: 0000000A.00000002.1880712702.00007FFE1A4F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE1A4F0000, based on PE: true

Associated: 0000000A.00000002.1880696125.00007FFE1A4F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880739274.00007FFE1A509000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880758605.00007FFE1A512000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880777276.00007FFE1A513000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880794427.00007FFE1A516000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880815026.00007FFE1A517000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffe1a4f0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _errno
String ID: cos
API String ID: 2918714741-2662988677
Opcode ID: 3dedc7b003d8cb5d8982c9379cb08930f2b1518781c78ce34f340fed2c860ab8
Instruction ID: 355aaeee42c24679f89b9dced5fafcb78b39770a24c479f14b8907b2d2a0d297
Opcode Fuzzy Hash: 3dedc7b003d8cb5d8982c9379cb08930f2b1518781c78ce34f340fed2c860ab8
Instruction Fuzzy Hash: B2212822E1CE8682EB014B35A54217F6310FFD2764F1492B6FA89115AADF2DE0D48A04

Function 00007FFDFB96D8E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON

Download Yara Rule

APIs

_errno.MSVCRT ref: 00007FFDFB96D960
_errno.MSVCRT ref: 00007FFDFB96D9C0

Strings

log, xrefs: 00007FFDFB96D97C, 00007FFDFB96D9DC

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _errno
String ID: log
API String ID: 2918714741-2403297477
Opcode ID: fa12abfb3e14b30e677fb45da5cfe9a9bbeb6b1c1569a3c707cd0e3862981db9
Instruction ID: f1b229419998d3c3a1e82917d704ea4c3fc4d3825d0f2b7ea890ffc2d615a775
Opcode Fuzzy Hash: fa12abfb3e14b30e677fb45da5cfe9a9bbeb6b1c1569a3c707cd0e3862981db9
Instruction Fuzzy Hash: E7210562F1EA4786E7019F24A82077B6765FFD6344F20A334E9AD155FEDF2DE0808600

Function 00007FFDFB96E120 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON

Download Yara Rule

APIs

_errno.MSVCRT ref: 00007FFDFB96E19C

Strings

sin, xrefs: 00007FFDFB96E1AA, 00007FFDFB96E1FC

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _errno
String ID: sin
API String ID: 2918714741-3083047850
Opcode ID: 1712686245d460706722795bac48a202a04de283def8482a719af71ef36c7ef1
Instruction ID: 2beb50c34da5ea6f8f2137e9490b50885a8724ed94cd1c5609fa7a0fb4da5c53
Opcode Fuzzy Hash: 1712686245d460706722795bac48a202a04de283def8482a719af71ef36c7ef1
Instruction Fuzzy Hash: 3F210462F0EB8682EB025B35A81027B6761FFD6304F14A334FAA9155EDDF2DE1D08700

Function 00007FFDFB96D4E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON

Download Yara Rule

APIs

_errno.MSVCRT ref: 00007FFDFB96D55C

Strings

cos, xrefs: 00007FFDFB96D56A, 00007FFDFB96D5BC

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _errno
String ID: cos
API String ID: 2918714741-2662988677
Opcode ID: 903857df638d29162f1127ec14efd8d82056fcd9a594b0710213474096d9e04a
Instruction ID: c9cca8ef105a41da0922817a855bbff181edcb0bb652cbc99b194f265d835a52
Opcode Fuzzy Hash: 903857df638d29162f1127ec14efd8d82056fcd9a594b0710213474096d9e04a
Instruction Fuzzy Hash: 0C21F562F1EB8642FB025B34A45027B6765FFD2304F24A335FAA9155EDDF2DE0D08604

Function 00007FFDFB8CFFF0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 59stringCOMMON

Download Yara Rule

APIs

strftime.MSVCRT ref: 00007FFDFB8D0061

Strings

.%06dZ, xrefs: 00007FFDFB8D0092
%Y-%m-%dT%H:%M:%S, xrefs: 00007FFDFB8D0057

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: strftime
String ID: %Y-%m-%dT%H:%M:%S$.%06dZ
API String ID: 1100141660-930656424
Opcode ID: 6197a247b2b8d8ceb3bdce396f44f74d54b797a4093b4ad4865344da7c3ecd53
Instruction ID: 9f3686e24f2cd32c43c0e06510463409571149cbbf5a6a433074ee3f5b02d139
Opcode Fuzzy Hash: 6197a247b2b8d8ceb3bdce396f44f74d54b797a4093b4ad4865344da7c3ecd53
Instruction Fuzzy Hash: 4311E59271AA4324EB518B167D30DE65651AB89BF4F889332ED3D5BBE9DE3CE0418240

Function 00007FFE1A52604F Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFE1A5263F0: RtlPcToFileHeader.KERNEL32 ref: 00007FFE1A526434
Part of subcall function 00007FFE1A5263F0: RaiseException.KERNEL32 ref: 00007FFE1A52647A

RtlPcToFileHeader.KERNEL32 ref: 00007FFE1A5260BF

Strings

Access violation - no RTTI data!, xrefs: 00007FFE1A52604F
Bad dynamic_cast!, xrefs: 00007FFE1A526072

Memory Dump Source

Source File: 0000000A.00000002.1880848648.00007FFE1A521000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE1A520000, based on PE: true

Associated: 0000000A.00000002.1880831686.00007FFE1A520000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880871127.00007FFE1A531000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880891439.00007FFE1A536000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880909384.00007FFE1A537000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffe1a520000_obs-ffmpeg-mux.jbxd

Similarity

API ID: FileHeader$ExceptionRaise
String ID: Access violation - no RTTI data!$Bad dynamic_cast!
API String ID: 3685223789-3176238549
Opcode ID: d06b4d24d7aa4607bffac334420f89fbd77c373aef9fdd9199db5b082a62258c
Instruction ID: c9bc0d6e99fbf6a3fcb6c95b60c8e19185ac833101bffcf5ea95e8d1926a3201
Opcode Fuzzy Hash: d06b4d24d7aa4607bffac334420f89fbd77c373aef9fdd9199db5b082a62258c
Instruction Fuzzy Hash: 9F012965B2DE46D1EE409BA6E4501B86362FF91FA4F4054F3E60E06AB6EE6CD504C710

Function 00007FFE1A503940 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON

Download Yara Rule

APIs

av_channel_layout_describe.AVUTIL-58 ref: 00007FFE1A503999
av_log.AVUTIL-58 ref: 00007FFE1A5039B0

Strings

Treating %s as mono, xrefs: 00007FFE1A5039A9

Memory Dump Source

Source File: 0000000A.00000002.1880712702.00007FFE1A4F1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE1A4F0000, based on PE: true

Associated: 0000000A.00000002.1880696125.00007FFE1A4F0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880739274.00007FFE1A509000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880758605.00007FFE1A512000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880777276.00007FFE1A513000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880794427.00007FFE1A516000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000A.00000002.1880815026.00007FFE1A517000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffe1a4f0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: av_channel_layout_describeav_log
String ID: Treating %s as mono
API String ID: 2946648090-2429896034
Opcode ID: 25249c404e77cebffcfa5134640f119eef46f531f346a7abaed1bc42c180491e
Instruction ID: 65662f568197fd7b54e093e3491acede126232ef8027de747704011d05403085
Opcode Fuzzy Hash: 25249c404e77cebffcfa5134640f119eef46f531f346a7abaed1bc42c180491e
Instruction Fuzzy Hash: E101866271DB4540E651DA03B91977F5144B747BE8F8580B6DE885B391ED7DD149C300

Function 00007FFDFB8E7870 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41COMMON

Download Yara Rule

APIs

_aligned_malloc.MSVCRT ref: 00007FFDFB8E7898

Strings

Microsoft Primitive Provider, xrefs: 00007FFDFB8E7872

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _aligned_malloc
String ID: Microsoft Primitive Provider
API String ID: 175129771-4132848957
Opcode ID: 61d24a781ba67f0d1d7f4682cf0f95fd41d5d8f035c987dadc3b785e5cf7c726
Instruction ID: bb08837aeb1ae5942f7f969bde5822aa58106fa8f42bbf3cafe7419b0be45712
Opcode Fuzzy Hash: 61d24a781ba67f0d1d7f4682cf0f95fd41d5d8f035c987dadc3b785e5cf7c726
Instruction Fuzzy Hash: 46F06D45F2B52700FE9A93C36821EB041915FA8BD4F484435DE2C5B7E9EC3CA881C308

Function 00007FFDFB8CDDB0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 20COMMON

Download Yara Rule

APIs

abort.MSVCRT ref: 00007FFDFB8CDEE3

Strings

src/libavutil/crc.c, xrefs: 00007FFDFB8CDEB8
Assertion %s failed at %s:%d, xrefs: 00007FFDFB8CDECF

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: abort
String ID: Assertion %s failed at %s:%d$src/libavutil/crc.c
API String ID: 4206212132-3600904276
Opcode ID: bba2b5a7149953d7c06390e03a8456bfcd7d5d25b4af83ad1be5f4adfa0ba47c
Instruction ID: d47c5799c8c81f700379cdf7ef6db139e7d4eb274000a17434281a88766757ca
Opcode Fuzzy Hash: bba2b5a7149953d7c06390e03a8456bfcd7d5d25b4af83ad1be5f4adfa0ba47c
Instruction Fuzzy Hash: 5CE0E5B5B0AA0791EB049F50E4616FD63A1FF48300F848136D62C063F9CF3CE2058700

Function 00007FFDFB977F10 Relevance: 5.1, APIs: 4, Instructions: 84COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 00007FFDFB977F57
LeaveCriticalSection.KERNEL32 ref: 00007FFDFB977F81

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID:
API String ID: 3168844106-0
Opcode ID: dbaf99fa4423a1f3adf368dfeb11cd1e5322a0253855be351de1d8e7fc337a2b
Instruction ID: ed0496ef84a2ab8e9bd0947232e03b1d4f0dfc6ab3f721754034e9e809dd83c7
Opcode Fuzzy Hash: dbaf99fa4423a1f3adf368dfeb11cd1e5322a0253855be351de1d8e7fc337a2b
Instruction Fuzzy Hash: C9314D72B1564386E7848F31A460B7A77D0FB40B6CF688236DD394A2E8DB7CD845C750

Function 00007FFDFB977DD0 Relevance: 5.1, APIs: 4, Instructions: 81COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 00007FFDFB977E17
LeaveCriticalSection.KERNEL32 ref: 00007FFDFB977E3E

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID:
API String ID: 3168844106-0
Opcode ID: 3daa023327df31125aad0ab46ab992fec0b38e9f634fe2131313756e927dbfc2
Instruction ID: 757082f6c4dcf1e9bd8a4b4559ec2089051881271c1ebba3f020f1eff0cf6264
Opcode Fuzzy Hash: 3daa023327df31125aad0ab46ab992fec0b38e9f634fe2131313756e927dbfc2
Instruction Fuzzy Hash: 4B314EB2B092038AEB55CF35E410A6937E1FB44B58F688635CD294A7ECDA3CD845CB51

Function 00007FFE1A52672C Relevance: 5.1, APIs: 4, Instructions: 53COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,00007FFE1A5265B9,?,?,?,?,00007FFE1A52FB22,?,?,?,?,?), ref: 00007FFE1A52674B
SetLastError.KERNEL32(?,?,?,00007FFE1A5265B9,?,?,?,?,00007FFE1A52FB22,?,?,?,?,?), ref: 00007FFE1A5267D4

Memory Dump Source

Source File: 0000000A.00000002.1880848648.00007FFE1A521000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE1A520000, based on PE: true

Associated: 0000000A.00000002.1880831686.00007FFE1A520000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880871127.00007FFE1A531000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880891439.00007FFE1A536000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.1880909384.00007FFE1A537000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffe1a520000_obs-ffmpeg-mux.jbxd

Similarity

API ID: ErrorLast
String ID:
API String ID: 1452528299-0
Opcode ID: c7aaac8a80d8b30c274ca3e3b7c59e83a4e0092024cc1b5b0b7c72c8c7be0031
Instruction ID: d017b552be5c6387988a1c75ae1c445d33822b93306c04ded77cae4b1b22bc72
Opcode Fuzzy Hash: c7aaac8a80d8b30c274ca3e3b7c59e83a4e0092024cc1b5b0b7c72c8c7be0031
Instruction Fuzzy Hash: 2011F124F0DA52C2FA549763A94413522A3EF86FB0F1846F7D96E07BF5DF2CA8418720

Function 00007FFDFB977B90 Relevance: 5.1, APIs: 4, Instructions: 52COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,?,?,00007FFDFB977EA7,?,?,?,?,?,?,?,?,00007FFDFB901502), ref: 00007FFDFB977BB6
LeaveCriticalSection.KERNEL32(?,?,00007FFDFB977EA7,?,?,?,?,?,?,?,?,00007FFDFB901502), ref: 00007FFDFB977BDB
EnterCriticalSection.KERNEL32(?,?,00007FFDFB977EA7,?,?,?,?,?,?,?,?,00007FFDFB901502), ref: 00007FFDFB977C0C
LeaveCriticalSection.KERNEL32(?,?,00007FFDFB977EA7,?,?,?,?,?,?,?,?,00007FFDFB901502), ref: 00007FFDFB977C16

Memory Dump Source

Source File: 0000000A.00000002.1880439396.00007FFDFB8C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFDFB8C0000, based on PE: true

Associated: 0000000A.00000002.1880421120.00007FFDFB8C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880522107.00007FFDFB985000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880541411.00007FFDFB986000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880603471.00007FFDFBAC3000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880623054.00007FFDFBAC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBAC9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880643418.00007FFDFBACC000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.1880679113.00007FFDFBACD000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID:
API String ID: 3168844106-0
Opcode ID: 3a1490edba09e3a7becc86b2e09e5672a663190b4e9fac5deeb906d35fe4d6c1
Instruction ID: edc214e8990bb334c75c00d7fe8a81155ddfa0060d5d69b23d7bb1095eb95170
Opcode Fuzzy Hash: 3a1490edba09e3a7becc86b2e09e5672a663190b4e9fac5deeb906d35fe4d6c1
Instruction Fuzzy Hash: 5B01DF22B0A65699E625AB33BC50E3A6790BB88FD9F995431DD2E073A4CD3CE4418300

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may move onto systems, possibly those on disconnected or air-gapped networks, by copying malware to removable media and taking advantage of Autorun features when the media is inserted into a system and executes. In the case of Lateral Movement, this may occur through modification of executable files stored on removable media or by copying malware and renaming it to look like a legitimate file to trick users into executing it on a separate system. In the case of Initial Access, this may occur through manual manipulation of the media, modification of systems used to initially format the media, or modification to the media's firmware itself.
Tactics:	Initial Access, Lateral Movement
Data Sources:	Drive: Drive Creation, File: File Access, File: File Creation, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may create or modify Windows services to repeatedly execute malicious payloads as part of persistence. When Windows boots up, it starts programs or applications called services that perform background system functions.Windows service configuration information, including the file path to the service's executable or recovery programs/commands, is stored in the Windows Registry.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Driver: Driver Load, File: File Metadata, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Creation, Service: Service Creation, Service: Service Modification, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata, File: File Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to gather information about attached peripheral devices and components connected to a computer system.Peripheral devices could include auxiliary resources that support a variety of functionalities such as keyboards, printers, cameras, smart card readers, or removable storage. The information may be used to enhance their awareness of the system and network environment or may be used for further actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report setup.msi

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

PCAP (Network Traffic)

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Config.Msi\6403f3.rbs

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0p2nwqev.3bl.ps1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vacd1dsv.mvj.psm1

C:\Users\user\AppData\Local\Temp\msi3486.txt

C:\Users\user\AppData\Local\Temp\pss3499.ps1

C:\Users\user\AppData\Local\Temp\scr3497.ps1

C:\Users\user\AppData\Roaming\Microsoft\Installer\{BA2FC2FA-8AD1-483C-BAA6-EAEE13985C74}\icon_24.exe

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\BCUninstaller.exe

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\UnRar.exe

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-console-l1-1-0.dll

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-console-l1-2-0.dll

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-datetime-l1-1-0.dll

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-debug-l1-1-0.dll

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-errorhandling-l1-1-0.dll

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-file-l1-1-0.dll

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-file-l1-2-0.dll

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-file-l2-1-0.dll

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-handle-l1-1-0.dll

Windows Analysis Report
setup.msi

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre