Edit tour

Windows Analysis Report
setup.msi

Overview

General Information

Sample name:	setup.msi
Analysis ID:	1585365
MD5:	58861a9449b6b97f78908fcf2f2dd966
SHA1:	e449e7d4b7d13349435606bb4a4010c873a4f03b
SHA256:	6a9af7cc73f45bb3161289d467d2a1f9eab0b404feb892cbbc606118cf1e359f
Tags:	junewiener-comLegionLoadermsiRobotDropperuser-aachum
Infos:

Detection

Score:	68
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Suricata IDS alerts for network traffic

AI detected suspicious sample

Bypasses PowerShell execution policy

Potentially malicious time measurement code found

Sigma detected: Script Interpreter Execution From Suspicious Folder

Sigma detected: Suspicious Script Execution From Temp Folder

Binary contains a suspicious time stamp

Checks for available system drives (often done to infect USB drives)

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to dynamically determine API calls

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Deletes files inside the Windows folder

Detected potential crypto function

Drops PE files

Drops PE files to the windows directory (C:\Windows)

Enables debug privileges

Extensive use of GetProcAddress (often used to hide API calls)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found inlined nop instructions (likely shell or obfuscated code)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

Launches processes in debugging mode, may be used to hinder debugging

May sleep (evasive loops) to hinder dynamic analysis

PE file contains more sections than normal

PE file contains sections with non-standard names

PE file does not import any functions

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Sigma detected: Change PowerShell Policies to an Insecure Level

Sigma detected: Msiexec Initiated Connection

Sigma detected: Suspicious MsiExec Embedding Parent

Uses code obfuscation techniques (call, push, ret)

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Yara detected AdvancedInstaller

Classification

Process Tree

System is w10x64

msiexec.exe (PID: 5832 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\setup.msi" MD5: E5DA170027542E25EDE42FC54C929077)

msiexec.exe (PID: 4796 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)

msiexec.exe (PID: 3724 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 069AFA2E2F0926607807BC15BBC43494 MD5: 9D09DC1EDA745A5F87553048E57620CF)

powershell.exe (PID: 6548 cmdline: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssE6E9.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiE6D6.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrE6D7.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrE6D8.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue." MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)

conhost.exe (PID: 6656 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 6500 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\suriqk.bat" "C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 3788 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

obs-ffmpeg-mux.exe (PID: 7064 cmdline: "C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe" MD5: D3CAC4D7B35BACAE314F48C374452D71)

conhost.exe (PID: 7056 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

createdump.exe (PID: 5560 cmdline: "C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\createdump.exe" MD5: 71F796B486C7FAF25B9B16233A7CE0CD)

conhost.exe (PID: 2128 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cleanup

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
sslproxydump.pcap	JoeSecurity_AdvancedInstaller	Yara detected AdvancedInstaller	Joe Security

Sigma Signatures

System Summary

Sigma detected: Script Interpreter Execution From Suspicious Folder

Source: Process started

Author: Florian Roth (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssE6E9.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiE6D6.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrE6D7.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrE6D8.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", CommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssE6E9.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiE6D6.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrE6D7.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrE6D8.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\syswow64\MsiExec.exe -Embedding 069AFA2E2F0926607807BC15BBC43494, ParentImage: C:\Windows\SysWOW64\msiexec.exe, ParentProcessId: 3724, ParentProcessName: msiexec.exe, ProcessCommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssE6E9.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiE6D6.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrE6D7.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrE6D8.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", ProcessId: 6548, ProcessName: powershell.exe

Sigma detected: Suspicious Script Execution From Temp Folder

Source: Process started

Author: Florian Roth (Nextron Systems), Max Altgelt (Nextron Systems), Tim Shelton: Data: Command: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssE6E9.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiE6D6.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrE6D7.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrE6D8.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", CommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssE6E9.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiE6D6.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrE6D7.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrE6D8.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\syswow64\MsiExec.exe -Embedding 069AFA2E2F0926607807BC15BBC43494, ParentImage: C:\Windows\SysWOW64\msiexec.exe, ParentProcessId: 3724, ParentProcessName: msiexec.exe, ProcessCommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssE6E9.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiE6D6.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrE6D7.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrE6D8.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", ProcessId: 6548, ProcessName: powershell.exe

Sigma detected: Change PowerShell Policies to an Insecure Level

Source: Process started

Author: frack113: Data: Command: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssE6E9.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiE6D6.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrE6D7.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrE6D8.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", CommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssE6E9.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiE6D6.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrE6D7.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrE6D8.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\syswow64\MsiExec.exe -Embedding 069AFA2E2F0926607807BC15BBC43494, ParentImage: C:\Windows\SysWOW64\msiexec.exe, ParentProcessId: 3724, ParentProcessName: msiexec.exe, ProcessCommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssE6E9.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiE6D6.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrE6D7.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrE6D8.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", ProcessId: 6548, ProcessName: powershell.exe

Sigma detected: Msiexec Initiated Connection

Source: Network Connection

Author: frack113: Data: DestinationIp: 188.114.97.3, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Windows\SysWOW64\msiexec.exe, Initiated: true, ProcessId: 3724, Protocol: tcp, SourceIp: 192.168.2.5, SourceIsIpv6: false, SourcePort: 49704

Sigma detected: Suspicious MsiExec Embedding Parent

Source: Process started

Sigma detected: Non Interactive PowerShell Process Spawned

Source: Process started

Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssE6E9.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiE6D6.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrE6D7.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrE6D8.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", CommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssE6E9.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiE6D6.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrE6D7.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrE6D8.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\syswow64\MsiExec.exe -Embedding 069AFA2E2F0926607807BC15BBC43494, ParentImage: C:\Windows\SysWOW64\msiexec.exe, ParentProcessId: 3724, ParentProcessName: msiexec.exe, ProcessCommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssE6E9.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiE6D6.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrE6D7.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrE6D8.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", ProcessId: 6548, ProcessName: powershell.exe

Suricata Signatures

ETPRO MALWARE MSIL/Zbrain PUP/Stealer Installer UA

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-07T15:24:13.747157+0100	2829202	1	A Network Trojan was detected	192.168.2.5	49704	188.114.97.3	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 83.6% probability

Source: C:\Windows\System32\msiexec.exe

Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{33A90EB2-6231-4158-A54E-0AB7E99B8DF2}

Jump to behavior

Source: unknown

HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:49704 version: TLS 1.2

Source:	Binary string: C:\ReleaseAI\win\Release\custact\x86\DataUploader.pdb source: setup.msi, 3bb6be.msi.1.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\debug\createdump\createdump.pdb source: createdump.exe, 00000008.00000002.2220275547.00007FF78ACB8000.00000002.00000001.01000000.00000006.sdmp, createdump.exe, 00000008.00000000.2217109851.00007FF78ACB8000.00000002.00000001.01000000.00000006.sdmp
Source:	Binary string: C:\ReleaseAI\win\Release\bin\x86\embeddeduiproxy.pdb= source: setup.msi, 3bb6be.msi.1.dr
Source:	Binary string: C:\ReleaseAI\win\Release\WinUiBootstrapperEui\WinUiBootstrapperEui.pdb)) source: setup.msi, 3bb6be.msi.1.dr
Source:	Binary string: ucrtbase.pdb source: setup.msi, 3bb6be.msi.1.dr
Source:	Binary string: C:\ReleaseAI\win\Release\custact\x86\PowerShellScriptLauncher.pdbk source: setup.msi, 3bb6be.msi.1.dr
Source:	Binary string: Microsoft.Web.WebView2.Core.pdbGCTL source: setup.msi, 3bb6be.msi.1.dr
Source:	Binary string: C:\ReleaseAI\win\Release\custact\x86\DataUploader.pdbj source: setup.msi, 3bb6be.msi.1.dr
Source:	Binary string: C:\ReleaseAI\win\Release\custact\x86\SoftwareDetector.pdbm source: setup.msi, 3bb6be.msi.1.dr
Source:	Binary string: E:\BA\201\s\140_release\vcrt_fwd_x86_release\Release\vcamp140_app.pdb source: setup.msi, 3bb6be.msi.1.dr
Source:	Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: setup.msi, 3bb6be.msi.1.dr
Source:	Binary string: E:\BA\201\s\140_release\vcrt_fwd_x86_release\Release\vccorlib140_app.pdb source: setup.msi, 3bb6be.msi.1.dr
Source:	Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdbGCTL source: setup.msi, 3bb6be.msi.1.dr
Source:	Binary string: C:\ReleaseAI\win\Release\WinUiBootstrapperEui\WinUiBootstrapperEui.pdb source: setup.msi, 3bb6be.msi.1.dr
Source:	Binary string: api-ms-win-core-localization-l1-2-0.pdb source: api-ms-win-core-localization-l1-2-0.dll.1.dr
Source:	Binary string: C:\ReleaseAI\win\Release\stubs\x86\ExternalUi.pdb source: setup.msi, 3bb6be.msi.1.dr
Source:	Binary string: D:\a\_work\1\s\140_release\vcrt_fwd_x86_release\Release\msvcp140_app.pdb source: setup.msi, 3bb6be.msi.1.dr
Source:	Binary string: C:\ReleaseAI\win\Release\custact\x86\PowerShellScriptLauncher.pdb source: setup.msi, 3bb6be.msi.1.dr
Source:	Binary string: E:\BA\201\s\140_release\vcrt_fwd_x86_release\Release\vcomp140_app.pdb source: setup.msi, 3bb6be.msi.1.dr
Source:	Binary string: D:\a\1\s\Win32\Release\Microsoft.Toolkit.Win32.UI.XamlApplication\Microsoft.Toolkit.Win32.UI.XamlHost.pdb!! source: setup.msi, 3bb6be.msi.1.dr
Source:	Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: obs-ffmpeg-mux.exe, 0000000B.00000002.2227588075.00007FF8BFB91000.00000002.00000001.01000000.0000000C.sdmp
Source:	Binary string: C:\a\_work\1\s\BuildOutput\Release\x86\Microsoft.UI.Xaml\Microsoft.UI.Xaml.pdb source: setup.msi, 3bb6be.msi.1.dr
Source:	Binary string: D:\a\_work\1\s\140_release\vcrt_fwd_x86_release\Release\vcruntime140_app.pdb source: setup.msi, 3bb6be.msi.1.dr
Source:	Binary string: obs-ffmpeg-mux.pdb source: obs-ffmpeg-mux.exe, 0000000B.00000000.2219929491.00007FF6129E5000.00000002.00000001.01000000.00000007.sdmp, obs-ffmpeg-mux.exe, 0000000B.00000002.2221744703.00007FF6129E5000.00000004.00000001.01000000.00000007.sdmp
Source:	Binary string: D:\a\1\s\Win32\Release\Microsoft.Toolkit.Win32.UI.XamlApplication\Microsoft.Toolkit.Win32.UI.XamlHost.pdb source: setup.msi, 3bb6be.msi.1.dr
Source:	Binary string: C:\ReleaseAI\win\Release\bin\x86\embeddeduiproxy.pdb source: setup.msi, 3bb6be.msi.1.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\debug\createdump\createdump.pdb;;;GCTL source: createdump.exe, 00000008.00000002.2220275547.00007FF78ACB8000.00000002.00000001.01000000.00000006.sdmp, createdump.exe, 00000008.00000000.2217109851.00007FF78ACB8000.00000002.00000001.01000000.00000006.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: setup.msi, 3bb6be.msi.1.dr
Source:	Binary string: C:\ReleaseAI\win\Release\custact\x86\SoftwareDetector.pdb source: setup.msi, 3bb6be.msi.1.dr
Source:	Binary string: Microsoft.Web.WebView2.Core.pdb source: setup.msi, 3bb6be.msi.1.dr
Source:	Binary string: ucrtbase.pdbUGP source: setup.msi, 3bb6be.msi.1.dr
Source:	Binary string: w32-pthreads.pdb source: obs-ffmpeg-mux.exe, 0000000B.00000002.2227797863.00007FF8BFBA8000.00000002.00000001.01000000.0000000B.sdmp
Source:	Binary string: C:\ReleaseAI\win\Release\custact\x86\AICustAct.pdb source: setup.msi, 3bb6be.msi.1.dr
Source:	Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdbGCTL source: setup.msi, 3bb6be.msi.1.dr

Source: C:\Windows\System32\msiexec.exe	File opened: z:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: x:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: v:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: t:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: r:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: p:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: n:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: l:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: j:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: h:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: f:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: b:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: y:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: w:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: u:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: s:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: q:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: o:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: m:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: k:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: i:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: g:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: e:	Jump to behavior
Source: C:\Windows\System32\cmd.exe	File opened: c:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: a:	Jump to behavior

Source: Yara match

File source: sslproxydump.pcap, type: PCAP

Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe

Code function: 4x nop then push rbx

11_2_00007FF8A7C646C0

Networking

Suricata IDS alerts for network traffic

Source: Network traffic

Suricata IDS: 2829202 - Severity 1 - ETPRO MALWARE MSIL/Zbrain PUP/Stealer Installer UA : 192.168.2.5:49704 -> 188.114.97.3:443

Source: Joe Sandbox View	IP Address: 188.114.97.3 188.114.97.3
Source: Joe Sandbox View	IP Address: 188.114.97.3 188.114.97.3

Source: Joe Sandbox View

ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

DNS traffic detected: DNS query: junewiener.com

Source: unknown

HTTP traffic detected: POST /updater2.php HTTP/1.1Content-Type: application/x-www-form-urlencoded; charset=utf-8User-Agent: AdvancedInstallerHost: junewiener.comContent-Length: 71Cache-Control: no-cache

Source: setup.msi, 3bb6be.msi.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: setup.msi, 3bb6be.msi.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: setup.msi, 3bb6be.msi.1.dr	String found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA.crt0
Source: powershell.exe, 00000004.00000002.2160252933.0000000002AB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.m
Source: setup.msi, 3bb6be.msi.1.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: setup.msi, 3bb6be.msi.1.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
Source: setup.msi, 3bb6be.msi.1.dr	String found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA.crl0E
Source: setup.msi, 3bb6be.msi.1.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: setup.msi, 3bb6be.msi.1.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: setup.msi, 3bb6be.msi.1.dr	String found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA.crl0K
Source: setup.msi, 3bb6be.msi.1.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: obs-ffmpeg-mux.exe, obs-ffmpeg-mux.exe, 0000000B.00000002.2222164846.00007FF8A4BAB000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: http://dashif.org/guidelines/trickmode
Source: powershell.exe, 00000004.00000002.2162733669.00000000056B7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://nuget.org/NuGet.exe
Source: setup.msi, 3bb6be.msi.1.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: setup.msi, 3bb6be.msi.1.dr	String found in binary or memory: http://ocsp.digicert.com0K
Source: setup.msi, 3bb6be.msi.1.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: setup.msi, 3bb6be.msi.1.dr	String found in binary or memory: http://ocsp.digicert.com0O
Source: powershell.exe, 00000004.00000002.2160531655.00000000047A6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: setup.msi, 3bb6be.msi.1.dr	String found in binary or memory: http://schemas.micj
Source: powershell.exe, 00000004.00000002.2160531655.0000000004651000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: obs-ffmpeg-mux.exe, 0000000B.00000002.2222164846.00007FF8A4BAB000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: http://standards.iso.org/ittf/PubliclyAvailableStandards/MPEG-DASH_schema_files/DASH-MPD.xsd
Source: powershell.exe, 00000004.00000002.2160531655.00000000047A6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: setup.msi, 3bb6be.msi.1.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: obs-ffmpeg-mux.exe, 0000000B.00000002.2225253745.00007FF8A6D80000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: http://www.videolan.org/x264.html
Source: powershell.exe, 00000004.00000002.2160531655.0000000004651000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/pscore6lB
Source: setup.msi, 3bb6be.msi.1.dr	String found in binary or memory: https://aka.ms/winui2/webview2download/Reload():
Source: powershell.exe, 00000004.00000002.2162733669.00000000056B7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/
Source: powershell.exe, 00000004.00000002.2162733669.00000000056B7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/Icon
Source: powershell.exe, 00000004.00000002.2162733669.00000000056B7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/License
Source: powershell.exe, 00000004.00000002.2160531655.00000000047A6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Pester/Pester
Source: powershell.exe, 00000004.00000002.2160531655.0000000004D10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://go.micro
Source: setup.msi, 3bb6be.msi.1.dr	String found in binary or memory: https://junewiener.com/updater2.phpx
Source: powershell.exe, 00000004.00000002.2162733669.00000000056B7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://nuget.org/nuget.exe
Source: obs-ffmpeg-mux.exe, obs-ffmpeg-mux.exe, 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmp	String found in binary or memory: https://streams.videolan.org/upload/
Source: setup.msi, 3bb6be.msi.1.dr	String found in binary or memory: https://www.digicert.com/CPS0

Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704

Source: unknown

HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:49704 version: TLS 1.2

Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\3bb6be.msi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIC0D0.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIC18C.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIC1FB.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIC22B.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIC26A.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIC29A.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIC2CA.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIE046.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\inprogressinstallinfo.ipi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\SourceHash{33A90EB2-6231-4158-A54E-0AB7E99B8DF2}	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIE632.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIE643.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\3bb6c1.msi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\3bb6c1.msi	Jump to behavior

Source: C:\Windows\System32\msiexec.exe

File deleted: C:\Windows\Installer\MSIC0D0.tmp

Jump to behavior

Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF6129E2EE0	11_2_00007FF6129E2EE0
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF6129E2A10	11_2_00007FF6129E2A10
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7BEB8D0	11_2_00007FF8A7BEB8D0
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7BED8D0	11_2_00007FF8A7BED8D0
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7C128B0	11_2_00007FF8A7C128B0
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7C64840	11_2_00007FF8A7C64840
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7BEE820	11_2_00007FF8A7BEE820
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7C06820	11_2_00007FF8A7C06820
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7C087F0	11_2_00007FF8A7C087F0
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7BEB790	11_2_00007FF8A7BEB790
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7BED700	11_2_00007FF8A7BED700
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7BE1730	11_2_00007FF8A7BE1730
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7BEB6A0	11_2_00007FF8A7BEB6A0
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7C0C650	11_2_00007FF8A7C0C650
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7C90640	11_2_00007FF8A7C90640
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7BED5C0	11_2_00007FF8A7BED5C0
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7BEB5C0	11_2_00007FF8A7BEB5C0
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7C03580	11_2_00007FF8A7C03580
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7C23560	11_2_00007FF8A7C23560
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7BEA520	11_2_00007FF8A7BEA520
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7BEE4C0	11_2_00007FF8A7BEE4C0
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7C244D0	11_2_00007FF8A7C244D0
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7C024D0	11_2_00007FF8A7C024D0
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7BEB460	11_2_00007FF8A7BEB460
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7C033E0	11_2_00007FF8A7C033E0
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7BEB380	11_2_00007FF8A7BEB380
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7BE13A0	11_2_00007FF8A7BE13A0
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7C25350	11_2_00007FF8A7C25350
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7C26350	11_2_00007FF8A7C26350
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7C24330	11_2_00007FF8A7C24330
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7C0F2C0	11_2_00007FF8A7C0F2C0
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7BEC2F0	11_2_00007FF8A7BEC2F0
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7BE7260	11_2_00007FF8A7BE7260
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7BED210	11_2_00007FF8A7BED210
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7BEC1A0	11_2_00007FF8A7BEC1A0
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7BEA1B0	11_2_00007FF8A7BEA1B0
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7BEB150	11_2_00007FF8A7BEB150
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7C11160	11_2_00007FF8A7C11160
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7C130A0	11_2_00007FF8A7C130A0
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7BED030	11_2_00007FF8A7BED030
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7BEB030	11_2_00007FF8A7BEB030
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7C02F20	11_2_00007FF8A7C02F20
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7BEDEF0	11_2_00007FF8A7BEDEF0
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7BE6E70	11_2_00007FF8A7BE6E70
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7C21E10	11_2_00007FF8A7C21E10
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7BEBE20	11_2_00007FF8A7BEBE20
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7BFFDF0	11_2_00007FF8A7BFFDF0
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7C12D90	11_2_00007FF8A7C12D90
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7BE9D50	11_2_00007FF8A7BE9D50
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7C02D20	11_2_00007FF8A7C02D20
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7C22CC0	11_2_00007FF8A7C22CC0
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7BECCE0	11_2_00007FF8A7BECCE0
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7C04C80	11_2_00007FF8A7C04C80
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7C13C00	11_2_00007FF8A7C13C00
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7BE1C30	11_2_00007FF8A7BE1C30
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7C02BF0	11_2_00007FF8A7C02BF0
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7C2CBE0	11_2_00007FF8A7C2CBE0
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7BE3B87	11_2_00007FF8A7BE3B87
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7C42B80	11_2_00007FF8A7C42B80
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7C12B40	11_2_00007FF8A7C12B40
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7C22B60	11_2_00007FF8A7C22B60
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7C25B00	11_2_00007FF8A7C25B00
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7C8DAA0	11_2_00007FF8A7C8DAA0
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7BE9A50	11_2_00007FF8A7BE9A50
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7BEBA70	11_2_00007FF8A7BEBA70
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7BE99C0	11_2_00007FF8A7BE99C0
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7C05980	11_2_00007FF8A7C05980
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7BE1990	11_2_00007FF8A7BE1990
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7BEE9A0	11_2_00007FF8A7BEE9A0
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7C109B0	11_2_00007FF8A7C109B0
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7BED9B0	11_2_00007FF8A7BED9B0
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8A7C14920	11_2_00007FF8A7C14920
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8BFB568B0	11_2_00007FF8BFB568B0
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8BFB64B4A	11_2_00007FF8BFB64B4A
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8BFB63AA7	11_2_00007FF8BFB63AA7
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8BFB58DB0	11_2_00007FF8BFB58DB0
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8BFB87508	11_2_00007FF8BFB87508

Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: String function: 00007FF8BFB62038 appears 32 times
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: String function: 00007FF8A7C056C0 appears 288 times

Source: avcodec-60.dll.1.dr	Static PE information: Number of sections : 13 > 10
Source: avutil-58.dll.1.dr	Static PE information: Number of sections : 12 > 10
Source: swresample-4.dll.1.dr	Static PE information: Number of sections : 12 > 10
Source: swscale-7.dll.1.dr	Static PE information: Number of sections : 12 > 10
Source: zlib.dll.1.dr	Static PE information: Number of sections : 12 > 10
Source: avformat-60.dll.1.dr	Static PE information: Number of sections : 12 > 10

Source: api-ms-win-core-handle-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-string-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-2-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-sysinfo-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-memory-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-debug-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-environment-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-heap-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-console-l1-2-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-console-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l2-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-2-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-profile-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-libraryloader-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-localization-l1-2-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-datetime-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-1.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-namedpipe-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-filesystem-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-util-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-errorhandling-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-processenvironment-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-interlocked-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-rtlsupport-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-conio-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-timezone-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-convert-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found

Source: setup.msi	Binary or memory string: OriginalFilenameAICustAct.dllF vs setup.msi
Source: setup.msi	Binary or memory string: OriginalFilenameSoftwareDetector.dllF vs setup.msi
Source: setup.msi	Binary or memory string: OriginalFilenameDataUploader.dllF vs setup.msi
Source: setup.msi	Binary or memory string: OriginalFilenamePowerShellScriptLauncher.dllF vs setup.msi
Source: setup.msi	Binary or memory string: OriginalFilenameucrtbase.dllj% vs setup.msi
Source: setup.msi	Binary or memory string: OriginalFilenamevcruntime140.dllT vs setup.msi
Source: setup.msi	Binary or memory string: OriginalFilenamemsvcp140.dllT vs setup.msi
Source: setup.msi	Binary or memory string: OriginalFilenameMicrosoft.Web.WebView2.Core.dll vs setup.msi
Source: setup.msi	Binary or memory string: OriginalFilenameMicrosoft.UI.Xaml.dllD vs setup.msi
Source: setup.msi	Binary or memory string: OriginalFilenameembeddeduiproxy.dllF vs setup.msi

Source: classification engine

Classification label: mal68.evad.winMSI@17/88@1/1

Source: C:\Windows\System32\msiexec.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\CMLEF62.tmp

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2128:120:WilError_03
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7056:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6656:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3788:120:WilError_03

Source: C:\Windows\System32\msiexec.exe

File created: C:\Windows\TEMP\~DF0DAF3B847C71C237.TMP

Jump to behavior

Source: C:\Windows\System32\msiexec.exe

Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\suriqk.bat" "C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe""

Source: C:\Windows\SysWOW64\msiexec.exe

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TenantRestrictions\Payload

Jump to behavior

Source: obs-ffmpeg-mux.exe	String found in binary or memory: #EXT-X-START value isinvalid, it will be ignored
Source: obs-ffmpeg-mux.exe	String found in binary or memory: #EXT-X-START:
Source: obs-ffmpeg-mux.exe	String found in binary or memory: prefer to use #EXT-X-START if it's in playlist instead of live_start_index
Source: obs-ffmpeg-mux.exe	String found in binary or memory: start/stop audio
Source: obs-ffmpeg-mux.exe	String found in binary or memory: start/stop audio

Source: unknown	Process created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\setup.msi"
Source: unknown	Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 069AFA2E2F0926607807BC15BBC43494
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssE6E9.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiE6D6.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrE6D7.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrE6D8.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\suriqk.bat" "C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe""
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\createdump.exe "C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\createdump.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\createdump.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe "C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe"
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 069AFA2E2F0926607807BC15BBC43494	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\suriqk.bat" "C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe""	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\createdump.exe "C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\createdump.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssE6E9.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiE6D6.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrE6D7.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrE6D8.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe "C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe"	Jump to behavior

Source: C:\Windows\System32\msiexec.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: srpapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: tsappcmp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: tsappcmp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: windows.ui.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: windowmanagementapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: inputhost.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: windows.ui.immersive.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\createdump.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\createdump.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\createdump.exe	Section loaded: dbgcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\createdump.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Section loaded: obs.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Section loaded: avcodec-60.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Section loaded: avutil-58.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Section loaded: avformat-60.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Section loaded: w32-pthreads.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Section loaded: avutil-58.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Section loaded: swresample-4.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Section loaded: sspicli.dll	Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Windows\System32\msiexec.exe

Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{33A90EB2-6231-4158-A54E-0AB7E99B8DF2}

Jump to behavior

Source: setup.msi

Static file information: File size 60712960 > 1048576

Source:	Binary string: C:\ReleaseAI\win\Release\custact\x86\DataUploader.pdb source: setup.msi, 3bb6be.msi.1.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\debug\createdump\createdump.pdb source: createdump.exe, 00000008.00000002.2220275547.00007FF78ACB8000.00000002.00000001.01000000.00000006.sdmp, createdump.exe, 00000008.00000000.2217109851.00007FF78ACB8000.00000002.00000001.01000000.00000006.sdmp
Source:	Binary string: C:\ReleaseAI\win\Release\bin\x86\embeddeduiproxy.pdb= source: setup.msi, 3bb6be.msi.1.dr
Source:	Binary string: C:\ReleaseAI\win\Release\WinUiBootstrapperEui\WinUiBootstrapperEui.pdb)) source: setup.msi, 3bb6be.msi.1.dr
Source:	Binary string: ucrtbase.pdb source: setup.msi, 3bb6be.msi.1.dr
Source:	Binary string: C:\ReleaseAI\win\Release\custact\x86\PowerShellScriptLauncher.pdbk source: setup.msi, 3bb6be.msi.1.dr
Source:	Binary string: Microsoft.Web.WebView2.Core.pdbGCTL source: setup.msi, 3bb6be.msi.1.dr
Source:	Binary string: C:\ReleaseAI\win\Release\custact\x86\DataUploader.pdbj source: setup.msi, 3bb6be.msi.1.dr
Source:	Binary string: C:\ReleaseAI\win\Release\custact\x86\SoftwareDetector.pdbm source: setup.msi, 3bb6be.msi.1.dr
Source:	Binary string: E:\BA\201\s\140_release\vcrt_fwd_x86_release\Release\vcamp140_app.pdb source: setup.msi, 3bb6be.msi.1.dr
Source:	Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: setup.msi, 3bb6be.msi.1.dr
Source:	Binary string: E:\BA\201\s\140_release\vcrt_fwd_x86_release\Release\vccorlib140_app.pdb source: setup.msi, 3bb6be.msi.1.dr
Source:	Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdbGCTL source: setup.msi, 3bb6be.msi.1.dr
Source:	Binary string: C:\ReleaseAI\win\Release\WinUiBootstrapperEui\WinUiBootstrapperEui.pdb source: setup.msi, 3bb6be.msi.1.dr
Source:	Binary string: api-ms-win-core-localization-l1-2-0.pdb source: api-ms-win-core-localization-l1-2-0.dll.1.dr
Source:	Binary string: C:\ReleaseAI\win\Release\stubs\x86\ExternalUi.pdb source: setup.msi, 3bb6be.msi.1.dr
Source:	Binary string: D:\a\_work\1\s\140_release\vcrt_fwd_x86_release\Release\msvcp140_app.pdb source: setup.msi, 3bb6be.msi.1.dr
Source:	Binary string: C:\ReleaseAI\win\Release\custact\x86\PowerShellScriptLauncher.pdb source: setup.msi, 3bb6be.msi.1.dr
Source:	Binary string: E:\BA\201\s\140_release\vcrt_fwd_x86_release\Release\vcomp140_app.pdb source: setup.msi, 3bb6be.msi.1.dr
Source:	Binary string: D:\a\1\s\Win32\Release\Microsoft.Toolkit.Win32.UI.XamlApplication\Microsoft.Toolkit.Win32.UI.XamlHost.pdb!! source: setup.msi, 3bb6be.msi.1.dr
Source:	Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: obs-ffmpeg-mux.exe, 0000000B.00000002.2227588075.00007FF8BFB91000.00000002.00000001.01000000.0000000C.sdmp
Source:	Binary string: C:\a\_work\1\s\BuildOutput\Release\x86\Microsoft.UI.Xaml\Microsoft.UI.Xaml.pdb source: setup.msi, 3bb6be.msi.1.dr
Source:	Binary string: D:\a\_work\1\s\140_release\vcrt_fwd_x86_release\Release\vcruntime140_app.pdb source: setup.msi, 3bb6be.msi.1.dr
Source:	Binary string: obs-ffmpeg-mux.pdb source: obs-ffmpeg-mux.exe, 0000000B.00000000.2219929491.00007FF6129E5000.00000002.00000001.01000000.00000007.sdmp, obs-ffmpeg-mux.exe, 0000000B.00000002.2221744703.00007FF6129E5000.00000004.00000001.01000000.00000007.sdmp
Source:	Binary string: D:\a\1\s\Win32\Release\Microsoft.Toolkit.Win32.UI.XamlApplication\Microsoft.Toolkit.Win32.UI.XamlHost.pdb source: setup.msi, 3bb6be.msi.1.dr
Source:	Binary string: C:\ReleaseAI\win\Release\bin\x86\embeddeduiproxy.pdb source: setup.msi, 3bb6be.msi.1.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\debug\createdump\createdump.pdb;;;GCTL source: createdump.exe, 00000008.00000002.2220275547.00007FF78ACB8000.00000002.00000001.01000000.00000006.sdmp, createdump.exe, 00000008.00000000.2217109851.00007FF78ACB8000.00000002.00000001.01000000.00000006.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: setup.msi, 3bb6be.msi.1.dr
Source:	Binary string: C:\ReleaseAI\win\Release\custact\x86\SoftwareDetector.pdb source: setup.msi, 3bb6be.msi.1.dr
Source:	Binary string: Microsoft.Web.WebView2.Core.pdb source: setup.msi, 3bb6be.msi.1.dr
Source:	Binary string: ucrtbase.pdbUGP source: setup.msi, 3bb6be.msi.1.dr
Source:	Binary string: w32-pthreads.pdb source: obs-ffmpeg-mux.exe, 0000000B.00000002.2227797863.00007FF8BFBA8000.00000002.00000001.01000000.0000000B.sdmp
Source:	Binary string: C:\ReleaseAI\win\Release\custact\x86\AICustAct.pdb source: setup.msi, 3bb6be.msi.1.dr
Source:	Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdbGCTL source: setup.msi, 3bb6be.msi.1.dr

Source: api-ms-win-core-synch-l1-2-0.dll.1.dr

Static PE information: 0x8A188CB0 [Tue Jun 2 13:31:28 2043 UTC]

Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe

Code function: 11_2_00007FF8A7BFED32 LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,

11_2_00007FF8A7BFED32

Source: vcruntime140.dll.1.dr	Static PE information: section name: _RDATA
Source: BCUninstaller.exe.1.dr	Static PE information: section name: _RDATA
Source: createdump.exe.1.dr	Static PE information: section name: _RDATA
Source: UnRar.exe.1.dr	Static PE information: section name: _RDATA
Source: avformat-60.dll.1.dr	Static PE information: section name: .xdata
Source: avutil-58.dll.1.dr	Static PE information: section name: .xdata
Source: swresample-4.dll.1.dr	Static PE information: section name: .xdata
Source: swscale-7.dll.1.dr	Static PE information: section name: .xdata
Source: zlib.dll.1.dr	Static PE information: section name: .xdata
Source: avcodec-60.dll.1.dr	Static PE information: section name: .rodata
Source: avcodec-60.dll.1.dr	Static PE information: section name: .xdata
Source: MSIE643.tmp.1.dr	Static PE information: section name: .fptable
Source: MSIC0D0.tmp.1.dr	Static PE information: section name: .fptable
Source: MSIC18C.tmp.1.dr	Static PE information: section name: .fptable
Source: MSIC1FB.tmp.1.dr	Static PE information: section name: .fptable
Source: MSIC22B.tmp.1.dr	Static PE information: section name: .fptable
Source: MSIC26A.tmp.1.dr	Static PE information: section name: .fptable
Source: MSIC29A.tmp.1.dr	Static PE information: section name: .fptable
Source: MSIC2CA.tmp.1.dr	Static PE information: section name: .fptable
Source: MSIE046.tmp.1.dr	Static PE information: section name: .fptable

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4_2_00839747 push cs; retf 0007h	4_2_00839812
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4_2_00839AB8 push ds; retf 0007h	4_2_00839AD2
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4_2_00839A5D push ds; retf 0007h	4_2_00839AA2

Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIC18C.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIC2CA.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-processenvironment-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\avformat-60.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-processthreads-l1-1-1.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-crt-convert-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\createdump.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\msvcp140.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIE643.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-console-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-handle-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-crt-filesystem-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-file-l1-2-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIC29A.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-util-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\utest.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\swresample-4.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIE046.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-debug-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-file-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-memory-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIC26A.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-crt-conio-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-rtlsupport-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\zlib.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-localization-l1-2-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-errorhandling-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-synch-l1-2-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-datetime-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-console-l1-2-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-sysinfo-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-string-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-profile-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-namedpipe-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\BCUninstaller.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-libraryloader-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\avutil-58.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-synch-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\vcruntime140.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIC1FB.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\avcodec-60.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-interlocked-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIC0D0.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\w32-pthreads.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-timezone-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\vcruntime140_1.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\UnRar.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\swscale-7.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIC22B.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-crt-environment-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-file-l2-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-processthreads-l1-1-0.dll	Jump to dropped file

Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIC29A.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIC18C.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIC1FB.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIE046.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIC26A.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIC2CA.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIC0D0.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIE643.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIC22B.tmp	Jump to dropped file

Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe

Code function: 11_2_00007FF8A7BFB840 FreeLibrary,free,calloc,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,GetModuleHandleW,GetProcAddress,GetProcAddress,LoadLibraryExW,_aligned_free,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,_errno,GetModuleHandleW,GetProcAddress,GetProcAddress,LoadLibraryExA,FreeLibrary,free,wcslen,GetModuleFileNameW,_aligned_free,_aligned_free,_aligned_free,wcscpy,LoadLibraryExW,LoadLibraryExW,_aligned_free,_aligned_free,_aligned_free,_aligned_free,_aligned_free,_aligned_free,_aligned_free,GetSystemDirectoryW,GetSystemDirectoryW,GetSystemDirectoryW,wcscpy,LoadLibraryExW,_aligned_free,_aligned_free,_aligned_free,_aligned_free,

11_2_00007FF8A7BFB840

Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior

Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe

Code function: 11_2_00007FF8A7C12D90 rdtsc

11_2_00007FF8A7C12D90

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477			Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 2467			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 1357			Jump to behavior

Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-sysinfo-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-string-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIC18C.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIC2CA.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-profile-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-processenvironment-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-namedpipe-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\BCUninstaller.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-libraryloader-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-processthreads-l1-1-1.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-crt-convert-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\msvcp140.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-handle-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIE643.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-console-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-crt-filesystem-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-file-l1-2-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-synch-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIC29A.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-util-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIC1FB.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\utest.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIE046.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-debug-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-file-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-memory-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIC26A.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-interlocked-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIC0D0.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-timezone-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\vcruntime140_1.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\UnRar.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-crt-conio-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-rtlsupport-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\swscale-7.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\zlib.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-localization-l1-2-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-errorhandling-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-synch-l1-2-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIC22B.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-datetime-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-crt-environment-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-file-l2-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-processthreads-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-console-l1-2-0.dll	Jump to dropped file

Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\createdump.exe

API coverage: 8.2 %

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 1252	Thread sleep count: 2467 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 4208	Thread sleep count: 1357 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6528	Thread sleep time: -2767011611056431s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 4144	Thread sleep time: -2767011611056431s >= -30000s	Jump to behavior

Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477			Jump to behavior

Source: 3bb6be.msi.1.dr	Binary or memory string: HKEY_USERSRegOpenKeyTransactedW::NetUserGetInfo() failed with error: \@invalid string_view positionVMware, Inc.VMware Virtual PlatformVMware7,1VMware20,1innotek GmbHVirtualBoxMicrosoft CorporationVirtual MachineVRTUALACRSYSA M IGetting system informationManufacturer [Model [BIOS [\\?\UNC\\\?\shim_clone%d.%d.%d.%dDllGetVersion[%!]%!ProgramFilesFolderCommonFilesFolderDesktopFolderAllUsersDesktopFolderAppDataFolderFavoritesFolderStartMenuFolderProgramMenuFolderStartupFolderFontsFolderLocalAppDataFolderCommonAppDataFolderProgramFiles64FolderProgramFilesProgramW6432SystemFolderSystem32FolderWindowsFolderWindowsVolumeTempFolderSETUPEXEDIRshfolder.dllSHGetFolderPathWProgramFilesAPPDATAPROGRAMFILES&+
Source: obs-ffmpeg-mux.exe, 0000000B.00000002.2225253745.00007FF8A696A000.00000002.00000001.01000000.00000008.sdmp	Binary or memory string: vmncVMware Screen Codec / VMware Video @
Source: obs-ffmpeg-mux.exe, 0000000B.00000002.2225253745.00007FF8A685D000.00000002.00000001.01000000.00000008.sdmp	Binary or memory string: VMware Screen Codec / VMware Video

Source: C:\Windows\System32\msiexec.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Potentially malicious time measurement code found

Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe

Code function: 11_2_00007FF8A7C12D90 Start: 00007FF8A7C1300F End: 00007FF8A7C12E85

11_2_00007FF8A7C12D90

Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe

Code function: 11_2_00007FF8A7C12D90 rdtsc

11_2_00007FF8A7C12D90

Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\createdump.exe

Code function: 8_2_00007FF78ACB2ECC IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

8_2_00007FF78ACB2ECC

Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe

Code function: 11_2_00007FF8A7BFED32 LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,

11_2_00007FF8A7BFED32

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Windows\System32\msiexec.exe

Jump to behavior

Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\createdump.exe	Code function: 8_2_00007FF78ACB2984 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	8_2_00007FF78ACB2984
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\createdump.exe	Code function: 8_2_00007FF78ACB2ECC IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	8_2_00007FF78ACB2ECC
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\createdump.exe	Code function: 8_2_00007FF78ACB3074 SetUnhandledExceptionFilter,	8_2_00007FF78ACB3074
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF6129E3E04 SetUnhandledExceptionFilter,	11_2_00007FF6129E3E04
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF6129E3C5C IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	11_2_00007FF6129E3C5C
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF6129E3774 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	11_2_00007FF6129E3774
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8BFB9004C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	11_2_00007FF8BFB9004C
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8BFBA6CBC IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	11_2_00007FF8BFBA6CBC
Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	Code function: 11_2_00007FF8BFBA6710 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	11_2_00007FF8BFBA6710

HIPS / PFW / Operating System Protection Evasion

Bypasses PowerShell execution policy

Source: C:\Windows\SysWOW64\msiexec.exe

Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssE6E9.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiE6D6.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrE6D7.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrE6D8.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."

Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssE6E9.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiE6D6.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrE6D7.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrE6D8.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."			Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe "C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe"			Jump to behavior

Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -noprofile -noninteractive -executionpolicy bypass -file "c:\users\user\appdata\local\temp\psse6e9.ps1" -propfile "c:\users\user\appdata\local\temp\msie6d6.txt" -scriptfile "c:\users\user\appdata\local\temp\scre6d7.ps1" -scriptargsfile "c:\users\user\appdata\local\temp\scre6d8.txt" -propsep " :<->: " -linesep " <<:>> " -testprefix "_testvalue."
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -noprofile -noninteractive -executionpolicy bypass -file "c:\users\user\appdata\local\temp\psse6e9.ps1" -propfile "c:\users\user\appdata\local\temp\msie6d6.txt" -scriptfile "c:\users\user\appdata\local\temp\scre6d7.ps1" -scriptargsfile "c:\users\user\appdata\local\temp\scre6d8.txt" -propsep " :<->: " -linesep " <<:>> " -testprefix "_testvalue."			Jump to behavior

Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior

Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\createdump.exe

Code function: 8_2_00007FF78ACB2DA0 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

8_2_00007FF78ACB2DA0

Source: C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe

Code function: 11_2_00007FF8A7C89720 GetTimeZoneInformation,GetSystemTimeAsFileTime,

11_2_00007FF8A7C89720

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	1 Replication Through Removable Media	12 Command and Scripting Interpreter	1 Windows Service	1 Windows Service	21 Masquerading	OS Credential Dumping	2 System Time Discovery	Remote Services	1 Archive Collected Data	11 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Native API	1 Scripting	11 Process Injection	1 Disable or Modify Tools	LSASS Memory	21 Security Software Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	1 PowerShell	1 DLL Side-Loading	1 DLL Side-Loading	21 Virtualization/Sandbox Evasion	Security Account Manager	1 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	11 Process Injection	NTDS	21 Virtualization/Sandbox Evasion	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Deobfuscate/Decode Files or Information	LSA Secrets	1 Application Window Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	3 Obfuscated Files or Information	Cached Domain Credentials	11 Peripheral Device Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 Timestomp	DCSync	13 System Information Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 DLL Side-Loading	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	1 File Deletion	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner
C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\BCUninstaller.exe	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\UnRar.exe	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-console-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-console-l1-2-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-datetime-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-debug-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-errorhandling-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-file-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-file-l1-2-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-file-l2-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-handle-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-heap-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-interlocked-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-libraryloader-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-localization-l1-2-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-memory-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-namedpipe-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-processenvironment-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-processthreads-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-processthreads-l1-1-1.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-profile-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-rtlsupport-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-string-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-synch-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-synch-l1-2-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-sysinfo-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-timezone-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-util-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-crt-conio-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-crt-convert-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-crt-environment-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-crt-filesystem-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\avcodec-60.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\avformat-60.dll	3%	ReversingLabs
C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\avutil-58.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\createdump.exe	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\msvcp140.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\swresample-4.dll	0%	ReversingLabs

Source	Detection	Scanner	Label	Link
https://junewiener.com/updater2.php	0%	Avira URL Cloud	safe
https://junewiener.com/updater2.phpx	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
junewiener.com	188.114.97.3	true	true		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://junewiener.com/updater2.php	true	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://junewiener.com/updater2.phpx	setup.msi, 3bb6be.msi.1.dr	false	Avira URL Cloud: safe	unknown
http://nuget.org/NuGet.exe	powershell.exe, 00000004.00000002.2162733669.00000000056B7000.00000004.00000800.00020000.00000000.sdmp	false		high
http://crl.m	powershell.exe, 00000004.00000002.2160252933.0000000002AB7000.00000004.00000020.00020000.00000000.sdmp	false		high
http://pesterbdd.com/images/Pester.png	powershell.exe, 00000004.00000002.2160531655.00000000047A6000.00000004.00000800.00020000.00000000.sdmp	false		high
https://streams.videolan.org/upload/	obs-ffmpeg-mux.exe, obs-ffmpeg-mux.exe, 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmp	false		high
https://aka.ms/pscore6lB	powershell.exe, 00000004.00000002.2160531655.0000000004651000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.apache.org/licenses/LICENSE-2.0.html	powershell.exe, 00000004.00000002.2160531655.00000000047A6000.00000004.00000800.00020000.00000000.sdmp	false		high
https://go.micro	powershell.exe, 00000004.00000002.2160531655.0000000004D10000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.videolan.org/x264.html	obs-ffmpeg-mux.exe, 0000000B.00000002.2225253745.00007FF8A6D80000.00000002.00000001.01000000.00000008.sdmp	false		high
https://contoso.com/	powershell.exe, 00000004.00000002.2162733669.00000000056B7000.00000004.00000800.00020000.00000000.sdmp	false		high
https://nuget.org/nuget.exe	powershell.exe, 00000004.00000002.2162733669.00000000056B7000.00000004.00000800.00020000.00000000.sdmp	false		high
https://contoso.com/License	powershell.exe, 00000004.00000002.2162733669.00000000056B7000.00000004.00000800.00020000.00000000.sdmp	false		high
http://dashif.org/guidelines/trickmode	obs-ffmpeg-mux.exe, obs-ffmpeg-mux.exe, 0000000B.00000002.2222164846.00007FF8A4BAB000.00000002.00000001.01000000.0000000A.sdmp	false		high
https://contoso.com/Icon	powershell.exe, 00000004.00000002.2162733669.00000000056B7000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.micj	setup.msi, 3bb6be.msi.1.dr	false		high
http://standards.iso.org/ittf/PubliclyAvailableStandards/MPEG-DASH_schema_files/DASH-MPD.xsd	obs-ffmpeg-mux.exe, 0000000B.00000002.2222164846.00007FF8A4BAB000.00000002.00000001.01000000.0000000A.sdmp	false		high
https://aka.ms/winui2/webview2download/Reload():	setup.msi, 3bb6be.msi.1.dr	false		high
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	powershell.exe, 00000004.00000002.2160531655.0000000004651000.00000004.00000800.00020000.00000000.sdmp	false		high
https://github.com/Pester/Pester	powershell.exe, 00000004.00000002.2160531655.00000000047A6000.00000004.00000800.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
188.114.97.3	junewiener.com	European Union		13335	CLOUDFLARENETUS	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1585365
Start date and time:	2025-01-07 15:23:13 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 7m 15s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	14
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	setup.msi
Detection:	MAL
Classification:	mal68.evad.winMSI@17/88@1/1
EGA Information:	Successful, ratio: 33.3%
HCA Information:	Successful, ratio: 100% Number of executed functions: 15 Number of non-executed functions: 271
Cookbook Comments:	Found application associated with file extension: .msi

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
Excluded IPs from analysis (whitelisted): 4.245.163.56, 13.107.246.45
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target obs-ffmpeg-mux.exe, PID 7064 because there are no executed function
Execution Graph export aborted for target powershell.exe, PID 6548 because it is empty
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing disassembly code.
VT rate limit hit for: setup.msi

Simulations

Behavior and APIs

Time	Type	Description
09:24:14	API Interceptor	6x Sleep call for process: powershell.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
188.114.97.3	DHL DOCS 2-0106-25.exe	Get hash	malicious	FormBook	Browse	www.uzshou.world/ricr/
	Order Inquiry.exe	Get hash	malicious	FormBook	Browse	www.cifasnc.info/8rr3/
	Gg6wivFINd.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse	unasnetds.ru/eternalPython_RequestUpdateprocessAuthSqlTrafficTemporary.php
	Payment Receipt.exe	Get hash	malicious	FormBook	Browse	www.cifasnc.info/8rr3/
	dGhlYXB0Z3JvdXA=-free.exe	Get hash	malicious	Unknown	Browse	/api/get/free
	dGhlYXB0Z3JvdXA=-free.exe	Get hash	malicious	Unknown	Browse	/api/get/free
	RFQ 3100185 MAHAD.exe	Get hash	malicious	FormBook	Browse	www.rgenerousrs.store/o362/
	A2028041200SD.exe	Get hash	malicious	FormBook	Browse	www.beylikduzu616161.xyz/2nga/
	Delivery_Notification_00000260791.doc.js	Get hash	malicious	Unknown	Browse	radostdetym.ru/?ad=1JXSXybzEjjRJQDbVngTy7d8kEFAxmgmDN&id=rWoA9pTQhV1o4c5fjbOa-d26BGh3QU3-Bk0PqI4WnzM-5vl4IqKPymhrqkRpunF_PTHktMR-2qUlNAtnXA&rnd=45
	ce.vbs	Get hash	malicious	Unknown	Browse	paste.ee/d/lxvbq

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	Airbornemx_PAYOUT7370.odt	Get hash	malicious	Unknown	Browse	104.17.25.14
	https://ipfs.io/ipfs/bafybeifkk7tuizumzirz7qfuxbcoggonud2b6gcvttaa7ewfdgltpybls4/index1.html?err=KHPGKXW3AEO13L6ZGUK&dispatch=B34&id=2849c1C900c31C62B159B3002c63C5#engineering@vanas.eu	Get hash	malicious	Unknown	Browse	104.17.24.14
	'Set-up.exe	Get hash	malicious	LummaC	Browse	104.21.25.52
	SET_UP.exe	Get hash	malicious	LummaC	Browse	188.114.97.3
	Set-UpFile_v25.exe	Get hash	malicious	LummaC	Browse	104.21.25.52
	Setup.exe	Get hash	malicious	LummaC	Browse	104.21.80.1
	https://sos-ch-gva-2.exo.io/ready/seah/continue/complete-this-to-continue.html	Get hash	malicious	CAPTCHA Scam ClickFix	Browse	104.17.25.14
	te13.exe	Get hash	malicious	Metasploit	Browse	104.21.16.1
	New order 2025.msg	Get hash	malicious	PureLog Stealer, Snake Keylogger	Browse	188.114.97.3
	https://coggle.it/diagram/Z3zkZPAQxQkDOgmo/t/-/1f6434bfba7d8aab898b2531849681e8b0d7342489acbbff6b172f8658a09526	Get hash	malicious	Unknown	Browse	104.17.25.14

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
37f463bf4616ecd445d4a1937da06e19	1.exe	Get hash	malicious	LummaC, XRed	Browse	188.114.97.3
	9876567899.bat.exe	Get hash	malicious	Lokibot	Browse	188.114.97.3
	23567791246-764698008.02.exe	Get hash	malicious	Unknown	Browse	188.114.97.3
	c2.hta	Get hash	malicious	Remcos	Browse	188.114.97.3
	H565rymIuO.doc	Get hash	malicious	Unknown	Browse	188.114.97.3
	287438657364-7643738421.08.exe	Get hash	malicious	Nitol	Browse	188.114.97.3
	287438657364-7643738421.08.exe	Get hash	malicious	Unknown	Browse	188.114.97.3
	u1XWB0BIju.msi	Get hash	malicious	Unknown	Browse	188.114.97.3
	setup.msi	Get hash	malicious	Unknown	Browse	188.114.97.3

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\BCUninstaller.exe	u1XWB0BIju.msi	Get hash	malicious	Unknown	Browse
	setup.msi	Get hash	malicious	Unknown	Browse
	setup.msi	Get hash	malicious	Unknown	Browse
	Setup.msi	Get hash	malicious	Unknown	Browse
	6a7e35.msi	Get hash	malicious	Unknown	Browse
	setup.msi	Get hash	malicious	Unknown	Browse
	setup.msi	Get hash	malicious	Unknown	Browse
	setup.msi	Get hash	malicious	Unknown	Browse
	setup.msi	Get hash	malicious	Unknown	Browse
	setup.msi	Get hash	malicious	Unknown	Browse

Created / dropped Files

C:\Config.Msi\3bb6c0.rbs

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	20050
Entropy (8bit):	5.839562781207386
Encrypted:	false
SSDEEP:	384:FiGI+atJsx3vA9pHB25gg2u2NH0dCBYW0L3GOrPtN03udPz4kWprRi6GCoNbvuv5:FiGI+atJsx3vA9pHB25gg2u2NH0dCBYc
MD5:	D5E85D9D5F847BCF69309DC61D7FAE0F
SHA1:	30C4D1496C45FCEAD9633556E81805618ACCAFA1
SHA-256:	6E23FC44719EB26DD9FB8FBD3F206E0707C61369390CCE22F010024D12CDD9AD
SHA-512:	EEADBF24386B16AE130B2E35D98ECBD9417413A8A2DF29480B8BEB95774C0B1C564B7D8A841A4B98F85377ABAB32E02E4DCAD7925B756D7E73A2576633CE14CC
Malicious:	false
Preview:	...@IXOS.@.....@.K'Z.@.....@.....@.....@.....@.....@......&.{33A90EB2-6231-4158-A54E-0AB7E99B8DF2}..Weisx App..setup.msi.@.....@.....@.....@......icon_24.exe..&.{3BF6D30A-BC85-426B-B103-DC8347D8AFC7}.....@.....@.....@.....@.......@.....@.....@.......@......Weisx App......Rollback..Rolling back action:....RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{F39C344E-A83E-4760-8DA8-F27602095B4F}&.{33A90EB2-6231-4158-A54E-0AB7E99B8DF2}.@......&.{BC83E781-7DE2-47A8-97C3-2E6CC9BCAD82}&.{33A90EB2-6231-4158-A54E-0AB7E99B8DF2}.@......&.{279C32E3-A00A-4513-9A8B-D3984A41A6FB}&.{33A90EB2-6231-4158-A54E-0AB7E99B8DF2}.@......&.{B61B35E4-8BE1-4171-B69B-E2423CE9179F}&.{33A90EB2-6231-4158-A54E-0AB7E99B8DF2}.@......&.{FDDB96EE-847D-4B25-85B1-65E662CF63A8}&.{33A90EB2-6231-4158-A54E-0AB7E99B8DF2}.@......&.{9608D8ED-8EC6-4540-B232-4A823606F862}&.{33A90EB2-6231-4158-A54E-0AB7E99B8DF2}.@......&.{17B6E8D6-C004-40DB-BB2D-125D7C1CC21E}&.{33A90EB2-6231-4158

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	5.413197223328133
Encrypted:	false
SSDEEP:	24:3UWSKco4KmZjKbm51s4RPT6moUebIKo+mZ9t7J0gt/NK3R82r+SVbR:EWSU4xymI4RfoUeW+mZ9tK8NWR82jVbR
MD5:	1A8B62C28399515602DCA9C94C2B2490
SHA1:	384EB5E2AFB32EC137CE02833466A20048E2A689
SHA-256:	B5A234A10D8D76E65C18EA63D097512F3D53FC5739EF7A8099AC8B22FA7C9F00
SHA-512:	095BD0CB3027199DDB62FFDA863673CED39884DFE0F9B9BECDF2A1CC6674D27F8AD8D0E965C1F38E4D63140F7E0DCBCA8D443E5A48E543FE0B13DA2FF2ED5CE8
Malicious:	false
Preview:	@...e.................................,..............@..........P................1]...E...........(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..\|f........System.Core.D...............4..7..D.#V.............System.Management.Automation<...............i..VdqF...\|...........System.Configuration4.................%...K... ...........System.Xml..L.................gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices8..................1...L..U;V.<}........System.Numerics.4.....................@.[8]'.\........System.Data.H................WY..2.M.&..g(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rqmmtlpl.sik.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xztmqe03.qoc.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\msiE6D6.txt

Download File

Process:	C:\Windows\SysWOW64\msiexec.exe
File Type:	Unicode text, UTF-16, little-endian text, with no line terminators
Category:	dropped
Size (bytes):	100
Entropy (8bit):	3.0073551160284637
Encrypted:	false
SSDEEP:	3:Q0JUINRYplflrOdlVWNlANf5Yplf955:Q0JB0LJOn03ANqLN
MD5:	7A131AC8F407D08D1649D8B66D73C3B0
SHA1:	D93E1B78B1289FB51E791E524162D69D19753F22
SHA-256:	9ACBF0D3EEF230CC2D5A394CA5657AE42F3E369292DA663E2537A278A811FF5B
SHA-512:	47B6FF38B4DF0845A83F17E0FE889747A478746E1E7F17926A5CCAC1DD39C71D93F05A88E0EC176C1E5D752F85D4BDCFFB5C64125D1BA92ACC91D03D6031848D
Malicious:	true
Preview:	..Q.u.i.t.e.S.e.s. .:.<.-.>.:. . .<.<.:.>.>. .E.x.t.e.n.d.E.x.p.i.r.e. .:.<.-.>.:. .0. .<.<.:.>.>. .

C:\Users\user\AppData\Local\Temp\pssE6E9.ps1

Download File

Process:	C:\Windows\SysWOW64\msiexec.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	6668
Entropy (8bit):	3.5127462716425657
Encrypted:	false
SSDEEP:	96:5Wb5VNkKmeHn/V2BVrIovmgNlGjxcj6BngOcvjb:5WbyZ/gVyvb
MD5:	30C30EF2CB47E35101D13402B5661179
SHA1:	25696B2AAB86A9233F19017539E2DD83B2F75D4E
SHA-256:	53094DF6FA4E57A3265FF04BC1E970C10BCDB3D4094AD6DD610C05B7A8B79E0F
SHA-512:	882BE2768138BB75FF7DDE7D5CA4C2E024699398BAACD0CE1D4619902402E054297E4F464D8CB3C22B2F35D3DABC408122C207FACAD64EC8014F2C54834CF458
Malicious:	true
Preview:	..p.a.r.a.m.(..... . .[.a.l.i.a.s.(.".p.r.o.p.F.i.l.e.".).]. . . . . . .[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.t.r.u.e.).]. .[.s.t.r.i.n.g.]. .$.m.s.i.P.r.o.p.O.u.t.F.i.l.e.P.a.t.h..... .,.[.a.l.i.a.s.(.".p.r.o.p.S.e.p.".).]. . . . . . . .[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.t.r.u.e.).]. .[.s.t.r.i.n.g.]. .$.m.s.i.P.r.o.p.K.V.S.e.p.a.r.a.t.o.r..... .,.[.a.l.i.a.s.(.".l.i.n.e.S.e.p.".).]. . . . . . . .[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.t.r.u.e.).]. .[.s.t.r.i.n.g.]. .$.m.s.i.P.r.o.p.L.i.n.e.S.e.p.a.r.a.t.o.r..... .,.[.a.l.i.a.s.(.".s.c.r.i.p.t.F.i.l.e.".).]. . . . .[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.t.r.u.e.).]. .[.s.t.r.i.n.g.]. .$.u.s.e.r.S.c.r.i.p.t.F.i.l.e.P.a.t.h..... .,.[.a.l.i.a.s.(.".s.c.r.i.p.t.A.r.g.s.F.i.l.e.".).].[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.f.a.l.s.e.).].[.s.t.r.i.n.g.]. .$.u.s.e.r.S.c.r.i.p.t.A.r.g.s.F.i.l.e.P.a.t.h..... .,.[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.t.r.u.e.).]. . . . . . . . . . . . . . . . . . . . . . . . . .

C:\Users\user\AppData\Local\Temp\scrE6D7.ps1

Download File

Process:	C:\Windows\SysWOW64\msiexec.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	modified
Size (bytes):	266
Entropy (8bit):	3.500405439723985
Encrypted:	false
SSDEEP:	6:Q1AGYNk79idK3fOlFoulk+KiV64AGIArMTlP1LlG7JidK3falnUOn03AnfGR:Q1F3Kvoq3VFVrMTQNeFUr3ZR
MD5:	A18EA6E053D5061471852A4151A7D4D0
SHA1:	AEA460891F599C4484F04A3BC5ACC62E9D5AD9F7
SHA-256:	C4EF109DD1FEF1A7E4AF385377801EEA0E7936D207EBCEBBE078BAD56FB1F4AB
SHA-512:	7530E2974622BB6649C895C062C151AC7C496CCC0BDAE4EB53C6F29888FA7B1E184026FBB39DDB5D8741378BEE969DD70B34AC7459F3387D92D21DBCFE28DC9A
Malicious:	true
Preview:	..$.s.k.g.i.e.h.g. .=. .A.I._.G.e.t.M.s.i.P.r.o.p.e.r.t.y. .".Q.u.i.t.e.S.e.s.".....$.o.i.g.s.e.i.g.j. .=. .[.u.i.n.t.3.2.].(.$.s.k.g.i.e.h.g. .-.r.e.p.l.a.c.e. .'.t.'.,. .'.'.).....A.I._.S.e.t.M.s.i.P.r.o.p.e.r.t.y. .".E.x.t.e.n.d.E.x.p.i.r.e.". .$.o.i.g.s.e.i.g.j.

C:\Users\user\AppData\Roaming\Microsoft\Installer\{33A90EB2-6231-4158-A54E-0AB7E99B8DF2}\icon_24.exe

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	MS Windows icon resource - 9 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, -128x-128, 32 bits/pixel
Category:	dropped
Size (bytes):	195906
Entropy (8bit):	4.669224805215773
Encrypted:	false
SSDEEP:	1536:k1Z0Ceau0a/r3NLZZOjjDcC7uFFy9Z8YJNs9Z7E9ykl:k1Z0vZXJZYDFufyXbJNCcr
MD5:	E40B08C6FF5F07916B45741B7D0C5E87
SHA1:	94C2357A59BAA3B537993F570CEA03EC51C1917B
SHA-256:	131ABD59B7D4B6177F2815E8CEB0F3DA325CB1074AEFBE99F61A382F1895AF44
SHA-512:	FA8453DD4936F772381E50533CD91DB8857F1A608CEB91F225300FC4E9DE8475EB416A3682D0C85829058570EBB9BBDF18CC650D36FA87E13BC262C827D0C695
Malicious:	false
Preview:	............ .............. .(.......``.... .........HH.... ..T..R"..@@.... .(B...v..00.... ..%...... .... ............... .....R......... .h........PNG........IHDR.............\r.f....pHYs..........o.d.. .IDATx..yx.e.>\|.Ug?Y.N..d%...6M."....".=......v..f....5}..3.b.h#v..".....b.(...@.}..........8kr...}]\".N.[u.y.g....\|....\|....\|....\|....\|....\|....\|...[..F/......h4..h$...5.....Z.f..J%322...... .p...\HH.l6.a..c.............rC>.8\|..&..;....f.Y.q....a.?.e.x..eY6F....a..DBH...F....@..R.\v.!...QJ[....(...Z.!.@#!d.R..l'!.3..V........s3..\|..\|.`.b..LSS...._A.Q.....@. ...2.o...J)C.a(...B.a.s.B......>N.......PB.O..(.m...t..P.0L...^&..p.g.....<x..g...S......2.L..h4..a.y..#.,..A.I..@)..`.!.!.qv>W...D...Z.R...cLA..Z.\|G)..p.a.J..8..t..9......S.7.EEEZ..Q.I..;.AXJ.Y.0L....0......8Z#.....B,..J...e...p..~???...n..+...)...7.[[[.4.M0.%..{(........jA.m..)...A.x.).+.."....\|E...y.p..q..Y.m....a....CBB.,..0.s/...q.^.@1Q@nvaw.W./..#.p...J.Q.e..B..,;..._.o.Ro.....`...^....ls.!......

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\BCUninstaller.exe

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	310928
Entropy (8bit):	6.001677789306043
Encrypted:	false
SSDEEP:	3072:Zczkitvo4BpYN/6mBPry8TXROLdW5m4mURs9OOGC0kvxVCd7wANmSrvlPSIB0P+4:ZA4NCmBPry/N24OOjVxM7RNrrvEc0a
MD5:	147B71C906F421AC77F534821F80A0C6
SHA1:	3381128CA482A62333E20D0293FDA50DC5893323
SHA-256:	7DCD48CEF4CC4C249F39A373A63BBA97C66F4D8AFDBE3BAB196FD452A58290B2
SHA-512:	2FCD2127D9005D66431DD8C9BD5BC60A148D6F3DFE4B80B82672AFD0D148F308377A0C38D55CA58002E5380D412CE18BD0061CB3B12F4DAA90E0174144EA20C8
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: u1XWB0BIju.msi, Detection: malicious, Browse Filename: setup.msi, Detection: malicious, Browse Filename: setup.msi, Detection: malicious, Browse Filename: Setup.msi, Detection: malicious, Browse Filename: 6a7e35.msi, Detection: malicious, Browse Filename: setup.msi, Detection: malicious, Browse Filename: setup.msi, Detection: malicious, Browse Filename: setup.msi, Detection: malicious, Browse Filename: setup.msi, Detection: malicious, Browse Filename: setup.msi, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......8.}\|...\|...\|....../p....../v....../1...u.a.l....../u...\|........./v....../}...Rich\|...........PE..d...i..d..........".................`<.........@..........................................`.................................................t$...........S...`..@........(..............T.......................(.......8............................................text............................... ..`.rdata..............................@..@.data........@......................@....pdata..@....`.......&..............@..@_RDATA...............<..............@..@.rsrc....S.......T...>..............@..@.reloc..............................@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\UnRar.exe

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	506008
Entropy (8bit):	6.4284173495366845
Encrypted:	false
SSDEEP:	6144:yY8mmN3YWYGAj9JwXScp39ioIKzKVEKfr01//bbh3S62Wt3A3ksFqXqjh6AusDyn:yY8XiWYGAkXh3Qqia/zAot3A6AhezSpK
MD5:	98CCD44353F7BC5BAD1BC6BA9AE0CD68
SHA1:	76A4E5BF8D298800C886D29F85EE629E7726052D
SHA-256:	E51021F6CB20EFBD2169F2A2DA10CE1ABCA58B4F5F30FBF4BAE931E4ECAAC99B
SHA-512:	D6E8146A1055A59CBA5E2AAF47F6CB184ACDBE28E42EC3DAEBF1961A91CEC5904554D9D433EBF943DD3639C239EF11560FA49F00E1CFF02E11CD8D3506C4125F
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........g.}............\|.&.....\|.$.J...\|.%.....H}*.....H}./....H}./.....~P.....H}./.....~D.........z...F}./....F}(.....F}./....Rich............PE..d.....@f.........."....!.b.....................@.....................................'....`.................................................\|...........H........4.......(......8...0I..T....................J..(....G..@............................................text....a.......b.................. ..`.rdata...3.......4...f..............@..@.data...............................@....pdata...4.......6..................@..@_RDATA..\...........................@..@.rsrc...H...........................@..@.reloc..8...........................@..B................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-console-l1-1-0.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	12224
Entropy (8bit):	6.596101286914553
Encrypted:	false
SSDEEP:	192:4nWYhWxWWFYg7VWQ4uWjXUtpwBqnajrmaaGJ:2WYhWvZqlQGJ
MD5:	919E653868A3D9F0C9865941573025DF
SHA1:	EFF2D4FF97E2B8D7ED0E456CB53B74199118A2E2
SHA-256:	2AFBFA1D77969D0F4CEE4547870355498D5C1DA81D241E09556D0BD1D6230F8C
SHA-512:	6AEC9D7767EB82EBC893EBD97D499DEBFF8DA130817B6BB4BCB5EB5DE1B074898F87DB4F6C48B50052D4F8A027B3A707CAD9D7ED5837A6DD9B53642B8A168932
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...Y.=i.........." .........................................................0......a.....`.........................................`...,............ ...................!..............T............................................................................rdata..P...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-console-l1-2-0.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	12224
Entropy (8bit):	6.640081558424349
Encrypted:	false
SSDEEP:	192:iTWYhWyWWFYg7VWQ4uWq6Cu87ZqnajgnLSyu:sWYhWi1XHllk2yu
MD5:	7676560D0E9BC1EE9502D2F920D2892F
SHA1:	4A7A7A99900E41FF8A359CA85949ACD828DDB068
SHA-256:	00942431C2D3193061C7F4DC340E8446BFDBF792A7489F60349299DFF689C2F9
SHA-512:	F1E8DB9AD44CD1AA991B9ED0E000C58978EB60B3B7D9908B6EB78E8146E9E12590B0014FC4A97BC490FFE378C0BF59A6E02109BFD8A01C3B6D0D653A5B612D15
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d....y1..........." .........................................................0...........`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-datetime-l1-1-0.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	11712
Entropy (8bit):	6.6023398138369505
Encrypted:	false
SSDEEP:	192:5WYhWYWWFYg7VWQ4SWSS/njxceXqnajLJ35H:5WYhW4gjmAlnJpH
MD5:	AC51E3459E8FCE2A646A6AD4A2E220B9
SHA1:	60CF810B7AD8F460D0B8783CE5E5BBCD61C82F1A
SHA-256:	77577F35D3A61217EA70F21398E178F8749455689DB52A2B35A85F9B54C79638
SHA-512:	6239240D4F4FA64FC771370FB25A16269F91A59A81A99A6A021B8F57CA93D6BB3B3FCECC8DEDE0EF7914652A2C85D84D774F13A4143536A3F986487A776A2EAE
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d.....Ab.........." .........................................................0......d.....`.........................................`................ ...................!..............T............................................................................rdata..4...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-debug-l1-1-0.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	11720
Entropy (8bit):	6.614262942006268
Encrypted:	false
SSDEEP:	192:4WYhWFsWWFYg7VWQ4eWZzAR/BVrqnajcJH:4WYhWFMJRLlA5
MD5:	B0E0678DDC403EFFC7CDC69AE6D641FB
SHA1:	C1A4CE4DED47740D3518CD1FF9E9CE277D959335
SHA-256:	45E48320ABE6E3C6079F3F6B84636920A367989A88F9BA6847F88C210D972CF1
SHA-512:	2BADF761A0614D09A60D0ABB6289EBCBFA3BF69425640EB8494571AFD569C8695AE20130AAC0E1025E8739D76A9BFF2EFC9B4358B49EFE162B2773BE9C3E2AD4
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................." .........................................................0............`.........................................`................ ...................!..............T............................................................................rdata..@...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-errorhandling-l1-1-0.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	11720
Entropy (8bit):	6.654155040985372
Encrypted:	false
SSDEEP:	192:imxD3vEWYhWnWWFYg7VWQ4eWMOwNbDXbBqnaj0qJm8:iIEWYhWFpLbBlwqJm
MD5:	94788729C9E7B9C888F4E323A27AB548
SHA1:	B0BA0C4CF1D8B2B94532AA1880310F28E87756EC
SHA-256:	ACCDD7455FB6D02FE298B987AD412E00D0B8E6F5FB10B52826367E7358AE1187
SHA-512:	AB65495B1D0DD261F2669E04DC18A8DA8F837B9AC622FC69FDE271FF5E6AA958B1544EDD8988F017D3DD83454756812C927A7702B1ED71247E506530A11F21C6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d....:.[.........." .........................................................0......~.....`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-file-l1-1-0.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	15304
Entropy (8bit):	6.548897063441128
Encrypted:	false
SSDEEP:	192:+AuVYPvVX8rFTsRWYhWyWWFYg7VWQ4eWQBAW+JSdqnajeMoLR9au:TBPvVXLWYhWiBdlaLFAu
MD5:	580D9EA2308FC2D2D2054A79EA63227C
SHA1:	04B3F21CBBA6D59A61CD839AE3192EA111856F65
SHA-256:	7CB0396229C3DA434482A5EF929D3A2C392791712242C9693F06BAA78948EF66
SHA-512:	97C1D3F4F9ADD03F21C6B3517E1D88D1BF9A8733D7BDCA1AECBA9E238D58FF35780C4D865461CC7CD29E9480B3B3B60864ABB664DCDC6F691383D0B281C33369
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................." .........................................................@............`.........................................`................0...................!..............T............................................................................rdata..(...........................@..@.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-file-l1-2-0.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	11712
Entropy (8bit):	6.622041192039296
Encrypted:	false
SSDEEP:	192:dzWYhW1sWWFYg7VWQ4yWL3sQlmqnajlD4h1N:BWYhW2e6l94h1N
MD5:	35BC1F1C6FBCCEC7EB8819178EF67664
SHA1:	BBCAD0148FF008E984A75937AADDF1EF6FDA5E0C
SHA-256:	7A3C5167731238CF262F749AA46AB3BFB2AE1B22191B76E28E1D7499D28C24B7
SHA-512:	9AB9B5B12215E57AF5B3C588ED5003D978071DC591ED18C78C4563381A132EDB7B2C508A8B75B4F1ED8823118D23C88EDA453CD4B42B9020463416F8F6832A3D
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................." .........................................................0......./....`.........................................`...L............ ...................!..............T............................................................................rdata..l...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-file-l2-1-0.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	11720
Entropy (8bit):	6.730719514840594
Encrypted:	false
SSDEEP:	192:/VyWYhWjAWWFYg7VWQ4eWiuNwzNbDXbBqnaj0q:/VyWYhW8g+LbBlwq
MD5:	3BF4406DE02AA148F460E5D709F4F67D
SHA1:	89B28107C39BB216DA00507FFD8ADB7838D883F6
SHA-256:	349A79FA1572E3538DFBB942610D8C47D03E8A41B98897BC02EC7E897D05237E
SHA-512:	5FF6E8AD602D9E31AC88E06A6FBB54303C57D011C388F46D957AEE8CD3B7D7CCED8B6BFA821FF347ADE62F7359ACB1FBA9EE181527F349C03D295BDB74EFBACE
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................" .........................................................0............`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-handle-l1-1-0.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	11720
Entropy (8bit):	6.626458901834476
Encrypted:	false
SSDEEP:	192:P9RWYhWEWWFYg7VWQ4eWncTjxceXqnajLJS:LWYhWk3TjmAlnJS
MD5:	BBAFA10627AF6DFAE5ED6E4AEAE57B2A
SHA1:	3094832B393416F212DB9107ADD80A6E93A37947
SHA-256:	C78A1217F8DCB157D1A66B80348DA48EBDBBEDCEA1D487FC393191C05AAD476D
SHA-512:	D5FCBA2314FFE7FF6E8B350D65A2CDD99CA95EA36B71B861733BC1ED6B6BB4D85D4B1C4C4DE2769FBF90D4100B343C250347D9ED1425F4A6C3FE6A20AED01F17
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...>G.j.........." .........................................................0............`.........................................`...`............ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-heap-l1-1-0.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	12232
Entropy (8bit):	6.577869728469469
Encrypted:	false
SSDEEP:	192:5t6DjZlTIWYhWsWWFYg7VWQ4eW4MtkR/BVrqnajc:5t6Dll0WYhWMqkRLlA
MD5:	3A4B6B36470BAD66621542F6D0D153AB
SHA1:	5005454BA8E13BAC64189C7A8416ECC1E3834DC6
SHA-256:	2E981EE04F35C0E0B7C58282B70DCC9FC0318F20F900607DAE7A0D40B36E80AF
SHA-512:	84B00167ABE67F6B58341045012723EF4839C1DFC0D8F7242370C4AD9FABBE4FEEFE73F9C6F7953EAE30422E0E743DC62503A0E8F7449E11C5820F2DFCA89294
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................" .........................................................0......M.....`.........................................`................ ...................!..............T............................................................................rdata..(...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-interlocked-l1-1-0.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	11712
Entropy (8bit):	6.6496318655699795
Encrypted:	false
SSDEEP:	192:nWYhWNWWFYg7VWQ4uWtGDlR/BVrqnajcU8:nWYhWLJDlRLlAU8
MD5:	A038716D7BBD490378B26642C0C18E94
SHA1:	29CD67219B65339B637A1716A78221915CEB4370
SHA-256:	B02324C49DD039FA889B4647331AA9AC65E5ADC0CC06B26F9F086E2654FF9F08
SHA-512:	43CB12D715DDA4DCDB131D99127417A71A16E4491BC2D5723F63A1C6DFABE578553BC9DC8CF8EFFAE4A6BE3E65422EC82079396E9A4D766BF91681BDBD7837B1
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...*............." .........................................................0......-.....`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-libraryloader-l1-1-0.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	12736
Entropy (8bit):	6.587452239016064
Encrypted:	false
SSDEEP:	192:FvuBL3BBLZWYhWxWWFYg7VWQ4uW4g0jrQYcunYqnajv9Ml:FvuBL3BPWYhWv8jYulhMl
MD5:	D75144FCB3897425A855A270331E38C9
SHA1:	132C9ADE61D574AA318E835EB78C4CCCDDEFDEA2
SHA-256:	08484ED55E43584068C337281E2C577CF984BB504871B3156DE11C7CC1EEC38F
SHA-512:	295A6699529D6B173F686C9BBB412F38D646C66AAB329EAC4C36713FDD32A3728B9C929F9DCADDE562F625FB80BC79026A52772141AD2080A0C9797305ADFF2E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d......c.........." .........................................................0......V`....`.........................................`................ ...................!..............T............................................................................rdata..<...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-localization-l1-2-0.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	14280
Entropy (8bit):	6.658205945107734
Encrypted:	false
SSDEEP:	384:NOMw3zdp3bwjGzue9/0jCRrndbwNWYhW6WAulh2:NOMwBprwjGzue9/0jCRrndbw5D
MD5:	8ACB83D102DABD9A5017A94239A2B0C6
SHA1:	9B43A40A7B498E02F96107E1524FE2F4112D36AE
SHA-256:	059CB23FDCF4D80B92E3DA29E9EF4C322EDF6FBA9A1837978FD983E9BDFC7413
SHA-512:	B7ECF60E20098EA509B76B1CC308A954A6EDE8D836BF709790CE7D4BD1B85B84CF5F3AEDF55AF225D2D21FBD3065D01AA201DAE6C131B8E1E3AA80ED6FC910A4
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................" .........................................................0......._....`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-memory-l1-1-0.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	12224
Entropy (8bit):	6.621310788423453
Encrypted:	false
SSDEEP:	96:qo1aCFEWYhWwp/DEs39DHDs35FrsvYgmr0DD0ADEs3TDL2L4m2grMWaLNpDEs3OC:teWYhWVWWFYg7VWQ4yWwAKZRqnajl6x7
MD5:	808F1CB8F155E871A33D85510A360E9E
SHA1:	C6251ABFF887789F1F4FC6B9D85705788379D149
SHA-256:	DADBD2204B015E81F94C537AC7A36CD39F82D7C366C193062210C7288BAA19E3
SHA-512:	441F36CA196E1C773FADF17A0F64C2BBDC6AF22B8756A4A576E6B8469B4267E942571A0AE81F4B2230B8DE55702F2E1260E8D0AFD5447F2EA52F467F4CAA9BC6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...f092.........." .........................................................0............`.........................................`...l............ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-namedpipe-l1-1-0.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	11720
Entropy (8bit):	6.7263193693903345
Encrypted:	false
SSDEEP:	192:cWYhWZSWWFYg7VWQ4eWkcc7ZqnajgnLSp:cWYhW84cllk2p
MD5:	CFF476BB11CC50C41D8D3BF5183D07EC
SHA1:	71E0036364FD49E3E535093E665F15E05A3BDE8F
SHA-256:	B57E70798AF248F91C8C46A3F3B2952EFFAE92CA8EF9640C952467BC6726F363
SHA-512:	7A87E4EE08169E9390D0DFE607E9A220DC7963F9B4C2CDC2F8C33D706E90DC405FBEE00DDC4943794FB502D9882B21FAAE3486BC66B97348121AE665AE58B01C
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d.....%..........." .........................................................0......[.....`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-processenvironment-l1-1-0.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	12744
Entropy (8bit):	6.601327134572443
Encrypted:	false
SSDEEP:	192:qKWYhWbWWFYg7VWQ4eWYoWjxceXqnajLJe:qKWYhWJ4WjmAlnJe
MD5:	F43286B695326FC0C20704F0EEBFDEA6
SHA1:	3E0189D2A1968D7F54E721B1C8949487EF11B871
SHA-256:	AA415DB99828F30A396CBD4E53C94096DB89756C88A19D8564F0EED0674ADD43
SHA-512:	6EAD35348477A08F48A9DEB94D26DA5F4E4683E36F0A46117B078311235C8B9B40C17259C2671A90D1A210F73BF94C9C063404280AC5DD5C7F9971470BEAF8B7
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................" .........................................................0.......Z....`.........................................`...H............ ...................!..............T............................................................................rdata..x...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-processthreads-l1-1-0.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	14272
Entropy (8bit):	6.519411559704781
Encrypted:	false
SSDEEP:	192:AWXk1JzX9cKSIvWYhWLWWFYg7VWQ4SWW0uI7oinEqnajxMyqY:AWXk1JzNcKSIvWYhW5+uOEle6
MD5:	E173F3AB46096482C4361378F6DCB261
SHA1:	7922932D87D3E32CE708F071C02FB86D33562530
SHA-256:	C9A686030E073975009F993485D362CC31C7F79B683DEF713E667D13E9605A14
SHA-512:	3AAFEFD8A9D7B0C869D0C49E0C23086115FD550B7DC5C75A5B8A8620AD37F36A4C24D2BF269043D81A7448C351FF56CB518EC4E151960D4F6BD655C38AFF547F
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...j............." .........................................................0......%C....`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-processthreads-l1-1-1.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	12232
Entropy (8bit):	6.659079053710614
Encrypted:	false
SSDEEP:	192:NtxDfIeA6WYhW7WWFYg7VWQ4eWpB5ABzR/BVrqnajcb:NtxDfIeA6WYhWp28RLlA
MD5:	9C9B50B204FCB84265810EF1F3C5D70A
SHA1:	0913AB720BD692ABCDB18A2609DF6A7F85D96DB3
SHA-256:	25A99BDF8BF4D16077DC30DD9FFEF7BB5A2CEAF9AFCEE7CF52AD408355239D40
SHA-512:	EA2D22234E587AD9FA255D9F57907CC14327EAD917FDEDE8B0A38516E7C7A08C4172349C8A7479EC55D1976A37E520628006F5C362F6A3EC76EC87978C4469CD
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................" .........................................................0......6y....`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-profile-l1-1-0.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	11200
Entropy (8bit):	6.7627840671368835
Encrypted:	false
SSDEEP:	192:clIHyZ36WYhWulWWFYg7VWQ4yWqeQDbLtsQlmqnajlDC:clIHyZKWYhWKhlbp6l9C
MD5:	0233F97324AAAA048F705D999244BC71
SHA1:	5427D57D0354A103D4BB8B655C31E3189192FC6A
SHA-256:	42F4E84073CF876BBAB9DD42FD87124A4BA10BB0B59D2C3031CB2B2DA7140594
SHA-512:	8339F3C0D824204B541AECBD5AD0D72B35EAF6717C3F547E0FD945656BCB2D52E9BD645E14893B3F599ED8F2DE6D3BCBEBF3B23ED43203599AF7AFA5A4000311
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d....f............" .........................................................0.......>....`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-rtlsupport-l1-1-0.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	12224
Entropy (8bit):	6.590253878523919
Encrypted:	false
SSDEEP:	192:4GeVvXK9WYhW1WWFYg7VWQ4yWj6k50IsQlmqnajlDl:4GeVy9WYhWzVk6l9l
MD5:	E1BA66696901CF9B456559861F92786E
SHA1:	D28266C7EDE971DC875360EB1F5EA8571693603E
SHA-256:	02D987EBA4A65509A2DF8ED5DD0B1A0578966E624FCF5806614ECE88A817499F
SHA-512:	08638A0DD0FB6125F4AB56E35D707655F48AE1AA609004329A0E25C13D2E71CB3EDB319726F10B8F6D70A99F1E0848B229A37A9AB5427BFEE69CD890EDFB89D2
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...._............" .........................................................0.......S....`.........................................`................ ...................!..............T............................................................................rdata..<...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-string-l1-1-0.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	11720
Entropy (8bit):	6.672720452347989
Encrypted:	false
SSDEEP:	192:byMvQWYhW5fWWFYg7VWQ4eWio3gDwcunYqnajv9JS:byMvQWYhW/BXwulhw
MD5:	7A15B909B6B11A3BE6458604B2FF6F5E
SHA1:	0FEB824D22B6BEEB97BCE58225688CB84AC809C7
SHA-256:	9447218CC4AB1A2C012629AAAE8D1C8A428A99184B011BCC766792AF5891E234
SHA-512:	D01DD566FF906AAD2379A46516E6D060855558C3027CE3B991056244A8EDD09CE29EACEC5EE70CEEA326DED7FC2683AE04C87F0E189EBA0E1D38C06685B743C9
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d.....<.........." .........................................................0.......g....`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-synch-l1-1-0.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	13760
Entropy (8bit):	6.575688560984027
Encrypted:	false
SSDEEP:	192:L1dv3V0dfpkXc2MAvVaoKKDWYhWTJWWFYg7VWQ4uWoSUtpwBqnajrmaaGWpmJ:Zdv3V0dfpkXc0vVaeWYhWj/qlQGWpmJ
MD5:	6C3FCD71A6A1A39EAB3E5C2FD72172CD
SHA1:	15B55097E54028D1466E46FEBCA1DBB8DBEFEA4F
SHA-256:	A31A15BED26232A178BA7ECB8C8AA9487C3287BB7909952FC06ED0D2C795DB26
SHA-512:	EF1C14965E5974754CC6A9B94A4FA5107E89966CB2E584CE71BBBDD2D9DC0C0536CCC9D488C06FA828D3627206E7D9CC8065C45C6FB0C9121962CCBECB063D4F
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d......c.........." .........................................................0............`.........................................`...X............ ...................!..............T............................................................................rdata..\|...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-synch-l1-2-0.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	12232
Entropy (8bit):	6.70261983917014
Encrypted:	false
SSDEEP:	192:ztZ3XWYhW3WWFYg7VWQ4eWNnpit7ZqnajgnLSl:ztZ3XWYhWVg+llk2
MD5:	D175430EFF058838CEE2E334951F6C9C
SHA1:	7F17FBDCEF12042D215828C1D6675E483A4C62B1
SHA-256:	1C72AC404781A9986D8EDEB0EE5DD39D2C27CE505683CA3324C0ECCD6193610A
SHA-512:	6076086082E3E824309BA2C178E95570A34ECE6F2339BE500B8B0A51F0F316B39A4C8D70898C4D50F89F3F43D65C5EBBEC3094A47D91677399802F327287D43B
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................." .........................................................0......G.....`.........................................`...x............ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-sysinfo-l1-1-0.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	12744
Entropy (8bit):	6.599515320379107
Encrypted:	false
SSDEEP:	192:fKIMFFyWYhW6WWFYg7VWQ4eWoVjxceXqnajLJ4:fcyWYhWKRjmAlnJ4
MD5:	9D43B5E3C7C529425EDF1183511C29E4
SHA1:	07CE4B878C25B2D9D1C48C462F1623AE3821FCEF
SHA-256:	19C78EF5BA470C5B295DDDEE9244CBD07D0368C5743B02A16D375BFB494D3328
SHA-512:	C8A1C581C3E465EFBC3FF06F4636A749B99358CA899E362EA04B3706EAD021C69AE9EA0EFC1115EAE6BBD9CF6723E22518E9BEC21F27DDAAFA3CF18B3A0034A7
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...r............" .........................................................0............`.........................................`...H............ ...................!..............T............................................................................rdata..l...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-timezone-l1-1-0.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	12232
Entropy (8bit):	6.690164913578267
Encrypted:	false
SSDEEP:	192:4EWYhWdWWFYg7VWQ4eWvvJ6jxceXqnajLJn:4EWYhWbwYjmAlnJ
MD5:	43E1AE2E432EB99AA4427BB68F8826BB
SHA1:	EEE1747B3ADE5A9B985467512215CAF7E0D4CB9B
SHA-256:	3D798B9C345A507E142E8DACD7FB6C17528CC1453ABFEF2FFA9710D2FA9E032C
SHA-512:	40EC0482F668BDE71AEB4520A0709D3E84F093062BFBD05285E2CC09B19B7492CB96CDD6056281C213AB0560F87BD485EE4D2AEEFA0B285D2D005634C1F3AF0B
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d....Y$..........." .........................................................0.......d....`.........................................`...H............ ...................!..............T............................................................................rdata..l...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-util-l1-1-0.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	11720
Entropy (8bit):	6.615761482304143
Encrypted:	false
SSDEEP:	192:dZ89WYhWFWWFYg7VWQ4eW5QLyFqnajziMOci:dZ89WYhWDnolniMOP
MD5:	735636096B86B761DA49EF26A1C7F779
SHA1:	E51FFBDDBF63DDE1B216DCCC753AD810E91ABC58
SHA-256:	5EB724C51EECBA9AC7B8A53861A1D029BF2E6C62251D00F61AC7E2A5F813AAA3
SHA-512:	3D5110F0E5244A58F426FBB72E17444D571141515611E65330ECFEABDCC57AD3A89A1A8B2DC573DA6192212FB65C478D335A86678A883A1A1B68FF88ED624659
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................" .........................................................0......Xc....`.........................................`...<............ ...................!..............T............................................................................rdata..\...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-crt-conio-l1-1-0.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	12744
Entropy (8bit):	6.627282858694643
Encrypted:	false
SSDEEP:	192:R0WYhWRWWFYg7VWQ4eWLeNxUUtpwBqnajrmaaG:R0WYhWPzjqlQG
MD5:	031DC390780AC08F498E82A5604EF1EB
SHA1:	CF23D59674286D3DC7A3B10CD8689490F583F15F
SHA-256:	B119ADAD588EBCA7F9C88628010D47D68BF6E7DC6050B7E4B787559F131F5EDE
SHA-512:	1468AD9E313E184B5C88FFD79A17C7D458D5603722620B500DBA06E5B831037CD1DD198C8CE2721C3260AB376582F5791958763910E77AA718449B6622D023C7
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d..../}..........." .........................................................0......a.....`.........................................0................ ...................!..............T............................................................................rdata.. ...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-crt-convert-l1-1-0.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	15816
Entropy (8bit):	6.435326465651674
Encrypted:	false
SSDEEP:	192:JM0wd8dc9cydWYhWyWWFYg7VWQ4eW9jTXfH098uXqnajH/VCf:G0wd8xydWYhWi2bXuXlTV2
MD5:	285DCD72D73559678CFD3ED39F81DDAD
SHA1:	DF22928E43EA6A9A41C1B2B5BFCAB5BA58D2A83A
SHA-256:	6C008BE766C44BF968C9E91CDDC5B472110BEFFEE3106A99532E68C605C78D44
SHA-512:	84EF0A843798FD6BD6246E1D40924BE42550D3EF239DAB6DB4D423B142FA8F691C6F0603687901F1C52898554BF4F48D18D3AEBD47DE935560CDE4906798C39A
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...x............." .........................................................@.......5....`.........................................0................0...................!..............T............................................................................rdata..............................@..@.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-crt-environment-l1-1-0.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	12232
Entropy (8bit):	6.5874576656353145
Encrypted:	false
SSDEEP:	192:6KNMWYhW6WWFYg7VWQ4eWSA5lJSdqnajeMh3:6KNMWYhWKiKdlaW
MD5:	5CCE7A5ED4C2EBAF9243B324F6618C0E
SHA1:	FDB5954EE91583A5A4CBB0054FB8B3BF6235EED3
SHA-256:	AA3E3E99964D7F9B89F288DBE30FF18CBC960EE5ADD533EC1B8326FE63787AA3
SHA-512:	FC85A3BE23621145B8DC067290BD66416B6B1566001A799975BF99F0F526935E41A2C8861625E7CFB8539CA0621ED9F46343C04B6C41DB812F58412BE9C8A0DE
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...g P..........." .........................................................0............`.........................................0..."............ ...................!..............T............................................................................rdata..R...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-crt-filesystem-l1-1-0.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	13768
Entropy (8bit):	6.645869978118917
Encrypted:	false
SSDEEP:	192:CGnWlC0i5ClWYhWwWWFYg7VWQ4eWtOUtpwBqnajrmaaGN4P:9nWm5ClWYhWQ8qlQGN6
MD5:	41FBBB054AF69F0141E8FC7480D7F122
SHA1:	3613A572B462845D6478A92A94769885DA0843AF
SHA-256:	974AF1F1A38C02869073B4E7EC4B2A47A6CE8339FA62C549DA6B20668DE6798C
SHA-512:	97FB0A19227887D55905C2D622FBF5451921567F145BE7855F72909EB3027F48A57D8C4D76E98305121B1B0CC1F5F2667EF6109C59A83EA1B3E266934B2EB33C
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...r..x.........." .........................................................0.......(....`.........................................0................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\avcodec-60.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	37333152
Entropy (8bit):	6.632921864082428
Encrypted:	false
SSDEEP:	393216:LzyCmQCOCLheXbl4MEf+Eidgrpj3xO6FLzq2KHplhrX5:L5WLheXbl4MEf+HgrpjVF6PD5
MD5:	32F56F3E644C4AC8C258022C93E62765
SHA1:	06DFF5904EBBF69551DFA9F92E6CC2FFA9679BA1
SHA-256:	85AF2FB4836145098423E08218AC381110A6519CB559FF6FC7648BA310704315
SHA-512:	CAE2B9E40FF71DDAF76A346C20028867439B5726A16AE1AD5E38E804253DFCF6ED0741095A619D0999728D953F2C375329E86B8DE4A0FCE55A8CDC13946D5AD8
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d........(........&"...&............P........................................P.......3:...`... ......................................`...........A.....p.......t...X.9.H'.......M..............................(......................P............................text...............................`..`.rodata.0........................... ..`.data...............................@....rdata....X......X.................@..@.pdata..t...........................@..@.xdata..`...........................@..@.bss...................................edata.......`.......\|..............@..@.idata...A.......B..................@....CRT....`..........................@....tls...............................@....rsrc...p..........................@....reloc...M.......N..................@..B........................................................................................

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\avformat-60.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	5100112
Entropy (8bit):	6.374242928276845
Encrypted:	false
SSDEEP:	49152:WBUp8DPNkkup6GAx9HEekwEfG/66xcPiw+UgAnBM+sVf9d3PWKOyz/Omlc69kXOV:WB/Z16w8idUgfT0b6LnBSpytGyodUl
MD5:	01589E66D46ABCD9ACB739DA4B542CE4
SHA1:	6BF1BD142DF68FA39EF26E2CAE82450FED03ECB6
SHA-256:	9BB4A5F453DA85ACD26C35969C049592A71A7EF3060BFA4EB698361F2EDB37A3
SHA-512:	0527AF5C1E7A5017E223B3CC0343ED5D42EC236D53ECA30D6DECCEB2945AF0C1FBF8C7CE367E87BC10FCD54A77F5801A0D4112F783C3B7E829B2F40897AF8379
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.........D..,....&"...&.R4...D.....P.........................................E.....r}N...`... .......................................D.0-....D.hX...PE.......?.......M.H'...`E..e............................>.(.....................D.`............................text....P4......R4.................`..`.data....3...p4..4...V4.............@....rdata...&....4..(....4.............@..@.pdata........?.......?.............@..@.xdata..8{....A..\|...TA.............@..@.bss..........D..........................edata..0-....D.......C.............@..@.idata..hX....D..Z....C.............@....CRT....`....0E......XD.............@....tls.........@E......ZD.............@....rsrc........PE......\D.............@....reloc...e...`E..f...`D.............@..B................................................................................................................................

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\avutil-58.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	1089600
Entropy (8bit):	6.535744457220272
Encrypted:	false
SSDEEP:	24576:NFUq9wHzADwiB0Bm3k6gz0sA+wLDZyoFNRsKYw:TUdMDwIgm3kpzsNpyoFDsKYw
MD5:	3AAF57892F2D66F4A4F0575C6194F0F8
SHA1:	D65C9143603940EDE756D7363AB6750F6B45AB4E
SHA-256:	9E0D0A05B798DA5D6C38D858CE1AD855C6D68BA2F9822FA3DA16E148E97F9926
SHA-512:	A5F595D9C48B8D5191149D59896694C6DD0E9E1AF782366162D7E3C90C75B2914F6E7AFF384F4B59CA7C5A1ECCCDBF5758E90A6A2B14A8625858A599DCCA429B
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d........f..X.....&"...&.2...b......P......................................... ......?....`... ......................................0 .xC.... ....... .h.......@>...x..H'.... ............................. Z..(..................... .P............................text....1.......2..................`..`.data........P.......6..............@....rdata...,...`.......8..............@..@.pdata..@>.......@...f..............@..@.xdata...K.......L..................@..@.bss......... ...........................edata..xC...0 ..D..................@..@.idata........ ......6..............@....CRT....`..... ......N..............@....tls.......... ......P..............@....rsrc...h..... ......R..............@....reloc........ ......V..............@..B................................................................................................................................

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\createdump.exe

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	57488
Entropy (8bit):	6.382541157520703
Encrypted:	false
SSDEEP:	768:eQ6XULhGj8TzwsoeZwVAsuEIBh8v6H3eQdFyN+yghK3m5rR8vSoQuSd:ECVbTGkiE/c+XA3g2L7S
MD5:	71F796B486C7FAF25B9B16233A7CE0CD
SHA1:	21FFC41E62CD5F2EFCC94BAF71BD2659B76D28D3
SHA-256:	B2ACB555E6D5C6933A53E74581FD68D523A60BCD6BD53E4A12D9401579284FFD
SHA-512:	A82EA6FC7E7096C10763F2D821081F1B1AFFA391684B8B47B5071640C8A4772F555B953445664C89A7DFDB528C5D91A9ADDB5D73F4F5E7509C6D58697ED68432
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l............uU.....x.....x.....x....{...........ox....ox9....ox....Rich...........................PE..d......d.........."......f...N......p).........@....................................2.....`.....................................................................P........(......d.......T...............................8............................................text....e.......f.................. ..`.rdata...6.......8...j..............@..@.data...............................@....pdata..P...........................@..@_RDATA..............................@..@.rsrc...............................@..@.reloc..d...........................@..B................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\iwhgjds.rar

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	RAR archive data, v5
Category:	dropped
Size (bytes):	410990
Entropy (8bit):	7.999593969331674
Encrypted:	true
SSDEEP:	12288:seyTLqHiIqZWJyoFQO4JKH1Jhd/IZpzeCB/:xu/8M/O4gH/nsv/
MD5:	48980FBA71C8D4126156A92CA8F28E68
SHA1:	DACFD823E191707EB69CD6194B0BAC37089A0FA1
SHA-256:	FAD957E57EB8D138CC81D79EC31CD9009B30211438F212AEF1365516ABDE959A
SHA-512:	DA8FED2B3F5F19008A61F2A25262B577051419F4BCFF08D6DB4E904FF84099DFE8E252AED790BC1ED5B152A0F26039F8682D879294226A348A644823A92A9F43
Malicious:	false
Preview:	Rar!.......#!.......^.....Y..f...N...^u.L$3`.9I..G^a.v>..._ ...??..G..J..h.L.....)r.m......\.\..gkY..wR.`K....+!J.v..8L..R$V..!.r...f..yWb..._....O.YN.p....x.o...S#.S..j....`....Ee!..B......!9.#.T.....cT.....Qi@2.....h..].C.q.0....aW.d=5yJ.8;....C...Vx.....~..;^....K.!.v.HDF..dG.w.Y2....1.....L.."..o....-n.sWp_..7......-.z.\|....Wf..M.f,.,...{RE...`.H....v...R...3..aj........eX<..)...4..P.../P.c...R..1.4y.P+l......F2.#.d0R..I..}.../.(.....o......+..6.^.7'U'...g.Bx.W....li..h..s.k...c.pN.....KrY.U..w....d.8..q..C.B...[..>...;....9...f>."..T....@P.1..v.".kD..)....H..Y.]B..P.$b.b5....:.+.....FyO....\|n.Y...0...%.I0..........!..........l(v..R.@5...!.7..Z.Q@E........au.b.!..qxgh.eWs...X._...;.l.r...9..g...b....B.OLk....J...Q&..PC$.y.oDE.'.v..%MI..A.....:..D.e.1!.1.G]ewY..2.VB.{X`.'.G......_...).rG..0..6....o.P(...N......^).....LV?.._../`y.@...ap$iU.....wp.....?.W..w...H.<W.........3q.QW..D.8.GD.Rn...B?Nf6O.M...[6..u.C.0...*....r&.J...v..B.G$......v5..

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\msvcp140.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	566704
Entropy (8bit):	6.494428734965787
Encrypted:	false
SSDEEP:	12288:M/Wn7JnU0QUgqtLe1fqSKnqEXG6IOaaal7wC/QaDWxncycIW6zuyLQEKZm+jWodj:yN59IW6zuAQEKZm+jWodEEY1u
MD5:	6DA7F4530EDB350CF9D967D969CCECF8
SHA1:	3E2681EA91F60A7A9EF2407399D13C1CA6AA71E9
SHA-256:	9FEE6F36547D6F6EA7CA0338655555DBA6BB0F798BC60334D29B94D1547DA4DA
SHA-512:	1F77F900215A4966F7F4E5D23B4AAAD203136CB8561F4E36F03F13659FE1FF4B81CAA75FEF557C890E108F28F0484AD2BAA825559114C0DAA588CF1DE6C1AFAB
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Y...................Z.........O.....O.....O.....O.....O.....O.6....O.....Rich...........................PE..d...%\|.a.........." .....<...\.......)...................................................`A.........................................5..h...(...,............p...9...~...'......0.......T...............................8............P...............................text....;.......<.................. ..`.rdata..j....P.......@..............@..@.data...`:...0......................@....pdata...9...p...:...6..............@..@.rsrc................p..............@..@.reloc..0............t..............@..B................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	35656
Entropy (8bit):	6.370522595411868
Encrypted:	false
SSDEEP:	768:ixmeWkfdHAWcgj7Y7rEabyLcRwEpYinAMx1nyqaJ:pXUdg8jU7r4LcRZ7Hx1nyqa
MD5:	D3CAC4D7B35BACAE314F48C374452D71
SHA1:	95D2980786BC36FEC50733B9843FDE9EAB081918
SHA-256:	4233600651FB45B9E50D2EC8B98B9A76F268893B789A425B4159675B74F802AA
SHA-512:	21C8D73CC001EF566C1F3C7924324E553A6DCA68764ECB11C115846CA54E74BD1DFED12A65AF28D9B00DDABA04F987088AA30E91B96E050E4FC1A256FFF20880
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........D..D..D..M.3.J......F......W......N......G......F..D..l......A..D.........E...._.E......E..RichD..................PE..d................"....#.2...4......`7.........@..........................................`..................................................b..,....................d..H'......<....Z..p...........................`Y..@............P...............................text....1.......2.................. ..`.rdata..H"...P...$...6..............@..@.data...H............Z..............@....pdata...............\..............@..@.rsrc................`..............@..@.reloc..<............b..............@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\suriqk.bat

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	DOS batch file, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	22
Entropy (8bit):	3.879664004902594
Encrypted:	false
SSDEEP:	3:mKDDlR+7H6U:hOD6U
MD5:	D9324699E54DC12B3B207C7433E1711C
SHA1:	864EB0A68C2979DCFF624118C9C0618FF76FA76C
SHA-256:	EDFACD2D5328E4FFF172E0C21A54CC90BAF97477931B47B0A528BFE363EF7C7E
SHA-512:	E8CC55B04A744A71157FCCA040B8365473C1165B3446E00C61AD697427221BE11271144F93F853F22906D0FEB61BC49ADFE9CBA0A1F3B3905E7AD6BD57655EB8
Malicious:	false
Preview:	@echo off..Start "" %1

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\swresample-4.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	158968
Entropy (8bit):	6.4238235663554955
Encrypted:	false
SSDEEP:	1536:izN/1rbQ+rTccg/Lla75jjVBzYCDNzuDQr5whduOd7EKPuh9Aco6uAGUtQFUzcnX:8N/FQ+rejlaFhdrXORhjD6VGUtQWk
MD5:	7FB892E2AC9FF6981B6411FF1F932556
SHA1:	861B6A1E59D4CD0816F4FEC6FD4E31FDE8536C81
SHA-256:	A45A29AECB118FC1A27ECA103EAD50EDD5343F85365D1E27211FE3903643C623
SHA-512:	986672FBB14F3D61FFF0924801AAB3E9D6854BB3141B95EE708BF5B80F8552D5E0D57182226BABA0AE8995A6A6F613864AB0E5F26C4DCE4EB88AB82B060BDAC5
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...........O.....&"...&.h..........P.....................................................`... ...................................... .......0..T....`..........X....E..H'...p..................................(...................02...............................text....f.......h..................`..`.data................l..............@....rdata...Q.......R...n..............@..@.pdata..X...........................@..@.xdata..............................@..@.bss.....................................edata....... ......................@..@.idata..T....0......................@....CRT....X....@......................@....tls.........P......................@....rsrc........`......................@....reloc.......p......................@..B................................................................................................................................

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\swscale-7.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	707200
Entropy (8bit):	6.610520126248797
Encrypted:	false
SSDEEP:	12288:hTl8xt5jEuhuoWZz8Rt5brZcXVEZMbYwepVQ0G6ddTD8qevJMLf50555555555mj:hZ8xt5jEuhuoWZz8Rt5brZcXVEZMbYJz
MD5:	1144E36E0F8F739DB55A7CF9D4E21E1B
SHA1:	9FA49645C0E3BAE0EDD44726138D7C72EECE06DD
SHA-256:	65F8E4D76067C11F183C0E1670972D81E878E6208E501475DE514BC4ED8638FD
SHA-512:	A82290D95247A67C4D06E5B120415318A0524D00B9149DDDD8B32E21BBD0EE4D86BB397778C4F137BF60DDD4167EE2E9C6490B3018031053E9FE3C0D0B3250E7
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...........-.....&"...&............P.....................................................`... ......................................P.......`..........x....P......8...H'......................................(....................c..`............................text...(...........................`..`.data...............................@....rdata...s.......t..................@..@.pdata.......P...0...&..............@..@.xdata...9.......:...V..............@..@.bss.....................................edata.......P......................@..@.idata.......`......................@....CRT....`....p......................@....tls................................@....rsrc...x...........................@....reloc..............................@..B................................................................................................................................

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\una_front\classes.jsa

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	12124160
Entropy (8bit):	4.1175508751036585
Encrypted:	false
SSDEEP:	49152:opbNLHjtBKapOZoWPQ8MQvfyf3t+WpskQS+ZSZmpPwoe5GOSwleJiXACPQDk8p8j:o9NDU1eB1
MD5:	8A13CBE402E0BBF3DA56315F0EBA7F8E
SHA1:	EE8B33FA87D7FA04B9B7766BCF2E2C39C4F641EA
SHA-256:	7B5E6A18A805D030779757B5B9C62721200AD899710FF930FC1C72259383278C
SHA-512:	46B804321AB1642427572DD141761E559924AF5D015F3F1DD97795FB74B6795408DEAD5EA822D2EB8FBD88E747ECCAD9C3EE8F9884DFDB73E87FAD7B541391DA
Malicious:	false
Preview:	.................*.\.....................................+................................Ol.....................................">.............................d..3......................A.......@...... t.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................(#......(............... ................Java HotSpot(TM) 64-Bit Server VM (15.0.1+9-18) for windows-amd64 JRE (15.0.1+9-18), built on Sep 15 2020 14:43:54 by "mach5one" with unknown MS VC++:1925....................................................................................................................................................

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\una_front\java.datatransfer.jmod

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Java jmod module version 1.0
Category:	dropped
Size (bytes):	51389
Entropy (8bit):	7.916683616123071
Encrypted:	false
SSDEEP:	768:GO5DN7hkJDEnwQm0aCDOdC4Lk1eo8eNEyu/73vVjPx5S+3TYWFwSvZt6xdWDvw:GO5h7hkREnyvo8QBuDNjfvD1/3vw
MD5:	8F4C0388762CD566EAE3261FF8E55D14
SHA1:	B6C5AA0BBFDDE8058ABFD06637F7BEE055C79F4C
SHA-256:	AAEFACDD81ADEEC7DBF9C627663306EF6B8CDCDF8B66E0F46590CAA95CE09650
SHA-512:	1EF4D8A9D5457AF99171B0D70A330B702E275DCC842504579E24FC98CC0B276F8F3432782E212589FC52AA93BBBC00A236FE927BE0D832DD083E8F5EBDEB67C2
Malicious:	false
Preview:	JM..PK.........n/Q................classes/module-info.classeP.N.0..../.$...pAM.D.p..!!..X...m.d'.....P7...biw..Y.?._...pM.m..X.q..2.D8o...o.0.J.s...,...".'..>..F..r..M..G.L......!.je.BG....:v.;..a@...Y...3..?.Y....\.m.).CBwn......'.N..+G+^#.j...R.A..qV.1o...p.....\|._.-N$.!.;X....\|....G......qi.W{PK...^0.........PK.........n/Q............-...classes/java/awt/datatransfer/Clipboard.class.X.w.W....c...-.Ii...#.P..........@(`.......3.....R...........<....h..W.z......=.=~....l..DN..............;y.@7..#....2.P.._.WR.b.Km..f......9w1T...A.....d..b.r.Ie.Gq,..U+.kcC.be..eTe......K3.usU.2...Pe.4T.aYz....>!..q..3.dL.Q..fh/#..P.t.;.f,.."..7..v.(..K7}.2nZ;.Mg..OuzU..c.....!wR.xz....7...tG..d.ED..3...fs.{n\...x...r.!.#X.6.Ke.v........1n.P......#..P...J....)^.dt....k...k...F5...e$.d...=~Do.t.2....KX....B.#Ha..U2n.j...+fh&....&.zk,.....>...aQ......kj...:.h.Q.uTv.B ......N......r'..x..D.4.`k 76fZ....fG..#.....7.4.:w..6....#...x..>lfh.B'.....'l..V.....5..H..

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\una_front\java.instrument.jmod

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Java jmod module version 1.0
Category:	dropped
Size (bytes):	41127
Entropy (8bit):	7.961466748192397
Encrypted:	false
SSDEEP:	768:L0xH2Z5C7/c8GqFsHWShYYptTpmPSB4gTQSq4Yz1jHoAsbjX:wxH66/crqiH3tTVTsSVYz1jIAsfX
MD5:	D039093C051B1D555C8F9B245B3D7FA0
SHA1:	C81B0DAEDAB28354DEA0634B9AE9E10EE72C4313
SHA-256:	4A495FC5D119724F7D40699BB5D2B298B0B87199D09129AEC88BBBDBC279A68D
SHA-512:	334FD85ACE22C90F8D4F82886EEF1E6583184369A031DCEE6E0B6624291F231D406A2CEC86397C1B94D535B36A5CF7CB632BB9149B8518B794CBFA1D18A2478F
Malicious:	false
Preview:	JM..PK.........n/Q................classes/module-info.classU.M..0..../..........LL...A.$.t.\x..e,U.N.N..7o.....=B+..,.@..:.`.....`....L.,.".B.M......:...._..uBGf.5.M..g..."..8K\..B.".z..\|=6.=1.KB..v,.yJ0/......[.r..OU`....Q}...kP.94oh...b..K{...].'PK........#...PK.........n/Q............2...classes/java/lang/instrument/ClassDefinition.class.SMo.@.}.8q.4M.@.h..b;... ..d.RP$.c...#g...#@.....@.G..........7o.......@.-..J.T.eT..'.......tt.=.P9.C_t.J.5... ...Y...z\|.(..TE...e.....(.......v?pg....<...I.1.:....H.U...1.)..p...P.......\|...04..Q..2...%..8~.......#..p"...n..<.Uq..=..:.c..1.2...x.o.w..#....^?q.I..:..Y...6...N..c..>2.k.U...L..&V.H...%....y...[.~GJ...B/M......%...t....+.I.E....H..}....m..j_..8C...:.n...(*..z..Z.Q...$....a.}..T.xW.$....52...T.o..mSL_~.L.FM....W.z.I.]....)..e.....A..$..xH...Td...0i..."...0X....PK..X..~........PK.........n/Q............7...classes/java/lang/instrument/ClassFileTransformer.class.S.n.@.=.8.M.n..b^-/..G..

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\una_front\java.logging.jmod

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Java jmod module version 1.0
Category:	dropped
Size (bytes):	113725
Entropy (8bit):	7.928841651831531
Encrypted:	false
SSDEEP:	3072:6jB5A+VPT8IdtpHAUfEzhLpIrxbt2rlnH6:6ZRTPHgU2pItshH6
MD5:	3A03EF8F05A2D0472AE865D9457DAB32
SHA1:	7204170A08115A16A50D5A06C3DE7B0ADB6113B1
SHA-256:	584D15427F5B0AC0CE4BE4CAA2B3FC25030A0CF292F890C6D3F35836BC97FA6D
SHA-512:	1702C6231DAAB27700160B271C3D6171387F89DA0A97A3725B4B9D404C94713CB09BA175DE8E78A8F0CBD8DD0DD73836A38C59CE8D1BD38B4F57771CF9536E77
Malicious:	false
Preview:	JM..PK.........n/Q................classes/module-info.classuQ.N.1.=W......n\1.D.5$&....T...2%....\..~..3(......9.6...o....%..:L...x.=..p..L.......".Gm........Z9.R+...}x..$.Y,,..-..z..{.v.K..:9m[.dl....Q#t..F$:5c..h..^x".8 \N..A!....O....@.0.Z....p]......0_(.mB...=.J..<.k"4....g<......M$,....:Kz\|..^.........8q..{...}.G....p.S.W...l.M.....PK..R...).......PK.........n/Q................classes/java/util/logging/ConsoleHandler.class}S[o.A...KW..jk.....jy...K.b.R.mH\|.......2.K....h...G..,..K...s..r......7....d.u....C...y3..j..2...1..!wx..2T:.T...b.^..`.D[...0....n.cXy#C..e...=.E.....]..%L..<x.....W........z..u.s..a.e..Zq..-.E@n.!..)....F...\.E...<...[.;W..t.i%.mT".w.x..(.m,...r.....tZ..vPepFI_...D..b..0.U...S;....XP.@..C.#Cq..}aNy_..ZG...q#m<;..g2b.]"..Y.....[7."+..#"wOtb..-..."..@..(.>Y0......C.h...?.~..8A.Mp.....N....Z$ .E...."o.E.uz3;..m.P.z.....7...?.'.q>...2mN.gLv...q1..[}..@~..M.....K..sS.....PK....0w........PK.........n/Q............,...classes/ja

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\una_front\java.management.jmod

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Java jmod module version 1.0
Category:	dropped
Size (bytes):	896846
Entropy (8bit):	7.923431656723031
Encrypted:	false
SSDEEP:	12288:3xz+ej0yUGnip25kAyyrAm0G4hcpbLIWFWb4YNlgWUz4u5cnLXlAVz/Q+9Ec8zCU:3cZpcryy8mp4hpSxWUQuV//yDXX
MD5:	C6FBB7D49CAA027010C2A817D80CA77C
SHA1:	4191E275E1154271ABF1E54E85A4FF94F59E7223
SHA-256:	1C8D9EFAEB087AA474AD8416C3C2E0E415B311D43BCCA3B67CBF729065065F09
SHA-512:	FDDC31FA97AF16470EA2F93E3EF206FFB217E4ED8A5C379D69C512652987E345CB977DB84EDA233B190181C6E6E65C173062A93DB3E6BB9EE7E71472C9BBFE34
Malicious:	false
Preview:	JM..PK.........n/Q................classes/module-info.class.S.N.A.=-.............^PQP4F..\|..]{.........S\|...(cu/..i.d.z...[....'.M\|`.M.GrI.).1.4...8...V.b.EE.Rg...zV.K......Os.W.S?.e.GY.Q`.od..d..Zf....2>.B.29.D.3L7...M&....8.;..2...}..n..n.g...S. ?..._V..Q..9mBo0L..~dD.t.c.ric..2r5qLvr..V....Sm..I}.}.a..Od$2e..M.v.m..w....L..s.C.;...#.f..Ln.......5..9.2....5......P......M.$V.\|;...'mw.Vl.2....D..1%.l.a..o...O....!.......h...9V.L.x..?..n]/.6......iVe..{.4.K..s.[....y..\|2....3,`.a.....H69.a.;09.5K.C....a_.G.`Jm...ER......9I.D.n...Wp........%..WI...tf..pg5..SN.8y..Y'.:9....U.pq.....}.]X..aE....^t..x.l...^....m.#.......a."r.l.2..Lf).y.^.h..u....PK....N.i.......PK.........n/Q............0...classes/com/sun/jmx/defaults/JmxProperties.class.UMS#U.=.aH.4.4.....J2...h..6v.L2q.......tS.)F........\.....Y..h2...*...{.......w..8Ha.....p.C.c..C;..^+S...F.0..xNt....J5.$.b.og..9l.g....Q..k......"..I....b....-..^.n..<x..4.$pY.(..,\~.F..0...Z<`X[...(p...u^.

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\utest.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	639224
Entropy (8bit):	6.219852228773659
Encrypted:	false
SSDEEP:	12288:FgLcjQQPKZZK8aF4yBj3Fnx4DMDO8jalo:FggjQKuyDnxvOYaC
MD5:	01DACEA3CBE5F2557D0816FC64FAE363
SHA1:	566064A9CB1E33DB10681189A45B105CDD504FD4
SHA-256:	B4C96B1E5EEE34871D9AB43BCEE8096089742032C0669DF3C9234941AAC3D502
SHA-512:	C22BFE54894C26C0BD8A99848B33E1B9A9859B3C0C893CB6039F9486562C98AA4CEAB0D28C98C1038BD62160E03961A255B6F8627A7B2BB51B86CC7D6CBA9151
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........*...D..D..D.....D.1J...D...@..D...G..D...A..D...E..D..E..D...E..D..E.O.D...A..D...D..D......D.....D...F..D.Rich..D.........PE..d.....-a.........." ...............................................................E..... .....................................................,.......@....p..xK..................`...T.......................(.......................(............................text............................... ..`.rdata..H=.......>..................@..@.data....H... ...@..................@....pdata..xK...p...L...J..............@..@.rsrc...@...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\vcruntime140.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	98224
Entropy (8bit):	6.452201564717313
Encrypted:	false
SSDEEP:	1536:ywqHLG4SsAzAvadZw+1Hcx8uIYNUzUoHA4decbK/zJNuw6z5U:ytrfZ+jPYNzoHA4decbK/FNu51U
MD5:	F34EB034AA4A9735218686590CBA2E8B
SHA1:	2BC20ACDCB201676B77A66FA7EC6B53FA2644713
SHA-256:	9D2B40F0395CC5D1B4D5EA17B84970C29971D448C37104676DB577586D4AD1B1
SHA-512:	D27D5E65E8206BD7923CF2A3C4384FEC0FC59E8BC29E25F8C03D039F3741C01D1A8C82979D7B88C10B209DB31FBBEC23909E976B3EE593DC33481F0050A445AF
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......*..qn.."n.."n.."...#l.."g.."e.."n.."B.."<..#c.."<..#~.."<..#q.."<..#o.."<.g"o.."<..#o.."Richn.."................PE..d...%\|.a.........." .........`......p................................................{....`A.........................................B..4....J...............p..X....X...'..........h,..T............................,..8............................................text............................... ..`.rdata...@.......B..................@..@.data...@....`.......@..............@....pdata..X....p.......D..............@..@_RDATA...............P..............@..@.rsrc................R..............@..@.reloc...............V..............@..B........................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\vcruntime140_1.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	37256
Entropy (8bit):	6.297533243519742
Encrypted:	false
SSDEEP:	384:5hnvMCmWEKhUcSLt5a9k6KrOE5fY/ntz5txWE6Wc+Xf0+uncS7IO5WrCKWU/tQ0g:YCm5KhUcwrHY/ntTxT6ov07b4SwY1zl
MD5:	135359D350F72AD4BF716B764D39E749
SHA1:	2E59D9BBCCE356F0FECE56C9C4917A5CACEC63D7
SHA-256:	34048ABAA070ECC13B318CEA31425F4CA3EDD133D350318AC65259E6058C8B32
SHA-512:	CF23513D63AB2192C78CAE98BD3FEA67D933212B630BE111FA7E03BE3E92AF38E247EB2D3804437FD0FDA70FDC87916CD24CF1D3911E9F3BFB2CC4AB72B459BA
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......D_.O.>...>...>...N...>..RK...>...F^..>...>..1>..RK...>..RK...>..RK...>..RK...>..RK2..>..RK...>..Rich.>..........................PE..d...)\|.a.........." .....:...6......`A....................................................`A.........................................l.......m..x....................n...#......<...(b..T............................b..8............P..X............................text...e9.......:.................. ..`.rdata.. "...P...$...>..............@..@.data... ............b..............@....pdata...............d..............@..@.rsrc................h..............@..@.reloc..<............l..............@..B................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\w32-pthreads.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	53576
Entropy (8bit):	6.371750593889357
Encrypted:	false
SSDEEP:	1536:ij2SSS5nVoSiH/pOfv3Q3cY37Hx1nI6q:GhSSntiH/pOfvAf3
MD5:	E1EEBD44F9F4B52229D6E54155876056
SHA1:	052CEA514FC3DA5A23DE6541F97CD4D5E9009E58
SHA-256:	D96F2242444A334319B4286403D4BFADAF3F9FCCF390F3DD40BE32FB48CA512A
SHA-512:	235BB9516409A55FE7DDB49B4F3179BDCA406D62FD0EC1345ACDDF032B0F3F111C43FF957D4D09AD683D39449C0FFC4C050B387507FADF5384940BD973DAB159
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........*.<.K.o.K.o.K.o.3.o.K.oK7.n.K.oK7so.K.oK7.n.K.oK7.n.K.oK7.n.K.o'9.n.K.o.K.o.K.o,6.n.K.o,6.n.K.o,6qo.K.o.K.o.K.o,6.n.K.oRich.K.o........PE..d....Q............" ...#.b...J.......f............................................../.....`............................................X...(...........................H'......8.......p...........................P...@...............@............................text...ha.......b.................. ..`.rdata..P,...........f..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..8...........................@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\zlib.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	144200
Entropy (8bit):	6.592048391646652
Encrypted:	false
SSDEEP:	1536:GjxOs8gLeu4iSssNiTh9Yks32X3KqVy5SmBolzXfqLROJA0o1ZXMvr7Rn6dheIOI:I34iDsG5vm4bfqFKoDmr7h2MHTtwV6K
MD5:	3A0DBC5701D20AA87BE5680111A47662
SHA1:	BC581374CA1EBE8565DB182AC75FB37413220F03
SHA-256:	D53BC4348AD6355C20F75ED16A2F4F641D24881956A7AE8A0B739C0B50CF8091
SHA-512:	4740945606636C110AB6C365BD1BE6377A2A9AC224DE6A79AA506183472A9AD0641ECC63E5C5219EE8097ADEF6533AB35E2594D6F8A91788347FDA93CDB0440E
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...&............P....................................................`... ......................................0..\|....@..8....p..................H'......................................(....................A..p............................text...............................`..`.data...............................@....rdata...W.......X..................@..@.pdata..............................@..@.xdata..............................@..@.bss......... ...........................edata..\|....0......................@..@.idata..8....@......................@....CRT....X....P......................@....tls.........`......................@....rsrc........p......................@....reloc..............................@..B................................................................................................................................

C:\Windows\Installer\3bb6be.msi

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Security: 0, Code page: 1252, Revision Number: {3BF6D30A-BC85-426B-B103-DC8347D8AFC7}, Number of Words: 10, Subject: Weisx App, Author: Trindo Coorp Sols, Name of Creating Application: Weisx App, Template: x64;2057, Comments: This installer database contains the logic and data required to install Weisx App., Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Tue Jan 7 11:19:39 2025, Last Saved Time/Date: Tue Jan 7 11:19:39 2025, Last Printed: Tue Jan 7 11:19:39 2025, Number of Pages: 450
Category:	dropped
Size (bytes):	60712960
Entropy (8bit):	7.214575990656587
Encrypted:	false
SSDEEP:	1572864:trtVmrjV7eIvnOTZFca8O2bFGNdXQ+Fg:pK4cU2bFGPBFg
MD5:	58861A9449B6B97F78908FCF2F2DD966
SHA1:	E449E7D4B7D13349435606BB4A4010C873A4F03B
SHA-256:	6A9AF7CC73F45BB3161289D467D2A1F9EAB0B404FEB892CBBC606118CF1E359F
SHA-512:	D9442219107CF2BD699A71AC4F7742DD156696151158C0329FCE785D00BC433C6CB202E467E76F9EC67B185E2033FDB9BB1B60118EB88D43D59BC92CCCBFC131
Malicious:	false
Preview:	......................>............................................2..................................................................x...............................................................................................................................................%...&...'...(...)......................................................Z"..."..E#..F#..G#..H#..I#..J#..K#..L#..M#..N#..O#..P#..Q#..R#..S#..T#..U#...+...+...,...,...,...,...,...,...,..-0...0../0..00...2...2...2...2...2...2...2...2..............d...........................8...............B................................................................... ...!..."...#...$...%...&...'...(...)......+...,...-...7.../...0...1...2...3...4...5...6.......9...M...:...;...<...=...>...?...@...A...D...C...J...E...F...G...H...I...X...K...L...e...N...O...P...Q...R...S...T...U...V...W...("..""..Z...[...\...]...^..._...`...a...b...c.......~...f...g...h...i...j...k...l...m...n...o...p...q...r.......t...u...v...w...x...y...z...

C:\Windows\Installer\3bb6c1.msi

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Security: 0, Code page: 1252, Revision Number: {3BF6D30A-BC85-426B-B103-DC8347D8AFC7}, Number of Words: 10, Subject: Weisx App, Author: Trindo Coorp Sols, Name of Creating Application: Weisx App, Template: x64;2057, Comments: This installer database contains the logic and data required to install Weisx App., Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Tue Jan 7 11:19:39 2025, Last Saved Time/Date: Tue Jan 7 11:19:39 2025, Last Printed: Tue Jan 7 11:19:39 2025, Number of Pages: 450
Category:	dropped
Size (bytes):	60712960
Entropy (8bit):	7.214575990656587
Encrypted:	false
SSDEEP:	1572864:trtVmrjV7eIvnOTZFca8O2bFGNdXQ+Fg:pK4cU2bFGPBFg
MD5:	58861A9449B6B97F78908FCF2F2DD966
SHA1:	E449E7D4B7D13349435606BB4A4010C873A4F03B
SHA-256:	6A9AF7CC73F45BB3161289D467D2A1F9EAB0B404FEB892CBBC606118CF1E359F
SHA-512:	D9442219107CF2BD699A71AC4F7742DD156696151158C0329FCE785D00BC433C6CB202E467E76F9EC67B185E2033FDB9BB1B60118EB88D43D59BC92CCCBFC131
Malicious:	false
Preview:	......................>............................................2..................................................................x...............................................................................................................................................%...&...'...(...)......................................................Z"..."..E#..F#..G#..H#..I#..J#..K#..L#..M#..N#..O#..P#..Q#..R#..S#..T#..U#...+...+...,...,...,...,...,...,...,..-0...0../0..00...2...2...2...2...2...2...2...2..............d...........................8...............B................................................................... ...!..."...#...$...%...&...'...(...)......+...,...-...7.../...0...1...2...3...4...5...6.......9...M...:...;...<...=...>...?...@...A...D...C...J...E...F...G...H...I...X...K...L...e...N...O...P...Q...R...S...T...U...V...W...("..""..Z...[...\...]...^..._...`...a...b...c.......~...f...g...h...i...j...k...l...m...n...o...p...q...r.......t...u...v...w...x...y...z...

C:\Windows\Installer\MSIC0D0.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1021792
Entropy (8bit):	6.608727172078022
Encrypted:	false
SSDEEP:	24576:2Nmq6KGDx4JYKcP/+h0lhSMXl+GGXo8Wea/xwuX:Ymq6KGk/cHrOGGY8Wea/xwuX
MD5:	EE09D6A1BB908B42C05FD0BEEB67DFD2
SHA1:	1EB7C1304B7BCA649C2A5902B18A1EA57CEAA532
SHA-256:	7BBF611F5E2A16439DC8CD11936F6364F6D5CC0044545C92775DA5646AFC7752
SHA-512:	2DD2E4E66D2F2277F031C5F3C829A31C3B29196AB27262C6A8F1896A2113A1BE1687C9E8CD9667B89157F099DFB969EF14AE3EA602D4C772E960BC41D39C3D05
Malicious:	false
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......ia.p-..#-..#-..#].."!..#].."...#=..":..#=.."<..#=.."b..#].."7..#]..",..#].."...#-..#...#e.."T..#e..",..#e..#,..#-.g#,..#e..",..#Rich-..#........................PE..L.....$g.........."!...).....`...... ........ ...........................................@A............................L...,...@....................Z..`=......\....K..p....................L...... K..@............ ...............................text............................... ..`.rdata....... ......................@..@.data....(..........................@....fptable............................@....rsrc...............................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................

C:\Windows\Installer\MSIC18C.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1021792
Entropy (8bit):	6.608727172078022
Encrypted:	false
SSDEEP:	24576:2Nmq6KGDx4JYKcP/+h0lhSMXl+GGXo8Wea/xwuX:Ymq6KGk/cHrOGGY8Wea/xwuX
MD5:	EE09D6A1BB908B42C05FD0BEEB67DFD2
SHA1:	1EB7C1304B7BCA649C2A5902B18A1EA57CEAA532
SHA-256:	7BBF611F5E2A16439DC8CD11936F6364F6D5CC0044545C92775DA5646AFC7752
SHA-512:	2DD2E4E66D2F2277F031C5F3C829A31C3B29196AB27262C6A8F1896A2113A1BE1687C9E8CD9667B89157F099DFB969EF14AE3EA602D4C772E960BC41D39C3D05
Malicious:	false
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......ia.p-..#-..#-..#].."!..#].."...#=..":..#=.."<..#=.."b..#].."7..#]..",..#].."...#-..#...#e.."T..#e..",..#e..#,..#-.g#,..#e..",..#Rich-..#........................PE..L.....$g.........."!...).....`...... ........ ...........................................@A............................L...,...@....................Z..`=......\....K..p....................L...... K..@............ ...............................text............................... ..`.rdata....... ......................@..@.data....(..........................@....fptable............................@....rsrc...............................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................

C:\Windows\Installer\MSIC1FB.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1021792
Entropy (8bit):	6.608727172078022
Encrypted:	false
SSDEEP:	24576:2Nmq6KGDx4JYKcP/+h0lhSMXl+GGXo8Wea/xwuX:Ymq6KGk/cHrOGGY8Wea/xwuX
MD5:	EE09D6A1BB908B42C05FD0BEEB67DFD2
SHA1:	1EB7C1304B7BCA649C2A5902B18A1EA57CEAA532
SHA-256:	7BBF611F5E2A16439DC8CD11936F6364F6D5CC0044545C92775DA5646AFC7752
SHA-512:	2DD2E4E66D2F2277F031C5F3C829A31C3B29196AB27262C6A8F1896A2113A1BE1687C9E8CD9667B89157F099DFB969EF14AE3EA602D4C772E960BC41D39C3D05
Malicious:	false
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......ia.p-..#-..#-..#].."!..#].."...#=..":..#=.."<..#=.."b..#].."7..#]..",..#].."...#-..#...#e.."T..#e..",..#e..#,..#-.g#,..#e..",..#Rich-..#........................PE..L.....$g.........."!...).....`...... ........ ...........................................@A............................L...,...@....................Z..`=......\....K..p....................L...... K..@............ ...............................text............................... ..`.rdata....... ......................@..@.data....(..........................@....fptable............................@....rsrc...............................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................

C:\Windows\Installer\MSIC22B.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1021792
Entropy (8bit):	6.608727172078022
Encrypted:	false
SSDEEP:	24576:2Nmq6KGDx4JYKcP/+h0lhSMXl+GGXo8Wea/xwuX:Ymq6KGk/cHrOGGY8Wea/xwuX
MD5:	EE09D6A1BB908B42C05FD0BEEB67DFD2
SHA1:	1EB7C1304B7BCA649C2A5902B18A1EA57CEAA532
SHA-256:	7BBF611F5E2A16439DC8CD11936F6364F6D5CC0044545C92775DA5646AFC7752
SHA-512:	2DD2E4E66D2F2277F031C5F3C829A31C3B29196AB27262C6A8F1896A2113A1BE1687C9E8CD9667B89157F099DFB969EF14AE3EA602D4C772E960BC41D39C3D05
Malicious:	false
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......ia.p-..#-..#-..#].."!..#].."...#=..":..#=.."<..#=.."b..#].."7..#]..",..#].."...#-..#...#e.."T..#e..",..#e..#,..#-.g#,..#e..",..#Rich-..#........................PE..L.....$g.........."!...).....`...... ........ ...........................................@A............................L...,...@....................Z..`=......\....K..p....................L...... K..@............ ...............................text............................... ..`.rdata....... ......................@..@.data....(..........................@....fptable............................@....rsrc...............................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................

C:\Windows\Installer\MSIC26A.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1201504
Entropy (8bit):	6.4557937684843365
Encrypted:	false
SSDEEP:	24576:W4FsQxRqkY1ngOktwC2Tec+4VGWSlnH/YrjPWeTIUGVUrHtAkJMsFUh29BKjxw:D2QxNwCsec+4VGWSlnfYvO3UGVUrHtAg
MD5:	E83D774F643972B8ECCDB3A34DA135C5
SHA1:	A58ECCFB12D723C3460563C5191D604DEF235D15
SHA-256:	D0A6F6373CFB902FCD95BC12360A9E949F5597B72C01E0BD328F9B1E2080B5B7
SHA-512:	CB5FF0E66827E6A1FA27ABDD322987906CFDB3CDB49248EFEE04D51FEE65E93B5D964FF78095866E197448358A9DE9EC7F45D4158C0913CBF0DBD849883A6E90
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............@G..@G..@G.yCF..@G.yEF..@G.\|CF..@G.\|DF..@G.\|EF..@G.yDF..@G.yAF..@G..AG..@G.}IF..@G.}@F..@G.}.G..@G...G..@G.}BF..@GRich..@G........PE..L...'.$g.........."!...).~..........Pq.......................................`......0.....@A........................ ...t...............................`=.......l......p........................... ...@...............L............................text...J}.......~.................. ..`.rdata...;.......<..................@..@.data...............................@....fptable............................@....rsrc...............................@..@.reloc...l.......n..................@..B........................................................................................................................................................................................................................................................

C:\Windows\Installer\MSIC29A.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1021792
Entropy (8bit):	6.608727172078022
Encrypted:	false
SSDEEP:	24576:2Nmq6KGDx4JYKcP/+h0lhSMXl+GGXo8Wea/xwuX:Ymq6KGk/cHrOGGY8Wea/xwuX
MD5:	EE09D6A1BB908B42C05FD0BEEB67DFD2
SHA1:	1EB7C1304B7BCA649C2A5902B18A1EA57CEAA532
SHA-256:	7BBF611F5E2A16439DC8CD11936F6364F6D5CC0044545C92775DA5646AFC7752
SHA-512:	2DD2E4E66D2F2277F031C5F3C829A31C3B29196AB27262C6A8F1896A2113A1BE1687C9E8CD9667B89157F099DFB969EF14AE3EA602D4C772E960BC41D39C3D05
Malicious:	false
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......ia.p-..#-..#-..#].."!..#].."...#=..":..#=.."<..#=.."b..#].."7..#]..",..#].."...#-..#...#e.."T..#e..",..#e..#,..#-.g#,..#e..",..#Rich-..#........................PE..L.....$g.........."!...).....`...... ........ ...........................................@A............................L...,...@....................Z..`=......\....K..p....................L...... K..@............ ...............................text............................... ..`.rdata....... ......................@..@.data....(..........................@....fptable............................@....rsrc...............................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................

C:\Windows\Installer\MSIC2CA.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1021792
Entropy (8bit):	6.608727172078022
Encrypted:	false
SSDEEP:	24576:2Nmq6KGDx4JYKcP/+h0lhSMXl+GGXo8Wea/xwuX:Ymq6KGk/cHrOGGY8Wea/xwuX
MD5:	EE09D6A1BB908B42C05FD0BEEB67DFD2
SHA1:	1EB7C1304B7BCA649C2A5902B18A1EA57CEAA532
SHA-256:	7BBF611F5E2A16439DC8CD11936F6364F6D5CC0044545C92775DA5646AFC7752
SHA-512:	2DD2E4E66D2F2277F031C5F3C829A31C3B29196AB27262C6A8F1896A2113A1BE1687C9E8CD9667B89157F099DFB969EF14AE3EA602D4C772E960BC41D39C3D05
Malicious:	false
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......ia.p-..#-..#-..#].."!..#].."...#=..":..#=.."<..#=.."b..#].."7..#]..",..#].."...#-..#...#e.."T..#e..",..#e..#,..#-.g#,..#e..",..#Rich-..#........................PE..L.....$g.........."!...).....`...... ........ ...........................................@A............................L...,...@....................Z..`=......\....K..p....................L...... K..@............ ...............................text............................... ..`.rdata....... ......................@..@.data....(..........................@....fptable............................@....rsrc...............................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................

C:\Windows\Installer\MSIE046.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	380520
Entropy (8bit):	6.512348002260683
Encrypted:	false
SSDEEP:	6144:ZSXJmYiFGLzkhEFeCPGi5B8dZ6t+6bUSfcqKgAST:ZSXJ9khElPGvcttbxpAST
MD5:	FFDAACB43C074A8CB9A608C612D7540B
SHA1:	8F054A7F77853DE365A7763D93933660E6E1A890
SHA-256:	7484797EA4480BC71509FA28B16E607F82323E05C44F59FFA65DB3826ED1B388
SHA-512:	A9BD31377F7A6ECF75B1D90648847CB83D8BD65AD0B408C4F8DE6EB50764EEF1402E7ACDFF375B7C3B07AC9F94184BD399A10A22418DB474908B5E7A1ADFE263
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^..?{..?{..?{..x..?{..~..?{...x..?{......?{...~..?{.....?{..z..?{..?z..>{..r..?{..{..?{....?{..?.?{..y..?{.Rich.?{.........PE..L...>.$g.........."!...)..................... .......................................'....@A........................@3..X....3.......... ...............h:.......6..@...p...............................@............ ..(............................text...J........................... ..`.rdata...$... ...&..................@..@.data....!...P......................@....fptable.............@..............@....rsrc... ............B..............@..@.reloc...6.......8...\..............@..B........................................................................................................................................................................................................................................................

C:\Windows\Installer\MSIE632.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	215336
Entropy (8bit):	4.945736341384881
Encrypted:	false
SSDEEP:	1536:zLG9WT81Z0Ceau0a/r3NLZZOjjDcC7uFFy9Z8YJNs9Z7E9ykir:zK9r1Z0vZXJZYDFufyXbJNCcw
MD5:	76D11F0BE2E1FAFC919F1D1E33581423
SHA1:	BC8A74D5B64AC4047E7DC18E08A6538A8D07D224
SHA-256:	D481391F45369E5B9EAE3412A5ABBD5C407D50C753BE9125708AEBE454462589
SHA-512:	5BBF3F8CE2368A5B67E398042CAA345123F11E2AD24FF6527723963D6E92EC62B1B1E5B17E32D574239DC46353A942C89C4F1F64996674274187AA6D1EB7E43B
Malicious:	false
Preview:	...@IXOS.@.....@.K'Z.@.....@.....@.....@.....@.....@......&.{33A90EB2-6231-4158-A54E-0AB7E99B8DF2}..Weisx App..setup.msi.@.....@.....@.....@......icon_24.exe..&.{3BF6D30A-BC85-426B-B103-DC8347D8AFC7}.....@.....@.....@.....@.......@.....@.....@.......@......Weisx App......Rollback..Rolling back action:....RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration...@3....@.....@.]....&.{F39C344E-A83E-4760-8DA8-F27602095B4F}<.C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\.@.......@.....@.....@......&.{BC83E781-7DE2-47A8-97C3-2E6CC9BCAD82}0.21:\Software\Trindo Coorp Sols\Weisx App\Version.@.......@.....@.....@......&.{279C32E3-A00A-4513-9A8B-D3984A41A6FB}E.C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\utest.dll.@.......@.....@.....@......&.{B61B35E4-8BE1-4171-B69B-E2423CE9179F}L.C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\vcruntime140.dll.@.......@.....@.....@......&.{FDDB96EE-847D-4B2

C:\Windows\Installer\MSIE643.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	787808
Entropy (8bit):	6.693392695195763
Encrypted:	false
SSDEEP:	24576:aE33f8zyjmfyY43pNRmkL7mh0lhSMXlEeGXDMGz+:L3fSyjmfyY43pNRp7T0eGwGz+
MD5:	8CF47242B5DF6A7F6D2D7AF9CC3A7921
SHA1:	B51595A8A113CF889B0D1DD4B04DF16B3E18F318
SHA-256:	CCB57BDBB19E1AEB2C8DD3845CDC53880C1979284E7B26A1D8AE73BBEAF25474
SHA-512:	748C4767D258BFA6AD2664AA05EF7DC16F2D204FAE40530430EF5D1F38C8F61F074C6EC6501489053195B6B6F6E02D29FDE970D74C6AE97649D8FE1FD342A288
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............m..m..m.'n..m.'h.q.m.'i..m.."i..m.."n..m.."h..m.'l..m..l..m.#d..m.#m..m.#...m.....m.#o..m.Rich.m.........PE..L.....$g.........."!...).....4............................................... ............@A........................@J.......J..........................`=......4`...~..p........................... ~..@............................................text............................... ..`.rdata..Z...........................@..@.data...D-...`.......B..............@....fptable.............^..............@....rsrc................`..............@..@.reloc..4`.......b...f..............@..B........................................................................................................................................................................................................................................................

C:\Windows\Installer\SourceHash{33A90EB2-6231-4158-A54E-0AB7E99B8DF2}

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	1.1624802553798197
Encrypted:	false
SSDEEP:	12:JSbX72FjTKAGiLIlHVRpMh/7777777777777777777777777vDHFGVQHClp3Xl0G:J5KQI5c2QHm6F
MD5:	16C88638480B66A4E2FAE91154AB886D
SHA1:	77D83747EB2C292B5DCB960261B2BFEBE9802752
SHA-256:	F5A5401058783435392248E4199FB923319786A04E9C01FEE87D4CF339797993
SHA-512:	6257C29BF07CCA7F1A73E1614F7AE9FEDD5A36916C7A282411CC0FE1D843F798DE8068FA4AC4C203F2461FD33193599CD5BDA8F0C95642F7C125FDEA30A462CE
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Installer\inprogressinstallinfo.ipi

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	1.5698059082618077
Encrypted:	false
SSDEEP:	48:e8Ph4uRc06WXJ8FT5y4JC2O4U88MoAErCy04SBtZXdkSB0T/s:Rh41fFT38oUkwCUuX6S
MD5:	B0E38A8016F19D54E34957F89AC1A464
SHA1:	A37AC129D47D5506A9E401AED47BCBF7375284A3
SHA-256:	DE0665F6EF786A24AC5650D1CC2B2C91D9FABE7EA58B209BD87F517834C72850
SHA-512:	ED0460F75CCCA8B75AD0AC6C8CAA07EA9A7E4B2537A3B9A7F93974D5D4ED27AFF57252562C402C9C27C41D93228EDAF863ED3B61087988D1BC9E843C4C4D98D3
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	364484
Entropy (8bit):	5.365500208711396
Encrypted:	false
SSDEEP:	1536:6qELG7gK+RaOOp3LCCpfmLgYI66xgFF9Sq8K6MAS2OMUHl6Gin327D22A26Kgauz:zTtbmkExhMJCIpEo
MD5:	4804BEC98E5D6A0528D165F209E4BBAE
SHA1:	06A3977910D5DD33D93138A0552E49D055D53455
SHA-256:	A5237C52F6CF5E1F7F946452BC4E7B453AC311234CD24D4BE532132F96724392
SHA-512:	C3D810E4AF368B27FB5A20B69CB763723D66BDBD3E5B610DDFD5338164A443AE2A7B9B3821996E0F09943C40797AC7C61940A8B54E23A1985F2342DBF825AD86
Malicious:	false
Preview:	.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [

C:\Windows\Temp\~DF0DAF3B847C71C237.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	73728
Entropy (8bit):	0.13920954325257118
Encrypted:	false
SSDEEP:	48:068T1kSBi8MoAErCy04SBtZX0o4228R4:0G5wCUuX0H2G
MD5:	A2920EB4E8A3E0570481703F82A32130
SHA1:	4DBF8E86BF7557F35C1F33A2701449C797DCDE2B
SHA-256:	65BC0FE945CB14300DBB353F43EA01B71391ECCAC0006E8AE755F29C3D9EE299
SHA-512:	B6FBBCB7FCCC188C5BDA96424B785F8EA6863B8C6AF82FDF1EF0FDE7D3F8E8BA1BAE33FC7A418CE91FD2414547DF132BE7EA6CD65A829E6FB78681D967C9AE6B
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF134BE8028D3ED3FF.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	1.257132104303825
Encrypted:	false
SSDEEP:	48:wXwu+O+CFXJxT5E44JC2O4U88MoAErCy04SBtZXdkSB0T/s:OwsJTuX8oUkwCUuX6S
MD5:	A8334267A6463B5928A6E658ECE02F88
SHA1:	DC65D8624C8D55DB7EC9B0CCA5BC6A65270C9AF8
SHA-256:	69B95BBB7748C0B2F88E17F57A81DE9CAE8932B03B6C523E125F9DDC341CB407
SHA-512:	A5B0FF4197005B0A0F7D4049672522E32505625E9F74CF35653D61E6A4FCCE9091B1FF44DD28D99A7ADE8046A58115399091508A9FF72785E815832EAFA4AAA4
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF347E402405F20574.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	1.257132104303825
Encrypted:	false
SSDEEP:	48:wXwu+O+CFXJxT5E44JC2O4U88MoAErCy04SBtZXdkSB0T/s:OwsJTuX8oUkwCUuX6S
MD5:	A8334267A6463B5928A6E658ECE02F88
SHA1:	DC65D8624C8D55DB7EC9B0CCA5BC6A65270C9AF8
SHA-256:	69B95BBB7748C0B2F88E17F57A81DE9CAE8932B03B6C523E125F9DDC341CB407
SHA-512:	A5B0FF4197005B0A0F7D4049672522E32505625E9F74CF35653D61E6A4FCCE9091B1FF44DD28D99A7ADE8046A58115399091508A9FF72785E815832EAFA4AAA4
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF439EAFEF1644FACF.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	512
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	BF619EAC0CDF3F68D496EA9344137E8B
SHA1:	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
SHA-256:	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
SHA-512:	DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
Malicious:	false
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF59DB3FDF680CF148.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	1.5698059082618077
Encrypted:	false
SSDEEP:	48:e8Ph4uRc06WXJ8FT5y4JC2O4U88MoAErCy04SBtZXdkSB0T/s:Rh41fFT38oUkwCUuX6S
MD5:	B0E38A8016F19D54E34957F89AC1A464
SHA1:	A37AC129D47D5506A9E401AED47BCBF7375284A3
SHA-256:	DE0665F6EF786A24AC5650D1CC2B2C91D9FABE7EA58B209BD87F517834C72850
SHA-512:	ED0460F75CCCA8B75AD0AC6C8CAA07EA9A7E4B2537A3B9A7F93974D5D4ED27AFF57252562C402C9C27C41D93228EDAF863ED3B61087988D1BC9E843C4C4D98D3
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF5D2180E6FCE18F6A.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	512
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	BF619EAC0CDF3F68D496EA9344137E8B
SHA1:	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
SHA-256:	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
SHA-512:	DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
Malicious:	false
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF5EA36FDB2D236966.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	512
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	BF619EAC0CDF3F68D496EA9344137E8B
SHA1:	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
SHA-256:	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
SHA-512:	DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
Malicious:	false
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF6D69FDDEF56EA8F6.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.06923730785630439
Encrypted:	false
SSDEEP:	6:2/9LG7iVCnLG7iVrKOzPLHKOGWGZ+xHD2GyVky6l3X:2F0i8n0itFzDHFGVQHCE3X
MD5:	DB37B9E654D4BD28F730511EB5B673C2
SHA1:	CA12E39967E4DEF2EE67567C6DB70D6A099A062E
SHA-256:	3B83EBA1F7FABD2981C469792D0B37345C563EFC780A172B059C90B500962C55
SHA-512:	A7151E79461A705A1E3274C3FB594F52375E9949919EDB30BC638521A97D987CCEADB4F96C8CF503D57A94F910AD39298934E1018F360D798BEAD754CFEFBF92
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DFA108D8B3F12FF3D4.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	512
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	BF619EAC0CDF3F68D496EA9344137E8B
SHA1:	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
SHA-256:	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
SHA-512:	DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
Malicious:	false
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DFD5153D0EB6ECD7E6.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	1.5698059082618077
Encrypted:	false
SSDEEP:	48:e8Ph4uRc06WXJ8FT5y4JC2O4U88MoAErCy04SBtZXdkSB0T/s:Rh41fFT38oUkwCUuX6S
MD5:	B0E38A8016F19D54E34957F89AC1A464
SHA1:	A37AC129D47D5506A9E401AED47BCBF7375284A3
SHA-256:	DE0665F6EF786A24AC5650D1CC2B2C91D9FABE7EA58B209BD87F517834C72850
SHA-512:	ED0460F75CCCA8B75AD0AC6C8CAA07EA9A7E4B2537A3B9A7F93974D5D4ED27AFF57252562C402C9C27C41D93228EDAF863ED3B61087988D1BC9E843C4C4D98D3
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DFE0FDF1A28102C6B1.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	512
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	BF619EAC0CDF3F68D496EA9344137E8B
SHA1:	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
SHA-256:	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
SHA-512:	DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
Malicious:	false
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DFE7F2C115EB2BB4FB.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	1.257132104303825
Encrypted:	false
SSDEEP:	48:wXwu+O+CFXJxT5E44JC2O4U88MoAErCy04SBtZXdkSB0T/s:OwsJTuX8oUkwCUuX6S
MD5:	A8334267A6463B5928A6E658ECE02F88
SHA1:	DC65D8624C8D55DB7EC9B0CCA5BC6A65270C9AF8
SHA-256:	69B95BBB7748C0B2F88E17F57A81DE9CAE8932B03B6C523E125F9DDC341CB407
SHA-512:	A5B0FF4197005B0A0F7D4049672522E32505625E9F74CF35653D61E6A4FCCE9091B1FF44DD28D99A7ADE8046A58115399091508A9FF72785E815832EAFA4AAA4
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

\Device\ConDrv

Download File

Process:	C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\createdump.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	638
Entropy (8bit):	4.751962275036146
Encrypted:	false
SSDEEP:	12:ku/L92WF4gx9l+jsPczo/CdaD0gwiSrlEX6OPkRVdoaQLeU4wv:ku/h5F4Bs0oCdalwisCkRVKVeU4wv
MD5:	15CA959638E74EEC47E0830B90D0696E
SHA1:	E836936738DCB6C551B6B76054F834CFB8CC53E5
SHA-256:	57F2C730C98D62D6C84B693294F6191FD2BEC7D7563AD9963A96AE87ABEBF9EE
SHA-512:	101390C5D2FA93162804B589376CF1E4A1A3DD4BDF4B6FE26D807AFC3FF80DA26EE3BAEB731D297A482165DE7CA48508D6EAA69A5509168E9CEF20B4A88A49FD
Malicious:	false
Preview:	[createdump] createdump [options] pid..-f, --name - dump path and file name. The default is '%TEMP%\dump.%p.dmp'. These specifiers are substituted with following values:.. %p PID of dumped process... %e The process executable filename... %h Hostname return by gethostname()... %t Time of dump, expressed as seconds since the Epoch, 1970-01-01 00:00:00 +0000 (UTC)...-n, --normal - create minidump...-h, --withheap - create minidump with heap (default)...-t, --triage - create triage minidump...-u, --full - create full core dump...-d, --diag - enable diagnostic messages...-v, --verbose - enable verbose diagnostic messages...

Static File Info

General

File type:	Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Security: 0, Code page: 1252, Revision Number: {3BF6D30A-BC85-426B-B103-DC8347D8AFC7}, Number of Words: 10, Subject: Weisx App, Author: Trindo Coorp Sols, Name of Creating Application: Weisx App, Template: x64;2057, Comments: This installer database contains the logic and data required to install Weisx App., Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Tue Jan 7 11:19:39 2025, Last Saved Time/Date: Tue Jan 7 11:19:39 2025, Last Printed: Tue Jan 7 11:19:39 2025, Number of Pages: 450
Entropy (8bit):	7.214575990656587
TrID:	Windows SDK Setup Transform Script (63028/2) 88.73% Generic OLE2 / Multistream Compound File (8008/1) 11.27%
File name:	setup.msi
File size:	60'712'960 bytes
MD5:	58861a9449b6b97f78908fcf2f2dd966
SHA1:	e449e7d4b7d13349435606bb4a4010c873a4f03b
SHA256:	6a9af7cc73f45bb3161289d467d2a1f9eab0b404feb892cbbc606118cf1e359f
SHA512:	d9442219107cf2bd699a71ac4f7742dd156696151158c0329fce785d00bc433c6cb202e467e76f9ec67b185e2033fdb9bb1b60118eb88d43d59bc92cccbfc131
SSDEEP:	1572864:trtVmrjV7eIvnOTZFca8O2bFGNdXQ+Fg:pK4cU2bFGPBFg
TLSH:	F5D76C01B3FA4148F2F75EB17EBA85A5947ABD521B30C0EF1244A60E1B71BC25BB1763
File Content Preview:	........................>............................................2..................................................................x......................................................................................................................

File Icon


Icon Hash:	2d2e3797b32b2b99

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2025-01-07T15:24:13.747157+0100	2829202	ETPRO MALWARE MSIL/Zbrain PUP/Stealer Installer UA	1	192.168.2.5	49704	188.114.97.3	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 7, 2025 15:24:13.197601080 CET	49704	443	192.168.2.5	188.114.97.3
Jan 7, 2025 15:24:13.197635889 CET	443	49704	188.114.97.3	192.168.2.5
Jan 7, 2025 15:24:13.197710037 CET	49704	443	192.168.2.5	188.114.97.3
Jan 7, 2025 15:24:13.200290918 CET	49704	443	192.168.2.5	188.114.97.3
Jan 7, 2025 15:24:13.200313091 CET	443	49704	188.114.97.3	192.168.2.5
Jan 7, 2025 15:24:13.671418905 CET	443	49704	188.114.97.3	192.168.2.5
Jan 7, 2025 15:24:13.671518087 CET	49704	443	192.168.2.5	188.114.97.3
Jan 7, 2025 15:24:13.739861965 CET	49704	443	192.168.2.5	188.114.97.3
Jan 7, 2025 15:24:13.739907026 CET	443	49704	188.114.97.3	192.168.2.5
Jan 7, 2025 15:24:13.740269899 CET	443	49704	188.114.97.3	192.168.2.5
Jan 7, 2025 15:24:13.740329027 CET	49704	443	192.168.2.5	188.114.97.3
Jan 7, 2025 15:24:13.746943951 CET	49704	443	192.168.2.5	188.114.97.3
Jan 7, 2025 15:24:13.747014046 CET	49704	443	192.168.2.5	188.114.97.3
Jan 7, 2025 15:24:13.747065067 CET	443	49704	188.114.97.3	192.168.2.5
Jan 7, 2025 15:24:14.173974037 CET	443	49704	188.114.97.3	192.168.2.5
Jan 7, 2025 15:24:14.174057007 CET	443	49704	188.114.97.3	192.168.2.5
Jan 7, 2025 15:24:14.174108982 CET	49704	443	192.168.2.5	188.114.97.3
Jan 7, 2025 15:24:14.174139023 CET	49704	443	192.168.2.5	188.114.97.3
Jan 7, 2025 15:24:14.174640894 CET	49704	443	192.168.2.5	188.114.97.3
Jan 7, 2025 15:24:14.174666882 CET	443	49704	188.114.97.3	192.168.2.5
Jan 7, 2025 15:24:14.174683094 CET	49704	443	192.168.2.5	188.114.97.3
Jan 7, 2025 15:24:14.175712109 CET	49704	443	192.168.2.5	188.114.97.3

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 7, 2025 15:24:13.180075884 CET	54788	53	192.168.2.5	1.1.1.1
Jan 7, 2025 15:24:13.188497066 CET	53	54788	1.1.1.1	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 7, 2025 15:24:13.180075884 CET	192.168.2.5	1.1.1.1	0x9e85	Standard query (0)	junewiener.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jan 7, 2025 15:24:13.188497066 CET	1.1.1.1	192.168.2.5	0x9e85	No error (0)	junewiener.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Jan 7, 2025 15:24:13.188497066 CET	1.1.1.1	192.168.2.5	0x9e85	No error (0)	junewiener.com		188.114.96.3	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

junewiener.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49704	188.114.97.3	443	3724	C:\Windows\SysWOW64\msiexec.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-07 14:24:13 UTC	193	OUT	POST /updater2.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded; charset=utf-8 User-Agent: AdvancedInstaller Host: junewiener.com Content-Length: 71 Cache-Control: no-cache
2025-01-07 14:24:13 UTC	71	OUT	Data Raw: 44 61 74 65 3d 30 37 25 32 46 30 31 25 32 46 32 30 32 35 26 54 69 6d 65 3d 30 39 25 33 41 32 34 25 33 41 31 32 26 42 75 69 6c 64 56 65 72 73 69 6f 6e 3d 38 2e 39 2e 39 26 53 6f 72 6f 71 56 69 6e 73 3d 54 72 75 65 Data Ascii: Date=07%2F01%2F2025&Time=09%3A24%3A12&BuildVersion=8.9.9&SoroqVins=True
2025-01-07 14:24:14 UTC	835	IN	HTTP/1.1 500 Internal Server Error Date: Tue, 07 Jan 2025 14:24:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Cache-Control: no-store cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Hj1jLU8SBGJ9Bjc%2BFKWd1FJO55oj%2FT3B4MmfFKUCWInTtyd44d8oy8t0qaJL%2Bwi3aF5lbO7xM%2Bl8NJItMGNJVwvS1tYb8ihsQhH5TTDoiW6CommOw6mDQ07hJX4nFgsqPA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8fe49c3639fd436a-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1611&min_rtt=1607&rtt_var=611&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2834&recv_bytes=924&delivery_rate=1779402&cwnd=184&unsent_bytes=0&cid=a7a08b4e93541d5a&ts=515&x=0"
2025-01-07 14:24:14 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Target ID:	0
Start time:	09:24:01
Start date:	07/01/2025
Path:	C:\Windows\System32\msiexec.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\setup.msi"
Imagebase:	0x7ff70dac0000
File size:	69'632 bytes
MD5 hash:	E5DA170027542E25EDE42FC54C929077
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	09:24:01
Start date:	07/01/2025
Path:	C:\Windows\System32\msiexec.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\msiexec.exe /V
Imagebase:	0x7ff70dac0000
File size:	69'632 bytes
MD5 hash:	E5DA170027542E25EDE42FC54C929077
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	09:24:04
Start date:	07/01/2025
Path:	C:\Windows\SysWOW64\msiexec.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\syswow64\MsiExec.exe -Embedding 069AFA2E2F0926607807BC15BBC43494
Imagebase:	0x1a0000
File size:	59'904 bytes
MD5 hash:	9D09DC1EDA745A5F87553048E57620CF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	09:24:13
Start date:	07/01/2025
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	true
Commandline:	-NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssE6E9.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiE6D6.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrE6D7.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrE6D8.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."
Imagebase:	0x850000
File size:	433'152 bytes
MD5 hash:	C32CA4ACFCC635EC1EA6ED8A34DF5FAC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	09:24:13
Start date:	07/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	09:24:20
Start date:	07/01/2025
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\suriqk.bat" "C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe""
Imagebase:	0x7ff7bf270000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	09:24:20
Start date:	07/01/2025
Path:	C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\createdump.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\createdump.exe"
Imagebase:	0x7ff78acb0000
File size:	57'488 bytes
MD5 hash:	71F796B486C7FAF25B9B16233A7CE0CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 0%, ReversingLabs
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	09:24:21
Start date:	07/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	09:24:21
Start date:	07/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	09:24:21
Start date:	07/01/2025
Path:	C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\obs-ffmpeg-mux.exe"
Imagebase:	0x7ff6129e0000
File size:	35'656 bytes
MD5 hash:	D3CAC4D7B35BACAE314F48C374452D71
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 0%, ReversingLabs
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	09:24:21
Start date:	07/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Function 06D11B50 Relevance: 4.0, Strings: 3, Instructions: 207COMMON

Download Yara Rule

Strings

$]q, xrefs: 06D11C3E
$]q, xrefs: 06D11BEB
$]q, xrefs: 06D11C32

Memory Dump Source

Source File: 00000004.00000002.2163885709.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6d10000_powershell.jbxd

Similarity

API ID:
String ID: $]q$$]q$$]q
API String ID: 0-182748909
Opcode ID: afb6c7ab79bc21a9727166a94b3131f18ceec9f849d5ba6d01c7475dd723f998
Instruction ID: 7daf0590557a43dea34f640187dd7dd441f2a2c84eebbcece15e3e4418d6bbab
Opcode Fuzzy Hash: afb6c7ab79bc21a9727166a94b3131f18ceec9f849d5ba6d01c7475dd723f998
Instruction Fuzzy Hash: B6614730B04248AFDB659F68ED406AABBF7EF85210F14847AEA45CF251DB75CC41C7A1

Function 06D11B34 Relevance: 2.6, Strings: 2, Instructions: 102COMMON

Download Yara Rule

Strings

$]q, xrefs: 06D11BEB
$]q, xrefs: 06D11C32

Memory Dump Source

Source File: 00000004.00000002.2163885709.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6d10000_powershell.jbxd

Similarity

API ID:
String ID: $]q$$]q
API String ID: 0-127220927
Opcode ID: f4826f67a46ccf3ee341da2d5d0cd2f615572c7d9f8685d93be8b804024403b7
Instruction ID: 47f502ac83a6776f589fec22272ece6d41630ad1d5c1cf5e26a86a45af66b304
Opcode Fuzzy Hash: f4826f67a46ccf3ee341da2d5d0cd2f615572c7d9f8685d93be8b804024403b7
Instruction Fuzzy Hash: 7731B230A04209EFDBA4CF15F984AA9BBF2EF81250F1880B6D6498F251E3B1C941CB90

Function 008336B0 Relevance: .6, Instructions: 627COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2160105441.0000000000830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_830000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b65d88d7a70871d32660c0597d07dd662bd598b63030c2bd2a789cd41344046
Instruction ID: a3ada707166b42c3d63bab4ad7094709041d35f557471f926ffa21cbcc508414
Opcode Fuzzy Hash: 2b65d88d7a70871d32660c0597d07dd662bd598b63030c2bd2a789cd41344046
Instruction Fuzzy Hash: E0328F706043449FC716CF28D490AAABBF2FF89304F158599D886CB7A6CB35ED46CB91

Function 00838478 Relevance: .3, Instructions: 266COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2160105441.0000000000830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_830000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 36d19c5e8fce713e22b8492657309b0b356ee4a7a0c658bf4a4f2f9d69ae3be8
Instruction ID: 1347500fc30838982f0bbc77cada78c688a10041fa236738d1975c63d088abec
Opcode Fuzzy Hash: 36d19c5e8fce713e22b8492657309b0b356ee4a7a0c658bf4a4f2f9d69ae3be8
Instruction Fuzzy Hash: BBA14B35A00348CFDB14DFA4D944AADBBB6FFC4310F258568E806EB265DB74AD49CB81

Function 00838BC8 Relevance: .2, Instructions: 199COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2160105441.0000000000830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_830000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7bb575a19989999daceeeae0a464cfb10e3ce592b86194f3c589d12507344185
Instruction ID: 2695d4817841d2ca1cdb4fd2cbc378f7f9e9bb668829d716751059f44fc07cde
Opcode Fuzzy Hash: 7bb575a19989999daceeeae0a464cfb10e3ce592b86194f3c589d12507344185
Instruction Fuzzy Hash: 4071C230A00709CFCB14DF68D884A9EBBF6FF85314F148569E409DB261DB75AC46CB90

Function 00838D36 Relevance: .2, Instructions: 188COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2160105441.0000000000830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_830000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 399fabca14e2d94675588f3774a63b458857615f06672748f7d8e48fd43f4a56
Instruction ID: d78aa0e653808444a98f515f1515d889b65dd3c778be8f2a442af2c73661391c
Opcode Fuzzy Hash: 399fabca14e2d94675588f3774a63b458857615f06672748f7d8e48fd43f4a56
Instruction Fuzzy Hash: 28714170A00248DFDB14DFA4D444AADBBF6FF84344F258429E416EB2A1DF74AD4ACB91

Function 00838959 Relevance: .1, Instructions: 148COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2160105441.0000000000830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_830000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 02b47f2d159b4eb3f10a0f76f7fd1b77ccb10943f7304a766abe0d00e64d3278
Instruction ID: e3eceea8893a0783fd7a089bdf6b1c9599dd911b1d7070576fa635245847fbef
Opcode Fuzzy Hash: 02b47f2d159b4eb3f10a0f76f7fd1b77ccb10943f7304a766abe0d00e64d3278
Instruction Fuzzy Hash: 05519D31644345CFDB149B24C858AAEBBB6FF89750F284469E406EB3A1CF78AC45CBD4

Function 00838BB3 Relevance: .1, Instructions: 117COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2160105441.0000000000830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_830000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c3627faaae562e27738d6bbf07c0bb12e67db633c9f1a5c6b26f0523f184c01c
Instruction ID: b4303443659c771e7d69fdb6ec2ccaa45bfe9825e3c938885d8f1156e64bd7bc
Opcode Fuzzy Hash: c3627faaae562e27738d6bbf07c0bb12e67db633c9f1a5c6b26f0523f184c01c
Instruction Fuzzy Hash: 42415D70A00308CFDB58DFA5C88469DBBF6FF85340F158469E005AB2A1DFB4AC49CB90

Function 00833D10 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2160105441.0000000000830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_830000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9785376b08e117b7cd03bff78b77e8054103f75e4ca1f46b3f197fa341af15b4
Instruction ID: c8d18726e864dddc541536e0e413bd2e45cab28e0ea369aabf6830aad1aaf5b3
Opcode Fuzzy Hash: 9785376b08e117b7cd03bff78b77e8054103f75e4ca1f46b3f197fa341af15b4
Instruction Fuzzy Hash: 68412674A005099FCB0ACF59C5949EAFBB1FF88310F118259D955AB364C736FE91CBA0

Function 0075D005 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2159892643.000000000075D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0075D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_75d000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ee63e1c6606a6f1502675c7a7933087233c10e75342ddde0122c05d65d8ec9e
Instruction ID: b9e6bbb01163f145d46392eda0d705ec8b93cf39e196fd894954739557413212
Opcode Fuzzy Hash: 7ee63e1c6606a6f1502675c7a7933087233c10e75342ddde0122c05d65d8ec9e
Instruction Fuzzy Hash: 2E016D6100D3C09FE7228B258C84692BFA8EF53225F0985DBED888F297C2AD5C49C771

Function 0075D01D Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2159892643.000000000075D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0075D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_75d000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d4e0b7bc75af8b5ce7b3ea7fc8e8ce4369451ab1cc889b762f4ab085947a4e1
Instruction ID: 4d1853d8149b78176f7a4a9563f0460b278120eb6fe8a17d564eaff51b3bc154
Opcode Fuzzy Hash: 3d4e0b7bc75af8b5ce7b3ea7fc8e8ce4369451ab1cc889b762f4ab085947a4e1
Instruction Fuzzy Hash: 8C01A7715053449AE7308A59CD84BA7BF98EF46326F18C529ED4C4A286C2BD9C4AC6B1

Function 008388ED Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2160105441.0000000000830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_830000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 57d275e7183b7bdae837c74c519bdfb94cbba684953ac9530457b7bc07ea6f38
Instruction ID: 9df71e8e4b61ea4fba0dd2bc93f1773debbbcc85147a53f30d712f042194e0a6
Opcode Fuzzy Hash: 57d275e7183b7bdae837c74c519bdfb94cbba684953ac9530457b7bc07ea6f38
Instruction Fuzzy Hash: 5DF01C30A4020ACFDB04DBA4D595B6E7BA2EF80344F108914E5069F3A8DB789D49CBC0

Non-executed Functions

Function 06D10898 Relevance: 10.2, Strings: 8, Instructions: 183COMMON

Download Yara Rule

Strings

$]q, xrefs: 06D1091D
$]q, xrefs: 06D108EF
$]q, xrefs: 06D10A62
$]q, xrefs: 06D10A56
$]q, xrefs: 06D10A3E
4']q, xrefs: 06D10947
4']q, xrefs: 06D10953
$]q, xrefs: 06D10929

Memory Dump Source

Source File: 00000004.00000002.2163885709.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6d10000_powershell.jbxd

Similarity

API ID:
String ID: 4']q$4']q$$]q$$]q$$]q$$]q$$]q$$]q
API String ID: 0-3118171705
Opcode ID: 96b4cd734fa122cf80d9e776484c8aaf726a75c3c1a5cdbebfc909a732314f7b
Instruction ID: 8b1981017201a66dec300cca06a07fac35e405e752cd7b62c98703c3d7a466ae
Opcode Fuzzy Hash: 96b4cd734fa122cf80d9e776484c8aaf726a75c3c1a5cdbebfc909a732314f7b
Instruction Fuzzy Hash: 8D515D31B04305EFDB656B39A420AAABBB6EFC5210B18847BD985CF241DE75C885C791

Function 06D10E88 Relevance: 6.3, Strings: 5, Instructions: 79COMMON

Download Yara Rule

Strings

$]q, xrefs: 06D10F0C
4Vk, xrefs: 06D10F3E
$]q, xrefs: 06D10F00
4Vk, xrefs: 06D10F30
$]q, xrefs: 06D10ECB

Memory Dump Source

Source File: 00000004.00000002.2163885709.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6d10000_powershell.jbxd

Similarity

API ID:
String ID: 4Vk$4Vk$$]q$$]q$$]q
API String ID: 0-620663819
Opcode ID: a14476a58e3a17e47e49fffbb1689365dbd202d95b1daec629e0f18e04ffd5e2
Instruction ID: 5abf48a943aae501e4275e5cfaaadc05cb13107d40a2d09c3c026faa463e5404
Opcode Fuzzy Hash: a14476a58e3a17e47e49fffbb1689365dbd202d95b1daec629e0f18e04ffd5e2
Instruction Fuzzy Hash: 36115B71314205ABEB74666E781177B77DA8FC0650714843AE955CF282DF76C882C3B5

Function 06D104D0 Relevance: 5.0, Strings: 4, Instructions: 48COMMON

Download Yara Rule

Strings

$]q, xrefs: 06D10526
$]q, xrefs: 06D1051A
4']q, xrefs: 06D1053B
4']q, xrefs: 06D10547

Memory Dump Source

Source File: 00000004.00000002.2163885709.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6d10000_powershell.jbxd

Similarity

API ID:
String ID: 4']q$4']q$$]q$$]q
API String ID: 0-978391646
Opcode ID: c5477a276f6627b5067412e2e14922ccaa4f7da6a34ed6c7fe69f9ff1b2ed4cb
Instruction ID: fa30d5dded7fed7d832d8a148a855a1dafc7a1e150e2a36b766fc4e0fefa18f4
Opcode Fuzzy Hash: c5477a276f6627b5067412e2e14922ccaa4f7da6a34ed6c7fe69f9ff1b2ed4cb
Instruction Fuzzy Hash: 0601D220B0E3C45FE76B272828201657FB65F8265032A04D7C4C5DF2A7CD698C45C3A6

Analysis Process: createdump.exePID: 5560, Parent PID: 4796COMMON

Execution Graph

Execution Coverage:	3.4%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	1.7%
Total number of Nodes:	700
Total number of Limit Nodes:	1

Executed Functions

Function 00007FF78ACB1060 Relevance: 65.0, APIs: 13, Strings: 24, Instructions: 214
stringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

strcmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF78ACB112F
strcmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF78ACB115B
strcmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF78ACB1187
strcmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF78ACB1230
atoi.API-MS-WIN-CRT-CONVERT-L1-1-0 ref: 00007FF78ACB123C
GetTempPathA.KERNEL32 ref: 00007FF78ACB12C1
GetLastError.KERNEL32 ref: 00007FF78ACB12CB
GetLastError.KERNEL32 ref: 00007FF78ACB12DF
strcat_s.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF78ACB12F8
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF78ACB1350
fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF78ACB1359
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF78ACB1364
fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF78ACB136D

Strings

-, xrefs: 00007FF78ACB1168
triage minidump, xrefs: 00007FF78ACB1247
--diag, xrefs: 00007FF78ACB11EF
minidump with heap, xrefs: 00007FF78ACB107C, 00007FF78ACB10BF
-, xrefs: 00007FF78ACB1110
Dump successfully written, xrefs: 00007FF78ACB1338
strcat_s failed (%d), xrefs: 00007FF78ACB1306
GetTempPath failed (0x%08x), xrefs: 00007FF78ACB12D3
--verbose, xrefs: 00007FF78ACB1226
--normal, xrefs: 00007FF78ACB1125
-, xrefs: 00007FF78ACB10DC
full dump, xrefs: 00007FF78ACB11C3
--withheap, xrefs: 00007FF78ACB1151
-, xrefs: 00007FF78ACB1215
createdump [options] pid-f, --name - dump path and file name. The default is '%TEMP%\dump.%p.dmp'. These specifiers are substituted with following values: %p PID of dumped process. %e The process executable filename. %h Hostname return by gethostn, xrefs: 00007FF78ACB1386
--full, xrefs: 00007FF78ACB11A8
minidump, xrefs: 00007FF78ACB1267
--name, xrefs: 00007FF78ACB10B8
-, xrefs: 00007FF78ACB1194
-, xrefs: 00007FF78ACB113C
--triage, xrefs: 00007FF78ACB117D
v, xrefs: 00007FF78ACB121A
dump.%p.dmp, xrefs: 00007FF78ACB12E9
-, xrefs: 00007FF78ACB11D7

Memory Dump Source

Source File: 00000008.00000002.2220239215.00007FF78ACB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF78ACB0000, based on PE: true

Associated: 00000008.00000002.2220217393.00007FF78ACB0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2220275547.00007FF78ACB8000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2220302704.00007FF78ACBC000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2220327152.00007FF78ACBD000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff78acb0000_createdump.jbxd

Similarity

API ID: strcmp$ErrorLast__acrt_iob_funcfflush$PathTempatoistrcat_s
String ID: -$-$-$-$-$-$-$--diag$--full$--name$--normal$--triage$--verbose$--withheap$Dump successfully written$GetTempPath failed (0x%08x)$createdump [options] pid-f, --name - dump path and file name. The default is '%TEMP%\dump.%p.dmp'. These specifiers are substituted with following values: %p PID of dumped process. %e The process executable filename. %h Hostname return by gethostn$dump.%p.dmp$full dump$minidump$minidump with heap$strcat_s failed (%d)$triage minidump$v
API String ID: 2647627392-2367407095
Opcode ID: 3e8843d71ddd811f5735ae345386871f6517bdd5673e2455e3aa9b185965a2cd
Instruction ID: 94c2903b4050b4ee39254cc4c9fec6ebadfb0cf471041ffb4d16bb43b075bb03
Opcode Fuzzy Hash: 3e8843d71ddd811f5735ae345386871f6517bdd5673e2455e3aa9b185965a2cd
Instruction Fuzzy Hash: 48A1A062D0E782B5FB61AF21E4002B9E7E4FB56754FA841B1C94E42295DF3EE846C321

Function 00007FF78ACB27EC Relevance: 13.6, APIs: 9, Instructions: 102
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__scrt_initialize_crt.LIBCMT ref: 00007FF78ACB2800

Part of subcall function 00007FF78ACB2B8C: __scrt_dllmain_crt_thread_attach.LIBCMT ref: 00007FF78ACB2BAE

__scrt_release_startup_lock.LIBCMT ref: 00007FF78ACB2883
_register_thread_local_exe_atexit_callback.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF78ACB28D1
_get_initial_narrow_environment.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF78ACB28D6
__p___argv.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF78ACB28DE
__p___argc.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF78ACB28E6
__scrt_is_managed_app.LIBCMT ref: 00007FF78ACB28FA
_cexit.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF78ACB2908
_exit.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF78ACB2962

Memory Dump Source

Source File: 00000008.00000002.2220239215.00007FF78ACB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF78ACB0000, based on PE: true

Associated: 00000008.00000002.2220217393.00007FF78ACB0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2220275547.00007FF78ACB8000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2220302704.00007FF78ACBC000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2220327152.00007FF78ACBD000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff78acb0000_createdump.jbxd

Similarity

API ID: __p___argc__p___argv__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_is_managed_app__scrt_release_startup_lock_cexit_exit_get_initial_narrow_environment_register_thread_local_exe_atexit_callback
String ID:
API String ID: 2308368977-0
Opcode ID: 5a9b20bb9eaae0def914decdfc47a4fcc48693c8541f2657ef11ecffac799aa6
Instruction ID: 27e724b534518cbd3a624f170f159f2d725b3ba5ac70035b71d9f64a68322836
Opcode Fuzzy Hash: 5a9b20bb9eaae0def914decdfc47a4fcc48693c8541f2657ef11ecffac799aa6
Instruction Fuzzy Hash: 53312621E0A342A1FB14BB25D4113BAA290BF44784FE410B4EA0D076E3CF2FA847C371

Function 00007FF78ACB1450 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 34
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF78ACB1475
fprintf.MSPDB140-MSVCRT ref: 00007FF78ACB1485

Part of subcall function 00007FF78ACB1010: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF78ACB1047

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF78ACB1494
__stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF78ACB14B3
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF78ACB14BE
fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF78ACB14C7

Strings

[createdump] , xrefs: 00007FF78ACB147E

Memory Dump Source

Source File: 00000008.00000002.2220239215.00007FF78ACB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF78ACB0000, based on PE: true

Associated: 00000008.00000002.2220217393.00007FF78ACB0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2220275547.00007FF78ACB8000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2220302704.00007FF78ACBC000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2220327152.00007FF78ACBD000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff78acb0000_createdump.jbxd

Similarity

API ID: __acrt_iob_func$__stdio_common_vfprintf$fflushfprintf
String ID: [createdump]
API String ID: 3735572767-2657508301
Opcode ID: f7b41b5d75985a22341ebafe60962d777547180dfe076665e84a48d8af4ee52e
Instruction ID: fd210d26f5c23bd0a1cbf969e6e149cd0560476139b44b94d232a326391f7364
Opcode Fuzzy Hash: f7b41b5d75985a22341ebafe60962d777547180dfe076665e84a48d8af4ee52e
Instruction Fuzzy Hash: A3016D31A09B81A2F600AB51F81916AE364FF94BD1F904579EE8D037AACF3DD456C711

Non-executed Functions

Function 00007FF78ACB2ECC Relevance: 10.6, APIs: 7, Instructions: 72
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

IsProcessorFeaturePresent.KERNEL32 ref: 00007FF78ACB2EE8
RtlCaptureContext.KERNEL32 ref: 00007FF78ACB2F15
RtlLookupFunctionEntry.KERNEL32 ref: 00007FF78ACB2F2F
RtlVirtualUnwind.KERNEL32 ref: 00007FF78ACB2F70
IsDebuggerPresent.KERNEL32 ref: 00007FF78ACB2FC4
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF78ACB2FE5
UnhandledExceptionFilter.KERNEL32 ref: 00007FF78ACB2FF0

Memory Dump Source

Source File: 00000008.00000002.2220239215.00007FF78ACB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF78ACB0000, based on PE: true

Associated: 00000008.00000002.2220217393.00007FF78ACB0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2220275547.00007FF78ACB8000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2220302704.00007FF78ACBC000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2220327152.00007FF78ACBD000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff78acb0000_createdump.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
String ID:
API String ID: 3140674995-0
Opcode ID: 92083fc3b2590fb7f42fdf2bff26a09e0be32edceb9cda99800bf26d983c5eac
Instruction ID: 42940bcc7adbef2a54fca6d2b47889fc92f55f6befabe11708f416245dc4435d
Opcode Fuzzy Hash: 92083fc3b2590fb7f42fdf2bff26a09e0be32edceb9cda99800bf26d983c5eac
Instruction Fuzzy Hash: 33316D7260AB8196FB60AF61E8403EAB365FB84744F90403ADA4E47B94DF39C549C720

Function 00007FF78ACB3074 Relevance: .0, Instructions: 2COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2220239215.00007FF78ACB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF78ACB0000, based on PE: true

Associated: 00000008.00000002.2220217393.00007FF78ACB0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2220275547.00007FF78ACB8000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2220302704.00007FF78ACBC000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2220327152.00007FF78ACBD000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff78acb0000_createdump.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c8a5ce5a61a9accbe9d72245b7862f6c7c599a8b634bc8698eb0ff17e984138
Instruction ID: 70b2a2bf5044c6d365127cc321e243a61b4d4f62184e90d59f3c2743900fa2cb
Opcode Fuzzy Hash: 8c8a5ce5a61a9accbe9d72245b7862f6c7c599a8b634bc8698eb0ff17e984138
Instruction Fuzzy Hash: 14A0023190EE12F0F644AB19FC54131A330FF50340BE005B1D40D415A0DF3EA446C320

Function 00007FF78ACB23C0 Relevance: 33.4, APIs: 14, Strings: 5, Instructions: 157
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

OpenProcess.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF78ACB242D
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF78ACB243B

Part of subcall function 00007FF78ACB1450: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF78ACB1475
Part of subcall function 00007FF78ACB1450: fprintf.MSPDB140-MSVCRT ref: 00007FF78ACB1485
Part of subcall function 00007FF78ACB1450: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF78ACB1494
Part of subcall function 00007FF78ACB1450: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF78ACB14B3
Part of subcall function 00007FF78ACB1450: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF78ACB14BE
Part of subcall function 00007FF78ACB1450: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF78ACB14C7

K32GetModuleBaseNameA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF78ACB2466
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF78ACB2470
CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF78ACB2487
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF78ACB25F3

Strings

Writing %s to file %s, xrefs: 00007FF78ACB24C3
Invalid process id '%d' error %d, xrefs: 00007FF78ACB2447
Write dump FAILED 0x%08x, xrefs: 00007FF78ACB258E
Invalid dump path '%s' error %d, xrefs: 00007FF78ACB252C
Get process name FAILED %d, xrefs: 00007FF78ACB2478

Memory Dump Source

Source File: 00000008.00000002.2220239215.00007FF78ACB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF78ACB0000, based on PE: true

Associated: 00000008.00000002.2220217393.00007FF78ACB0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2220275547.00007FF78ACB8000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2220302704.00007FF78ACBC000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2220327152.00007FF78ACBD000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff78acb0000_createdump.jbxd

Similarity

API ID: __acrt_iob_func$ErrorLast$BaseCloseHandleModuleNameOpenProcess__stdio_common_vfprintf_invalid_parameter_noinfo_noreturnfflushfprintf
String ID: Get process name FAILED %d$Invalid dump path '%s' error %d$Invalid process id '%d' error %d$Write dump FAILED 0x%08x$Writing %s to file %s
API String ID: 3971781330-1292085346
Opcode ID: 8ec448eeb6e8f02312a1538d84a3c8dfc991fc7cafdc13e8cd0ded943aea62a7
Instruction ID: 0c8aab48eaae52c278ee6ecdba2ba22301dfff7b8713f8a4e3a01aad39eda22d
Opcode Fuzzy Hash: 8ec448eeb6e8f02312a1538d84a3c8dfc991fc7cafdc13e8cd0ded943aea62a7
Instruction Fuzzy Hash: E1616231A0AB4191FB20EB16F45466AB761FB857D0FE00174EA9E03AA5CF3EE446D720

Function 00007FF78ACB49A4 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 316
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Is_bad_exception_allowed.LIBVCRUNTIME ref: 00007FF78ACB4B42
std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF78ACB4E65
terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF78ACB4E7B
terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF78ACB4E93
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF78ACB4E99

Strings

csm, xrefs: 00007FF78ACB4A89
csm, xrefs: 00007FF78ACB4AEB
csm, xrefs: 00007FF78ACB4B69

Memory Dump Source

Source File: 00000008.00000002.2220239215.00007FF78ACB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF78ACB0000, based on PE: true

Associated: 00000008.00000002.2220217393.00007FF78ACB0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2220275547.00007FF78ACB8000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2220302704.00007FF78ACBC000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2220327152.00007FF78ACBD000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff78acb0000_createdump.jbxd

Similarity

API ID: terminate$Is_bad_exception_allowedabortstd::bad_alloc::bad_alloc
String ID: csm$csm$csm
API String ID: 695522112-393685449
Opcode ID: b33eca4017884e99d2f222704934a1d2e619e74398d1b95ed41b8d3f9756be10
Instruction ID: e5869713e228e5ff61e903f7619b8ced83139e7182626def3a2089f168438e2f
Opcode Fuzzy Hash: b33eca4017884e99d2f222704934a1d2e619e74398d1b95ed41b8d3f9756be10
Instruction Fuzzy Hash: 19E1CF3290DB969AF720AF38D4803ADB7A0FB44748FA40175DA9D47796DF39E482C710

Function 00007FF78ACB13C0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 34
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF78ACB13E5
fprintf.MSPDB140-MSVCRT ref: 00007FF78ACB13F5

Part of subcall function 00007FF78ACB1010: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF78ACB1047

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF78ACB1404
__stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF78ACB1423
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF78ACB142E
fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF78ACB1437

Strings

[createdump] , xrefs: 00007FF78ACB13EE

Memory Dump Source

Source File: 00000008.00000002.2220239215.00007FF78ACB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF78ACB0000, based on PE: true

Associated: 00000008.00000002.2220217393.00007FF78ACB0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2220275547.00007FF78ACB8000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2220302704.00007FF78ACBC000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2220327152.00007FF78ACBD000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff78acb0000_createdump.jbxd

Similarity

API ID: __acrt_iob_func$__stdio_common_vfprintf$fflushfprintf
String ID: [createdump]
API String ID: 3735572767-2657508301
Opcode ID: 5b675bc39e039bc525fd467c26ca74d7b5bd1981a0b88a155956b168aee24ed4
Instruction ID: 737317091ce0bc9308d2521a3745d9b48ac93ebd519635779594502bbd14e391
Opcode Fuzzy Hash: 5b675bc39e039bc525fd467c26ca74d7b5bd1981a0b88a155956b168aee24ed4
Instruction Fuzzy Hash: 7D014B31A09B81A2F700AB51F8141AAE364FB94BD1F904175EA8D037A9CF7DD496C751

Function 00007FF78ACB1800 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 92
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WSAStartup.WS2_32 ref: 00007FF78ACB186C

Part of subcall function 00007FF78ACB1450: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF78ACB1475
Part of subcall function 00007FF78ACB1450: fprintf.MSPDB140-MSVCRT ref: 00007FF78ACB1485
Part of subcall function 00007FF78ACB1450: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF78ACB1494
Part of subcall function 00007FF78ACB1450: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF78ACB14B3
Part of subcall function 00007FF78ACB1450: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF78ACB14BE
Part of subcall function 00007FF78ACB1450: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF78ACB14C7

Strings

Pipe syntax in dump name not supported, xrefs: 00007FF78ACB1850
--name, xrefs: 00007FF78ACB180A
%%%%%%%%, xrefs: 00007FF78ACB1890
%%%%%%%%, xrefs: 00007FF78ACB1D5C
Invalid dump name format char '%c', xrefs: 00007FF78ACB1DD0

Memory Dump Source

Source File: 00000008.00000002.2220239215.00007FF78ACB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF78ACB0000, based on PE: true

Associated: 00000008.00000002.2220217393.00007FF78ACB0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2220275547.00007FF78ACB8000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2220302704.00007FF78ACBC000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2220327152.00007FF78ACBD000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff78acb0000_createdump.jbxd

Similarity

API ID: __acrt_iob_func$Startup__stdio_common_vfprintffflushfprintf
String ID: %%%%%%%%$%%%%%%%%$--name$Invalid dump name format char '%c'$Pipe syntax in dump name not supported
API String ID: 3378602911-3973674938
Opcode ID: 6d691e12a95190b73438bc01f861d361a60469c0dc3d28550e2b0afd423a51ff
Instruction ID: 7ca106d8e3c2ac3073711a95163d1ae036bb3d460134d9bf7203bb8a8e8af11c
Opcode Fuzzy Hash: 6d691e12a95190b73438bc01f861d361a60469c0dc3d28550e2b0afd423a51ff
Instruction Fuzzy Hash: 22312562E09B80A6F756AF15E8547F9A7A1BB45384FE500B2DE4D07391CF3EE146C320

Function 00007FF78ACB6498 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88
libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNEL32(00000000,?,00000000,00007FF78ACB669F,?,?,?,00007FF78ACB441E,?,?,?,00007FF78ACB43D9), ref: 00007FF78ACB651D
GetLastError.KERNEL32(?,00000000,00007FF78ACB669F,?,?,?,00007FF78ACB441E,?,?,?,00007FF78ACB43D9,?,?,?,?,00007FF78ACB3524), ref: 00007FF78ACB652B
LoadLibraryExW.KERNEL32(?,00000000,00007FF78ACB669F,?,?,?,00007FF78ACB441E,?,?,?,00007FF78ACB43D9,?,?,?,?,00007FF78ACB3524), ref: 00007FF78ACB6555
FreeLibrary.KERNEL32(?,00000000,00007FF78ACB669F,?,?,?,00007FF78ACB441E,?,?,?,00007FF78ACB43D9,?,?,?,?,00007FF78ACB3524), ref: 00007FF78ACB659B
GetProcAddress.KERNEL32(?,00000000,00007FF78ACB669F,?,?,?,00007FF78ACB441E,?,?,?,00007FF78ACB43D9,?,?,?,?,00007FF78ACB3524), ref: 00007FF78ACB65A7

Strings

api-ms-, xrefs: 00007FF78ACB653D

Memory Dump Source

Source File: 00000008.00000002.2220239215.00007FF78ACB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF78ACB0000, based on PE: true

Associated: 00000008.00000002.2220217393.00007FF78ACB0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2220275547.00007FF78ACB8000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2220302704.00007FF78ACBC000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2220327152.00007FF78ACBD000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff78acb0000_createdump.jbxd

Similarity

API ID: Library$Load$AddressErrorFreeLastProc
String ID: api-ms-
API String ID: 2559590344-2084034818
Opcode ID: 91eaabdab86b5d7484fb536d38c8d26551698fbc6984510a5f5d6d43d06b7795
Instruction ID: adb9eaad8f964016b6b7573ec9ddca2867ab1fefbdd84c0d6ca00058f53228f4
Opcode Fuzzy Hash: 91eaabdab86b5d7484fb536d38c8d26551698fbc6984510a5f5d6d43d06b7795
Instruction Fuzzy Hash: 9F31A421A1BB42A1FE11FB12E800575A2D8FF48BA0FA94675DD1D46394EF3DE45AC360

Function 00007FF78ACB1B18 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 149
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_time64.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FF78ACB1B1D

Strings

%%%%%%%%, xrefs: 00007FF78ACB1D5C
Could not get the host name for dump name: %d, xrefs: 00007FF78ACB1DB2

Memory Dump Source

Source File: 00000008.00000002.2220239215.00007FF78ACB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF78ACB0000, based on PE: true

Associated: 00000008.00000002.2220217393.00007FF78ACB0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2220275547.00007FF78ACB8000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2220302704.00007FF78ACBC000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2220327152.00007FF78ACBD000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff78acb0000_createdump.jbxd

Similarity

API ID: _time64
String ID: %%%%%%%%$Could not get the host name for dump name: %d
API String ID: 1670930206-4114407318
Opcode ID: 30f253d6cb86930f70187238c9af70fef4a32202514a54efb800f102df6d23dc
Instruction ID: 3e558b7cc78d36816375bf8b2cdd4029b1273e4878077c6c677c1ae6621f6f60
Opcode Fuzzy Hash: 30f253d6cb86930f70187238c9af70fef4a32202514a54efb800f102df6d23dc
Instruction Fuzzy Hash: 97511472A19B8196FB00DF29E4803AEA7A0FB517D0FA00172DA5D17BA9DF3DE042D310

Function 00007FF78ACB4EA0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 190
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

EncodePointer.KERNEL32 ref: 00007FF78ACB4F10
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF78ACB5189

Strings

RCC, xrefs: 00007FF78ACB4F2C
MOC, xrefs: 00007FF78ACB4F24

Memory Dump Source

Source File: 00000008.00000002.2220239215.00007FF78ACB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF78ACB0000, based on PE: true

Associated: 00000008.00000002.2220217393.00007FF78ACB0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2220275547.00007FF78ACB8000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2220302704.00007FF78ACBC000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2220327152.00007FF78ACBD000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff78acb0000_createdump.jbxd

Similarity

API ID: EncodePointerabort
String ID: MOC$RCC
API String ID: 1188231555-2084237596
Opcode ID: 97abe66515cb1414aeefc8003222462485e27fa84eefc4111ad6d0138f6fd2ea
Instruction ID: 17a1f92265226dc4290d4a60896dd1677ab7a1420322c6af27750815a793eed7
Opcode Fuzzy Hash: 97abe66515cb1414aeefc8003222462485e27fa84eefc4111ad6d0138f6fd2ea
Instruction Fuzzy Hash: 1A91C373A09B869AF710DF65E8802ADBBB0F744788F644129EE8E17B54DF39D192C700

Function 00007FF78ACB5414 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 163
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 00007FF78ACB543E
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF78ACB56A2

Strings

csm, xrefs: 00007FF78ACB5463
csm, xrefs: 00007FF78ACB55D2

Memory Dump Source

Source File: 00000008.00000002.2220239215.00007FF78ACB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF78ACB0000, based on PE: true

Associated: 00000008.00000002.2220217393.00007FF78ACB0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2220275547.00007FF78ACB8000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2220302704.00007FF78ACBC000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2220327152.00007FF78ACBD000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff78acb0000_createdump.jbxd

Similarity

API ID: __except_validate_context_recordabort
String ID: csm$csm
API String ID: 746414643-3733052814
Opcode ID: 1056e810e0031d83590426beccc43492b2f2866ca19cabfb7471893f0b3bcd0b
Instruction ID: f50ac7a7e856d8ba285809e319f7b2b2284d93112a43d671b26ad499a0cf223d
Opcode Fuzzy Hash: 1056e810e0031d83590426beccc43492b2f2866ca19cabfb7471893f0b3bcd0b
Instruction Fuzzy Hash: 7A71F73690A7859AEB21AF25D04077DBBA0FB44B89FA49171DE8E07B85CF3DD452CB10

Function 00007FF78ACB195F Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

%%%%%%%%, xrefs: 00007FF78ACB1D5C
Could not get the host name for dump name: %d, xrefs: 00007FF78ACB1DB2

Memory Dump Source

Source File: 00000008.00000002.2220239215.00007FF78ACB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF78ACB0000, based on PE: true

Associated: 00000008.00000002.2220217393.00007FF78ACB0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2220275547.00007FF78ACB8000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2220302704.00007FF78ACBC000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2220327152.00007FF78ACBD000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff78acb0000_createdump.jbxd

Similarity

API ID:
String ID: %%%%%%%%$Could not get the host name for dump name: %d
API String ID: 0-4114407318
Opcode ID: 3a1402493b52144332fc7ef885a246e0bef5bb5eddb931c8bdeb75c83dbb8659
Instruction ID: d4b91d13d3bc14ba4be56a1b9cb1a2bf15fd670dd864a25189cb40bdb1b8fc35
Opcode Fuzzy Hash: 3a1402493b52144332fc7ef885a246e0bef5bb5eddb931c8bdeb75c83dbb8659
Instruction Fuzzy Hash: 26511722E19B8556F700DF29E0407AAA7A1FB917D0FA00175EA9D17BE9CF3EE042D710

Function 00007FF78ACB5860 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 117
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 00007FF78ACB590A
_CreateFrameInfo.LIBVCRUNTIME ref: 00007FF78ACB5936

Strings

csm, xrefs: 00007FF78ACB5A36

Memory Dump Source

Source File: 00000008.00000002.2220239215.00007FF78ACB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF78ACB0000, based on PE: true

Associated: 00000008.00000002.2220217393.00007FF78ACB0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2220275547.00007FF78ACB8000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2220302704.00007FF78ACBC000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2220327152.00007FF78ACBD000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff78acb0000_createdump.jbxd

Similarity

API ID: CreateFrameInfo__except_validate_context_record
String ID: csm
API String ID: 2558813199-1018135373
Opcode ID: 08459d2de849ea082ca6f7467207d0873ef5a0572d3180cf677e49d91fe67cef
Instruction ID: 6a114eb5e682b9710fe90609bcf548c040508d97ad7a2f84402541253ec44db0
Opcode Fuzzy Hash: 08459d2de849ea082ca6f7467207d0873ef5a0572d3180cf677e49d91fe67cef
Instruction Fuzzy Hash: 5A51CF3761A74696E620FB15E14026EB7B4FB88B90F641174EB8E07B95CF3DE062CB10

Function 00007FF78ACB17E0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 59networkCOMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 00007FF78ACB17EB
WSAStartup.WS2_32 ref: 00007FF78ACB186C

Part of subcall function 00007FF78ACB1450: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF78ACB1475
Part of subcall function 00007FF78ACB1450: fprintf.MSPDB140-MSVCRT ref: 00007FF78ACB1485
Part of subcall function 00007FF78ACB1450: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF78ACB1494
Part of subcall function 00007FF78ACB1450: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF78ACB14B3
Part of subcall function 00007FF78ACB1450: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF78ACB14BE
Part of subcall function 00007FF78ACB1450: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF78ACB14C7

Strings

string too long, xrefs: 00007FF78ACB17E4
Pipe syntax in dump name not supported, xrefs: 00007FF78ACB1850
--name, xrefs: 00007FF78ACB180A

Memory Dump Source

Source File: 00000008.00000002.2220239215.00007FF78ACB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF78ACB0000, based on PE: true

Associated: 00000008.00000002.2220217393.00007FF78ACB0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2220275547.00007FF78ACB8000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2220302704.00007FF78ACBC000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2220327152.00007FF78ACBD000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff78acb0000_createdump.jbxd

Similarity

API ID: __acrt_iob_func$StartupXinvalid_argument__stdio_common_vfprintffflushfprintfstd::_
String ID: --name$Pipe syntax in dump name not supported$string too long
API String ID: 1412700758-3183687674
Opcode ID: 937e6b2c28cea08e1eee527b5bf6a7363096d6cc0634c1c423fcc3cad23f2144
Instruction ID: 7790f2a66d05b5c9f992cef78d10f22c0bf77bd478173b061008152aabf1ce75
Opcode Fuzzy Hash: 937e6b2c28cea08e1eee527b5bf6a7363096d6cc0634c1c423fcc3cad23f2144
Instruction Fuzzy Hash: 3C01D822A19A81B5F761AF12EC417FAA750BB49798FA00075EE0C07651CE3DD487C710

Function 00007FF78ACB1CE0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 54networkCOMMON

Download Yara Rule

APIs

gethostname.WS2_32 ref: 00007FF78ACB1CFA
WSAGetLastError.WS2_32 ref: 00007FF78ACB1DA9

Strings

%%%%%%%%, xrefs: 00007FF78ACB1D5C
Could not get the host name for dump name: %d, xrefs: 00007FF78ACB1DB2

Memory Dump Source

Source File: 00000008.00000002.2220239215.00007FF78ACB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF78ACB0000, based on PE: true

Associated: 00000008.00000002.2220217393.00007FF78ACB0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2220275547.00007FF78ACB8000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2220302704.00007FF78ACBC000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2220327152.00007FF78ACBD000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff78acb0000_createdump.jbxd

Similarity

API ID: ErrorLastgethostname
String ID: %%%%%%%%$Could not get the host name for dump name: %d
API String ID: 3782448640-4114407318
Opcode ID: 320cb389b9e396755b8a5578c83a0b73153155c3fa84c5d330cc0819ada1fb95
Instruction ID: 453c54042663e5e816f296196c14a4ace68ce9b4c034f715deb30f9ab0836634
Opcode Fuzzy Hash: 320cb389b9e396755b8a5578c83a0b73153155c3fa84c5d330cc0819ada1fb95
Instruction Fuzzy Hash: 2711B221A0A74265F745BB21E8507BAA290BF867A0FA01175DA5F1B2D6DE3ED443C360

Function 00007FF78ACB4158 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 31COMMON

Download Yara Rule

APIs

terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF78ACB41B8

Strings

MOC, xrefs: 00007FF78ACB4170
csm, xrefs: 00007FF78ACB4178
RCC, xrefs: 00007FF78ACB4168

Memory Dump Source

Source File: 00000008.00000002.2220239215.00007FF78ACB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF78ACB0000, based on PE: true

Associated: 00000008.00000002.2220217393.00007FF78ACB0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2220275547.00007FF78ACB8000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2220302704.00007FF78ACBC000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2220327152.00007FF78ACBD000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff78acb0000_createdump.jbxd

Similarity

API ID: terminate
String ID: MOC$RCC$csm
API String ID: 1821763600-2671469338
Opcode ID: 2eecf08628838b8288b91de4d166118c23004d29b6453832f1ed38693e8fa958
Instruction ID: 63f8ddc8a6275ed819612c9ee98616b79a041994d83fd27e4d2141a32ba84a46
Opcode Fuzzy Hash: 2eecf08628838b8288b91de4d166118c23004d29b6453832f1ed38693e8fa958
Instruction Fuzzy Hash: 2BF08C3A91D35AA1F3247B55E2450ADB364FF58B44FAC50B1D718062A2CF7DE4A2C622

Function 00007FF78ACB20C0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(-3333333333333333,?,00000000,00007FF78ACB18EE), ref: 00007FF78ACB21E0
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF78ACB221E

Strings

Invalid process id '%d' error %d, xrefs: 00007FF78ACB2447

Memory Dump Source

Source File: 00000008.00000002.2220239215.00007FF78ACB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF78ACB0000, based on PE: true

Associated: 00000008.00000002.2220217393.00007FF78ACB0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2220275547.00007FF78ACB8000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2220302704.00007FF78ACBC000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2220327152.00007FF78ACBD000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff78acb0000_createdump.jbxd

Similarity

API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
String ID: Invalid process id '%d' error %d
API String ID: 73155330-4244389950
Opcode ID: bba2875ca5ab07f9a8534c7e54732a79a80581b419c8ee845a73c6edf0a3127c
Instruction ID: aa12aa97881f9277b2ce6a968dbcb74766a2cff40ba80b95084e9d02906f5dcc
Opcode Fuzzy Hash: bba2875ca5ab07f9a8534c7e54732a79a80581b419c8ee845a73c6edf0a3127c
Instruction Fuzzy Hash: 8031C122B0A781A5FB10AF15D5442A9A3A5FB05BD0FE80671DB5D077E5CF7EE452C320

Function 00007FF78ACB3F84 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF78ACB173F), ref: 00007FF78ACB3FC8
RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF78ACB173F), ref: 00007FF78ACB400E

Strings

csm, xrefs: 00007FF78ACB3FFB

Memory Dump Source

Source File: 00000008.00000002.2220239215.00007FF78ACB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF78ACB0000, based on PE: true

Associated: 00000008.00000002.2220217393.00007FF78ACB0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2220275547.00007FF78ACB8000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2220302704.00007FF78ACBC000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2220327152.00007FF78ACBD000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff78acb0000_createdump.jbxd

Similarity

API ID: ExceptionFileHeaderRaise
String ID: csm
API String ID: 2573137834-1018135373
Opcode ID: 7531413fd5ba05c8efc2732aab9693bebd0b5d96e62eb0afc70bc4d0601aafd3
Instruction ID: bfb5c14d03f6cb038d14b5a23616e0de2c63c0afe082113904b0effc4ba4aa0f
Opcode Fuzzy Hash: 7531413fd5ba05c8efc2732aab9693bebd0b5d96e62eb0afc70bc4d0601aafd3
Instruction Fuzzy Hash: C4115136619B4192FB119F15F440269B7A0FB88B84FA842B0EF8D07B58DF3ED556C700

Analysis Process: obs-ffmpeg-mux.exePID: 7064, Parent PID: 6500COMMON

Non-executed Functions

Function 00007FF8A7BFB840 Relevance: 372.3, APIs: 121, Strings: 91, Instructions: 1269libraryloaderCOMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32 ref: 00007FF8A7BFB86D
free.MSVCRT ref: 00007FF8A7BFB876
calloc.MSVCRT ref: 00007FF8A7BFB885
MultiByteToWideChar.KERNEL32 ref: 00007FF8A7BFB8C8
MultiByteToWideChar.KERNEL32 ref: 00007FF8A7BFB90A
GetModuleHandleW.KERNEL32 ref: 00007FF8A7BFB913
GetProcAddress.KERNEL32 ref: 00007FF8A7BFB92A
LoadLibraryExW.KERNEL32 ref: 00007FF8A7BFB940
_aligned_free.MSVCRT ref: 00007FF8A7BFB94C
GetProcAddress.KERNEL32 ref: 00007FF8A7BFB98A
GetProcAddress.KERNEL32 ref: 00007FF8A7BFB9C1
GetProcAddress.KERNEL32 ref: 00007FF8A7BFB9F9
GetProcAddress.KERNEL32 ref: 00007FF8A7BFBA31
GetProcAddress.KERNEL32 ref: 00007FF8A7BFBA69
GetProcAddress.KERNEL32 ref: 00007FF8A7BFBAA1
GetProcAddress.KERNEL32 ref: 00007FF8A7BFBAD9
GetProcAddress.KERNEL32 ref: 00007FF8A7BFBB11
GetProcAddress.KERNEL32 ref: 00007FF8A7BFBB49
GetProcAddress.KERNEL32 ref: 00007FF8A7BFBB81
GetProcAddress.KERNEL32 ref: 00007FF8A7BFBBB9
GetProcAddress.KERNEL32 ref: 00007FF8A7BFBBF1
GetProcAddress.KERNEL32 ref: 00007FF8A7BFBC29
GetProcAddress.KERNEL32 ref: 00007FF8A7BFBC61
GetProcAddress.KERNEL32 ref: 00007FF8A7BFBC99
GetProcAddress.KERNEL32 ref: 00007FF8A7BFBCD1
GetProcAddress.KERNEL32 ref: 00007FF8A7BFBD0C
GetProcAddress.KERNEL32 ref: 00007FF8A7BFBD47
GetProcAddress.KERNEL32 ref: 00007FF8A7BFBD82
GetProcAddress.KERNEL32 ref: 00007FF8A7BFBDBD
GetProcAddress.KERNEL32 ref: 00007FF8A7BFBDF8
GetProcAddress.KERNEL32 ref: 00007FF8A7BFBE33
GetProcAddress.KERNEL32 ref: 00007FF8A7BFBE6E
GetProcAddress.KERNEL32 ref: 00007FF8A7BFBEA9
GetProcAddress.KERNEL32 ref: 00007FF8A7BFBEE4
GetProcAddress.KERNEL32 ref: 00007FF8A7BFBF1F
GetProcAddress.KERNEL32 ref: 00007FF8A7BFBF5A
GetProcAddress.KERNEL32 ref: 00007FF8A7BFBF95
GetProcAddress.KERNEL32 ref: 00007FF8A7BFBFD0
GetProcAddress.KERNEL32 ref: 00007FF8A7BFC00B
GetProcAddress.KERNEL32 ref: 00007FF8A7BFC046
GetProcAddress.KERNEL32 ref: 00007FF8A7BFC081
GetProcAddress.KERNEL32 ref: 00007FF8A7BFC0BC
GetProcAddress.KERNEL32 ref: 00007FF8A7BFC0F7
GetProcAddress.KERNEL32 ref: 00007FF8A7BFC132
GetProcAddress.KERNEL32 ref: 00007FF8A7BFC16D
GetProcAddress.KERNEL32 ref: 00007FF8A7BFC1A8
GetProcAddress.KERNEL32 ref: 00007FF8A7BFC1E3
GetProcAddress.KERNEL32 ref: 00007FF8A7BFC21E
GetProcAddress.KERNEL32 ref: 00007FF8A7BFC259
GetProcAddress.KERNEL32 ref: 00007FF8A7BFC294
GetProcAddress.KERNEL32 ref: 00007FF8A7BFC2CF
GetProcAddress.KERNEL32 ref: 00007FF8A7BFC30A
GetProcAddress.KERNEL32 ref: 00007FF8A7BFC345
GetProcAddress.KERNEL32 ref: 00007FF8A7BFC380
GetProcAddress.KERNEL32 ref: 00007FF8A7BFC3BB
GetProcAddress.KERNEL32 ref: 00007FF8A7BFC3F6
GetProcAddress.KERNEL32 ref: 00007FF8A7BFC431
GetProcAddress.KERNEL32 ref: 00007FF8A7BFC46C
GetProcAddress.KERNEL32 ref: 00007FF8A7BFC4A7
GetProcAddress.KERNEL32 ref: 00007FF8A7BFC4E2
GetProcAddress.KERNEL32 ref: 00007FF8A7BFC51D
GetProcAddress.KERNEL32 ref: 00007FF8A7BFC558
GetProcAddress.KERNEL32 ref: 00007FF8A7BFC593
GetProcAddress.KERNEL32 ref: 00007FF8A7BFC5CE
GetProcAddress.KERNEL32 ref: 00007FF8A7BFC609
GetProcAddress.KERNEL32 ref: 00007FF8A7BFC644
GetProcAddress.KERNEL32 ref: 00007FF8A7BFC67F
GetProcAddress.KERNEL32 ref: 00007FF8A7BFC6BA
GetProcAddress.KERNEL32 ref: 00007FF8A7BFC6F5
GetProcAddress.KERNEL32 ref: 00007FF8A7BFC730
GetProcAddress.KERNEL32 ref: 00007FF8A7BFC76B
GetProcAddress.KERNEL32 ref: 00007FF8A7BFC7A6
GetProcAddress.KERNEL32 ref: 00007FF8A7BFC7DE
GetProcAddress.KERNEL32 ref: 00007FF8A7BFC819
GetProcAddress.KERNEL32 ref: 00007FF8A7BFC854
GetProcAddress.KERNEL32 ref: 00007FF8A7BFC88F
GetProcAddress.KERNEL32 ref: 00007FF8A7BFC8CA
GetProcAddress.KERNEL32 ref: 00007FF8A7BFC905
GetProcAddress.KERNEL32 ref: 00007FF8A7BFC940
GetProcAddress.KERNEL32 ref: 00007FF8A7BFC97B
GetProcAddress.KERNEL32 ref: 00007FF8A7BFC9B6
GetProcAddress.KERNEL32 ref: 00007FF8A7BFC9F1
GetProcAddress.KERNEL32 ref: 00007FF8A7BFCA2C
GetProcAddress.KERNEL32 ref: 00007FF8A7BFCA67
GetProcAddress.KERNEL32 ref: 00007FF8A7BFCAA2
GetProcAddress.KERNEL32 ref: 00007FF8A7BFCADD
GetProcAddress.KERNEL32 ref: 00007FF8A7BFCB18
GetProcAddress.KERNEL32 ref: 00007FF8A7BFCB53
GetProcAddress.KERNEL32 ref: 00007FF8A7BFCB8E
GetProcAddress.KERNEL32 ref: 00007FF8A7BFCBC9
GetProcAddress.KERNEL32 ref: 00007FF8A7BFCC04
GetProcAddress.KERNEL32 ref: 00007FF8A7BFCC3F
GetProcAddress.KERNEL32 ref: 00007FF8A7BFCC7A
_errno.MSVCRT ref: 00007FF8A7BFCCBA
GetModuleHandleW.KERNEL32 ref: 00007FF8A7BFCCD7
GetProcAddress.KERNEL32 ref: 00007FF8A7BFCCEE
LoadLibraryExA.KERNEL32 ref: 00007FF8A7BFCD08
FreeLibrary.KERNEL32 ref: 00007FF8A7BFCD4B
free.MSVCRT ref: 00007FF8A7BFCD54
_aligned_free.MSVCRT ref: 00007FF8A7BFD0AA
_aligned_free.MSVCRT ref: 00007FF8A7BFD0B1

Strings

cuDeviceGetAttribute, xrefs: 00007FF8A7BFBA2A, 00007FF8A7BFBA33
cuDevicePrimaryCtxGetState, xrefs: 00007FF8A7BFC0B5, 00007FF8A7BFC0BE
cuModuleGetFunction, xrefs: 00007FF8A7BFC516, 00007FF8A7BFC51F
cuEGLStreamProducerPresentFrame, xrefs: 00007FF8A7BFCB87, 00007FF8A7BFCB90
cuMemFree_v2, xrefs: 00007FF8A7BFBCCA, 00007FF8A7BFBCD3
cuCtxPopCurrent_v2, xrefs: 00007FF8A7BFBB7A, 00007FF8A7BFBB83
cuLinkComplete, xrefs: 00007FF8A7BFC42A, 00007FF8A7BFC433
cuMemcpyHtoD_v2, xrefs: 00007FF8A7BFBDF1, 00007FF8A7BFBDFA
cuCtxCreate_v2, xrefs: 00007FF8A7BFBAD2, 00007FF8A7BFBADB
cuMemcpyDtoD_v2, xrefs: 00007FF8A7BFBEDD, 00007FF8A7BFBEE6
cuStreamDestroy_v2, xrefs: 00007FF8A7BFC1DC, 00007FF8A7BFC1E5
cuImportExternalSemaphore, xrefs: 00007FF8A7BFC939, 00007FF8A7BFC942
cuCtxPushCurrent_v2, xrefs: 00007FF8A7BFBB42, 00007FF8A7BFBB4B
cuDeviceGetUuid, xrefs: 00007FF8A7BFC79F, 00007FF8A7BFC7A8
cuEventCreate, xrefs: 00007FF8A7BFC252, 00007FF8A7BFC25B
cuDevicePrimaryCtxRelease, xrefs: 00007FF8A7BFC03F, 00007FF8A7BFC048
cuMemAlloc_v2, xrefs: 00007FF8A7BFBBEA, 00007FF8A7BFBBF3
cuGraphicsUnregisterResource, xrefs: 00007FF8A7BFC678, 00007FF8A7BFC681
SetDefaultDllDirectories, xrefs: 00007FF8A7BFB920, 00007FF8A7BFCCE4
cuGraphicsSubResourceGetMappedArray, xrefs: 00007FF8A7BFC729, 00007FF8A7BFC732
cuStreamAddCallback, xrefs: 00007FF8A7BFC217, 00007FF8A7BFC220
cuGLGetDevices_v2, xrefs: 00007FF8A7BFC602, 00007FF8A7BFC60B
cuEventQuery, xrefs: 00007FF8A7BFC303, 00007FF8A7BFC30C
Loaded lib: %s, xrefs: 00007FF8A7BFB968
cuEGLStreamProducerDisconnect, xrefs: 00007FF8A7BFCB11, 00007FF8A7BFCB1A
cuStreamQuery, xrefs: 00007FF8A7BFC166, 00007FF8A7BFC16F
cuEGLStreamProducerReturnFrame, xrefs: 00007FF8A7BFCBC2, 00007FF8A7BFCBCB
cuEventDestroy_v2, xrefs: 00007FF8A7BFC28D, 00007FF8A7BFC296
cuLaunchKernel, xrefs: 00007FF8A7BFC379, 00007FF8A7BFC382
nvcuda.dll, xrefs: 00007FF8A7BFB8C1, 00007FF8A7BFB8F9, 00007FF8A7BFB961, 00007FF8A7BFCD01, 00007FF8A7BFD0C1
cuMemsetD8Async, xrefs: 00007FF8A7BFBC92, 00007FF8A7BFBC9B
cuMemcpy, xrefs: 00007FF8A7BFBD05, 00007FF8A7BFBD0E
cuGetErrorString, xrefs: 00007FF8A7BFBF8E, 00007FF8A7BFBF97
cuModuleUnload, xrefs: 00007FF8A7BFC4DB, 00007FF8A7BFC4E4
cuMemcpyHtoDAsync_v2, xrefs: 00007FF8A7BFBE2C, 00007FF8A7BFBE35
cuGraphicsMapResources, xrefs: 00007FF8A7BFC6B3, 00007FF8A7BFC6BC
cuGraphicsGLRegisterImage, xrefs: 00007FF8A7BFC63D, 00007FF8A7BFC646
cuImportExternalMemory, xrefs: 00007FF8A7BFC7D7, 00007FF8A7BFC7E0
cuGetErrorName, xrefs: 00007FF8A7BFBF53, 00007FF8A7BFBF5C
cuEventRecord, xrefs: 00007FF8A7BFC33E, 00007FF8A7BFC347
cuMemAllocPitch_v2, xrefs: 00007FF8A7BFBC22, 00007FF8A7BFBC2B
cuExternalMemoryGetMappedBuffer, xrefs: 00007FF8A7BFC84D, 00007FF8A7BFC856
cuTexObjectCreate, xrefs: 00007FF8A7BFC58C, 00007FF8A7BFC595
cuMipmappedArrayDestroy, xrefs: 00007FF8A7BFC8FE, 00007FF8A7BFC907
cuEGLStreamConsumerDisconnect, xrefs: 00007FF8A7BFCB4C, 00007FF8A7BFCB55
cuMemcpyDtoH_v2, xrefs: 00007FF8A7BFBE67, 00007FF8A7BFBE70
cuExternalMemoryGetMappedMipmappedArray, xrefs: 00007FF8A7BFC888, 00007FF8A7BFC891
cuInit, xrefs: 00007FF8A7BFB983, 00007FF8A7BFB98C
Cannot load %s, xrefs: 00007FF8A7BFCD20, 00007FF8A7BFD0C8
Loaded sym: %s, xrefs: 00007FF8A7BFB99F, 00007FF8A7BFB9D7, 00007FF8A7BFBA0F, 00007FF8A7BFBA47, 00007FF8A7BFBA7F, 00007FF8A7BFBAB7, 00007FF8A7BFBAEF, 00007FF8A7BFBB27, 00007FF8A7BFBB5F, 00007FF8A7BFBB97, 00007FF8A7BFBBCF, 00007FF8A7BFBC07, 00007FF8A7BFBC3F, 00007FF8A7BFBC77, 00007FF8A7BFBCAF, 00007FF8A7BFBCEA, 00007FF8A7BFBD25, 00007FF8A7BFBD60, 00007FF8A7BFBD9B, 00007FF8A7BFBDD6, 00007FF8A7BFBE11, 00007FF8A7BFBE4C, 00007FF8A7BFBE87, 00007FF8A7BFBEC2, 00007FF8A7BFBEFD, 00007FF8A7BFBF38, 00007FF8A7BFBF73, 00007FF8A7BFBFAE, 00007FF8A7BFBFE9, 00007FF8A7BFC024, 00007FF8A7BFC05F, 00007FF8A7BFC09A, 00007FF8A7BFC0D5, 00007FF8A7BFC110, 00007FF8A7BFC14B, 00007FF8A7BFC186, 00007FF8A7BFC1C1, 00007FF8A7BFC1FC, 00007FF8A7BFC237, 00007FF8A7BFC272, 00007FF8A7BFC2AD, 00007FF8A7BFC2E8, 00007FF8A7BFC323, 00007FF8A7BFC35E, 00007FF8A7BFC399, 00007FF8A7BFC3D4, 00007FF8A7BFC40F, 00007FF8A7BFC44A, 00007FF8A7BFC485, 00007FF8A7BFC4C0, 00007FF8A7BFC4FB, 00007FF8A7BFC536, 00007FF8A7BFC571, 00007FF8A7BFC5AC, 00007FF8A7BFC5E7, 00007FF8A7BFC622, 00007FF8A7BFC65D, 00007FF8A7BFC698, 00007FF8A7BFC6D3, 00007FF8A7BFC70E, 00007FF8A7BFC749, 00007FF8A7BFC784, 00007FF8A7BFC7BC, 00007FF8A7BFC7F7, 00007FF8A7BFC832, 00007FF8A7BFC86D, 00007FF8A7BFC8A8, 00007FF8A7BFC8E3, 00007FF8A7BFC91E, 00007FF8A7BFC959, 00007FF8A7BFC994, 00007FF8A7BFC9CF, 00007FF8A7BFCA0A, 00007FF8A7BFCA45, 00007FF8A7BFCA80, 00007FF8A7BFCABB, 00007FF8A7BFCAF6, 00007FF8A7BFCB31, 00007FF8A7BFCB6C, 00007FF8A7BFCBA7, 00007FF8A7BFCBE2, 00007FF8A7BFCC1D, 00007FF8A7BFCC58, 00007FF8A7BFCC93
cuEventSynchronize, xrefs: 00007FF8A7BFC2C8, 00007FF8A7BFC2D1
cuDeviceGetCount, xrefs: 00007FF8A7BFB9BA, 00007FF8A7BFB9C3
cuMemcpyAsync, xrefs: 00007FF8A7BFBD40, 00007FF8A7BFBD49
cuMemcpyDtoDAsync_v2, xrefs: 00007FF8A7BFBF18, 00007FF8A7BFBF21
cuStreamCreate, xrefs: 00007FF8A7BFC12B, 00007FF8A7BFC134
cuDevicePrimaryCtxSetFlags, xrefs: 00007FF8A7BFC07A, 00007FF8A7BFC083
cuGraphicsD3D11RegisterResource, xrefs: 00007FF8A7BFCC73, 00007FF8A7BFCC7C
cuMemcpyDtoHAsync_v2, xrefs: 00007FF8A7BFBEA2, 00007FF8A7BFBEAB
cuDeviceGet, xrefs: 00007FF8A7BFB9F2, 00007FF8A7BFB9FB
cuDestroyExternalSemaphore, xrefs: 00007FF8A7BFC974, 00007FF8A7BFC97D
cuTexObjectDestroy, xrefs: 00007FF8A7BFC5C7, 00007FF8A7BFC5D0
cuGraphicsResourceGetMappedPointer_v2, xrefs: 00007FF8A7BFC764, 00007FF8A7BFC76D
cuDevicePrimaryCtxReset, xrefs: 00007FF8A7BFC0F0, 00007FF8A7BFC0F9
kernel32.dll, xrefs: 00007FF8A7BFB90C, 00007FF8A7BFCCD0
cuD3D11GetDevices, xrefs: 00007FF8A7BFCC38, 00007FF8A7BFCC41
cuMemAllocManaged, xrefs: 00007FF8A7BFBC5A, 00007FF8A7BFBC63
cuCtxGetDevice, xrefs: 00007FF8A7BFBFC9, 00007FF8A7BFBFD2
cuModuleGetGlobal, xrefs: 00007FF8A7BFC551, 00007FF8A7BFC55A
cuMipmappedArrayGetLevel, xrefs: 00007FF8A7BFC8C3, 00007FF8A7BFC8CC
cuD3D11GetDevice, xrefs: 00007FF8A7BFCBFD, 00007FF8A7BFCC06
cuEGLStreamProducerConnect, xrefs: 00007FF8A7BFCAD6, 00007FF8A7BFCADF
cuCtxSetLimit, xrefs: 00007FF8A7BFBB0A, 00007FF8A7BFBB13
cuArray3DCreate_v2, xrefs: 00007FF8A7BFCA60, 00007FF8A7BFCA69
cuLinkCreate, xrefs: 00007FF8A7BFC3B4, 00007FF8A7BFC3BD
cuSignalExternalSemaphoresAsync, xrefs: 00007FF8A7BFC9AF, 00007FF8A7BFC9B8
cuMemcpy2DAsync_v2, xrefs: 00007FF8A7BFBDB6, 00007FF8A7BFBDBF
cuDevicePrimaryCtxRetain, xrefs: 00007FF8A7BFC004, 00007FF8A7BFC00D
Cannot load optional %s, xrefs: 00007FF8A7BFCD70, 00007FF8A7BFCD90, 00007FF8A7BFCDB0, 00007FF8A7BFCDD0, 00007FF8A7BFCDF0, 00007FF8A7BFCE10, 00007FF8A7BFCE30, 00007FF8A7BFCE50, 00007FF8A7BFCE70, 00007FF8A7BFCE90, 00007FF8A7BFCEB0, 00007FF8A7BFCED0, 00007FF8A7BFCEF0, 00007FF8A7BFCF10, 00007FF8A7BFCF30, 00007FF8A7BFCF50
cuArrayCreate_v2, xrefs: 00007FF8A7BFCA25, 00007FF8A7BFCA2E
cuLinkDestroy, xrefs: 00007FF8A7BFC465, 00007FF8A7BFC46E
cuDeviceGetName, xrefs: 00007FF8A7BFBA62, 00007FF8A7BFBA6B
cuArrayDestroy, xrefs: 00007FF8A7BFCA9B, 00007FF8A7BFCAA4
cuDeviceComputeCapability, xrefs: 00007FF8A7BFBA9A, 00007FF8A7BFBAA3
cuGraphicsUnmapResources, xrefs: 00007FF8A7BFC6EE, 00007FF8A7BFC6F7
cuModuleLoadData, xrefs: 00007FF8A7BFC4A0, 00007FF8A7BFC4A9
cuMemcpy2D_v2, xrefs: 00007FF8A7BFBD7B, 00007FF8A7BFBD84
cuWaitExternalSemaphoresAsync, xrefs: 00007FF8A7BFC9EA, 00007FF8A7BFC9F3
cuDestroyExternalMemory, xrefs: 00007FF8A7BFC812, 00007FF8A7BFC81B
cuCtxDestroy_v2, xrefs: 00007FF8A7BFBBB2, 00007FF8A7BFBBBB
cuStreamSynchronize, xrefs: 00007FF8A7BFC1A1, 00007FF8A7BFC1AA
cuLinkAddData, xrefs: 00007FF8A7BFC3EF, 00007FF8A7BFC3F8

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: AddressProc$Library$_aligned_free$ByteCharFreeHandleLoadModuleMultiWidefree$_errnocalloc
String ID: Cannot load %s$Cannot load optional %s$Loaded lib: %s$Loaded sym: %s$SetDefaultDllDirectories$cuArray3DCreate_v2$cuArrayCreate_v2$cuArrayDestroy$cuCtxCreate_v2$cuCtxDestroy_v2$cuCtxGetDevice$cuCtxPopCurrent_v2$cuCtxPushCurrent_v2$cuCtxSetLimit$cuD3D11GetDevice$cuD3D11GetDevices$cuDestroyExternalMemory$cuDestroyExternalSemaphore$cuDeviceComputeCapability$cuDeviceGet$cuDeviceGetAttribute$cuDeviceGetCount$cuDeviceGetName$cuDeviceGetUuid$cuDevicePrimaryCtxGetState$cuDevicePrimaryCtxRelease$cuDevicePrimaryCtxReset$cuDevicePrimaryCtxRetain$cuDevicePrimaryCtxSetFlags$cuEGLStreamConsumerDisconnect$cuEGLStreamProducerConnect$cuEGLStreamProducerDisconnect$cuEGLStreamProducerPresentFrame$cuEGLStreamProducerReturnFrame$cuEventCreate$cuEventDestroy_v2$cuEventQuery$cuEventRecord$cuEventSynchronize$cuExternalMemoryGetMappedBuffer$cuExternalMemoryGetMappedMipmappedArray$cuGLGetDevices_v2$cuGetErrorName$cuGetErrorString$cuGraphicsD3D11RegisterResource$cuGraphicsGLRegisterImage$cuGraphicsMapResources$cuGraphicsResourceGetMappedPointer_v2$cuGraphicsSubResourceGetMappedArray$cuGraphicsUnmapResources$cuGraphicsUnregisterResource$cuImportExternalMemory$cuImportExternalSemaphore$cuInit$cuLaunchKernel$cuLinkAddData$cuLinkComplete$cuLinkCreate$cuLinkDestroy$cuMemAllocManaged$cuMemAllocPitch_v2$cuMemAlloc_v2$cuMemFree_v2$cuMemcpy$cuMemcpy2DAsync_v2$cuMemcpy2D_v2$cuMemcpyAsync$cuMemcpyDtoDAsync_v2$cuMemcpyDtoD_v2$cuMemcpyDtoHAsync_v2$cuMemcpyDtoH_v2$cuMemcpyHtoDAsync_v2$cuMemcpyHtoD_v2$cuMemsetD8Async$cuMipmappedArrayDestroy$cuMipmappedArrayGetLevel$cuModuleGetFunction$cuModuleGetGlobal$cuModuleLoadData$cuModuleUnload$cuSignalExternalSemaphoresAsync$cuStreamAddCallback$cuStreamCreate$cuStreamDestroy_v2$cuStreamQuery$cuStreamSynchronize$cuTexObjectCreate$cuTexObjectDestroy$cuWaitExternalSemaphoresAsync$kernel32.dll$nvcuda.dll
API String ID: 3405737670-3447704524
Opcode ID: 4af3281c0e25db81b3078cec52e73783fda2d96fdf649ea0d565a5970141e5c3
Instruction ID: 705070ffb83d682c1ca36567d669b4d5a89e4e0f1f36787ef5fc9294f2a61ada
Opcode Fuzzy Hash: 4af3281c0e25db81b3078cec52e73783fda2d96fdf649ea0d565a5970141e5c3
Instruction Fuzzy Hash: F1D20965A0BB47A1EB01EF20E8656FD27A6EF84BC5F844432C84D0B795DE7CE506E390

Function 00007FF8A7BFFDF0 Relevance: 140.7, APIs: 62, Strings: 18, Instructions: 667libraryloaderCOMMON

Download Yara Rule

APIs

atoi.MSVCRT ref: 00007FF8A7BFFE1E
MultiByteToWideChar.KERNEL32 ref: 00007FF8A7BFFE84
MultiByteToWideChar.KERNEL32 ref: 00007FF8A7BFFEC6
GetProcAddress.KERNEL32 ref: 00007FF8A7BFFEEE
LoadLibraryExW.KERNEL32 ref: 00007FF8A7BFFF04
_aligned_free.MSVCRT ref: 00007FF8A7BFFF12
MultiByteToWideChar.KERNEL32 ref: 00007FF8A7BFFF50
MultiByteToWideChar.KERNEL32 ref: 00007FF8A7BFFF9A
GetProcAddress.KERNEL32 ref: 00007FF8A7BFFFB4
LoadLibraryExW.KERNEL32 ref: 00007FF8A7BFFFCA
_aligned_free.MSVCRT ref: 00007FF8A7BFFFD6
GetProcAddress.KERNEL32 ref: 00007FF8A7BFFFF2
GetProcAddress.KERNEL32 ref: 00007FF8A7C000D6
GetDesktopWindow.USER32 ref: 00007FF8A7C0014A
_errno.MSVCRT ref: 00007FF8A7C00220
GetProcAddress.KERNEL32 ref: 00007FF8A7C00256
LoadLibraryExA.KERNEL32 ref: 00007FF8A7C00270
_errno.MSVCRT ref: 00007FF8A7C0027B
GetProcAddress.KERNEL32 ref: 00007FF8A7C002A8
_aligned_free.MSVCRT ref: 00007FF8A7C002B5
_aligned_free.MSVCRT ref: 00007FF8A7C002BC
GetProcAddress.KERNEL32 ref: 00007FF8A7C00398
GetDesktopWindow.USER32 ref: 00007FF8A7C003EB

Strings

Failed to load D3D9 library, xrefs: 00007FF8A7C005C5
dxva2.dll, xrefs: 00007FF8A7BFFF36, 00007FF8A7BFFF89, 00007FF8A7C00598
Failed to create Direct3D device manager, xrefs: 00007FF8A7C0098A
Failed to open device handle, xrefs: 00007FF8A7C009A8
Direct3DCreate9Ex, xrefs: 00007FF8A7C00011
&, xrefs: 00007FF8A7C00408
kernel32.dll, xrefs: 00007FF8A7BFFECF, 00007FF8A7BFFF9C, 00007FF8A7C00237, 00007FF8A7C00290
Using D3D9Ex device., xrefs: 00007FF8A7C0019A
Failed to locate Direct3DCreate9, xrefs: 00007FF8A7C00A50
Direct3DCreate9, xrefs: 00007FF8A7C0030F
d3d9.dll, xrefs: 00007FF8A7BFFE5A, 00007FF8A7BFFEB5, 00007FF8A7C00269
Failed to create Direct3D device, xrefs: 00007FF8A7C00425
Failed to bind Direct3D device to device manager, xrefs: 00007FF8A7C0096C
Failed to locate DXVA2CreateDirect3DDeviceManager9, xrefs: 00007FF8A7C0094E
Failed to load DXVA2 library, xrefs: 00007FF8A7C002C9
Failed to create IDirect3D object, xrefs: 00007FF8A7C00A18
DXVA2CreateDirect3DDeviceManager9, xrefs: 00007FF8A7BFFFE8
SetDefaultDllDirectories, xrefs: 00007FF8A7BFFEE4, 00007FF8A7BFFFAA, 00007FF8A7C0024C, 00007FF8A7C0029E

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: AddressProc$ByteCharMultiWide_aligned_free$LibraryLoad$DesktopWindow_errno$atoi
String ID: &$DXVA2CreateDirect3DDeviceManager9$Direct3DCreate9$Direct3DCreate9Ex$Failed to bind Direct3D device to device manager$Failed to create Direct3D device$Failed to create Direct3D device manager$Failed to create IDirect3D object$Failed to load D3D9 library$Failed to load DXVA2 library$Failed to locate DXVA2CreateDirect3DDeviceManager9$Failed to locate Direct3DCreate9$Failed to open device handle$SetDefaultDllDirectories$Using D3D9Ex device.$d3d9.dll$dxva2.dll$kernel32.dll
API String ID: 1760633067-2418308259
Opcode ID: 1b8f3b45278436593ea4620b683ff6dcafb812b761b95205c1ba724c4eb98057
Instruction ID: 8961cd534909e156850a84de95b8bdff34c0f60939852074d1b96b613cdf8d51
Opcode Fuzzy Hash: 1b8f3b45278436593ea4620b683ff6dcafb812b761b95205c1ba724c4eb98057
Instruction Fuzzy Hash: BC528D31A0AB82A1EB649F65E4047BE67A1FF84BC0F014536D98E47B95DF7CE046E780

Function 00007FF8BFB63AA7 Relevance: 130.3, APIs: 64, Strings: 10, Instructions: 798COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF8BFB63940: av_channel_layout_describe.AVUTIL-58 ref: 00007FF8BFB63999
Part of subcall function 00007FF8BFB63940: av_log.AVUTIL-58 ref: 00007FF8BFB639B0

av_channel_layout_compare.AVUTIL-58 ref: 00007FF8BFB63BBE
av_channel_layout_subset.AVUTIL-58 ref: 00007FF8BFB63BCF
av_channel_layout_uninit.AVUTIL-58 ref: 00007FF8BFB63BDC
av_channel_layout_compare.AVUTIL-58 ref: 00007FF8BFB63C2E
av_channel_layout_subset.AVUTIL-58 ref: 00007FF8BFB63C3F
av_channel_layout_uninit.AVUTIL-58 ref: 00007FF8BFB63C4C
av_channel_layout_compare.AVUTIL-58 ref: 00007FF8BFB63CA3
av_channel_layout_compare.AVUTIL-58 ref: 00007FF8BFB63CD3
av_channel_layout_from_mask.AVUTIL-58 ref: 00007FF8BFB63CE4
av_channel_layout_describe.AVUTIL-58 ref: 00007FF8BFB63CF5
av_log.AVUTIL-58 ref: 00007FF8BFB63D0C
av_channel_layout_check.AVUTIL-58 ref: 00007FF8BFB63D14
av_log.AVUTIL-58 ref: 00007FF8BFB63D32
av_channel_layout_describe.AVUTIL-58 ref: 00007FF8BFB63D5A
av_log.AVUTIL-58 ref: 00007FF8BFB63D71
av_channel_layout_check.AVUTIL-58 ref: 00007FF8BFB63D7E
av_log.AVUTIL-58 ref: 00007FF8BFB63D9C
av_channel_layout_describe.AVUTIL-58 ref: 00007FF8BFB63DCB
av_log.AVUTIL-58 ref: 00007FF8BFB63DE2
av_channel_layout_uninit.AVUTIL-58 ref: 00007FF8BFB64A05
av_channel_layout_uninit.AVUTIL-58 ref: 00007FF8BFB64A0F

Strings

Output channel layout is invalid, xrefs: 00007FF8BFB63D87
Assertion %s failed at %s:%d, xrefs: 00007FF8BFB63F52
Output channel layout '%s' is not supported, xrefs: 00007FF8BFB63DDB
%s:%f , xrefs: 00007FF8BFB649C3
%s: , xrefs: 00007FF8BFB6497A
Input channel layout '%s' is not supported, xrefs: 00007FF8BFB63D6A
Full-on remixing from 22.2 has not yet been implemented! Processing the input as '%s', xrefs: 00007FF8BFB63D05
src/libswresample/rematrix.c, xrefs: 00007FF8BFB63F3B
Input channel layout is invalid, xrefs: 00007FF8BFB63D1D
Matrix coefficients:, xrefs: 00007FF8BFB64924

Memory Dump Source

Source File: 0000000B.00000002.2227411362.00007FF8BFB51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BFB50000, based on PE: true

Associated: 0000000B.00000002.2227392651.00007FF8BFB50000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227439652.00007FF8BFB69000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227461251.00007FF8BFB72000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227482039.00007FF8BFB73000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227501419.00007FF8BFB76000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227522561.00007FF8BFB77000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb50000_obs-ffmpeg-mux.jbxd

Similarity

API ID: av_log$av_channel_layout_compareav_channel_layout_describeav_channel_layout_uninit$av_channel_layout_checkav_channel_layout_subset$av_channel_layout_from_mask
String ID: %s: $%s:%f $Assertion %s failed at %s:%d$Full-on remixing from 22.2 has not yet been implemented! Processing the input as '%s'$Input channel layout '%s' is not supported$Input channel layout is invalid$Matrix coefficients:$Output channel layout '%s' is not supported$Output channel layout is invalid$src/libswresample/rematrix.c
API String ID: 2619559304-3174812640
Opcode ID: 5aa9f050ff1bdde174cdacfa5c37e80b8c215c118cb67db339f9d22cf6abd8d3
Instruction ID: dc5867ef09da7cd443d3ffe0a3f7c5cb0d980423bc9d066d8da5a450e350ef9c
Opcode Fuzzy Hash: 5aa9f050ff1bdde174cdacfa5c37e80b8c215c118cb67db339f9d22cf6abd8d3
Instruction Fuzzy Hash: 26827D22D1CF8695F666CEA9A4103BBF365EF963C4F509332DB4E66945DF3DE0818A00

Function 00007FF8BFB87508 Relevance: 90.2, APIs: 36, Strings: 15, Instructions: 913COMMON

Download Yara Rule

APIs

DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB875A4
DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8768B
DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB876D6
DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB876F7
DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB87767
DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB87779

Strings

`template static data member constructor helper', xrefs: 00007FF8BFB87FD4
virtual , xrefs: 00007FF8BFB88199
extern "C" , xrefs: 00007FF8BFB88336
static , xrefs: 00007FF8BFB88122
`vtordispex{, xrefs: 00007FF8BFB87B08
}' , xrefs: 00007FF8BFB87726, 00007FF8BFB87C67
`vtordisp{, xrefs: 00007FF8BFB87BDD
public: , xrefs: 00007FF8BFB8826F
`local static destructor helper', xrefs: 00007FF8BFB87F96
protected: , xrefs: 00007FF8BFB88248
`template static data member destructor helper', xrefs: 00007FF8BFB88017
private: , xrefs: 00007FF8BFB88216
`adjustor{, xrefs: 00007FF8BFB87C3C
/, xrefs: 00007FF8BFB8801E
[thunk]:, xrefs: 00007FF8BFB882E1

Memory Dump Source

Source File: 0000000B.00000002.2227563165.00007FF8BFB81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB80000, based on PE: true

Associated: 0000000B.00000002.2227543809.00007FF8BFB80000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227588075.00007FF8BFB91000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227703058.00007FF8BFB96000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227726183.00007FF8BFB97000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb80000_obs-ffmpeg-mux.jbxd

Similarity

API ID: Name::operator+
String ID: /$[thunk]:$`adjustor{$`local static destructor helper'$`template static data member constructor helper'$`template static data member destructor helper'$`vtordispex{$`vtordisp{$extern "C" $private: $protected: $public: $static $virtual $}'
API String ID: 2943138195-2884338863
Opcode ID: dfe3c345cf42f50a30eb54d6b673e306e5f826d7c41941afd65b24be17fee6d5
Instruction ID: a3b6ce949c3797d67e2760f05b50147cdb32243b6c39215a80d81e251aad42f3
Opcode Fuzzy Hash: dfe3c345cf42f50a30eb54d6b673e306e5f826d7c41941afd65b24be17fee6d5
Instruction Fuzzy Hash: B4924372A1C78296EB50DB98E4802AEB7A0FBC4384F505135FB8E47A9ADF7CD544CB40

Function 00007FF8BFB64B4A Relevance: 83.2, APIs: 43, Strings: 4, Instructions: 981COMMON

Download Yara Rule

APIs

av_get_packed_sample_fmt.AVUTIL-58 ref: 00007FF8BFB64BAC
av_get_packed_sample_fmt.AVUTIL-58 ref: 00007FF8BFB64BC5
av_calloc.AVUTIL-58 ref: 00007FF8BFB64C81
av_mallocz.AVUTIL-58 ref: 00007FF8BFB64C93
av_channel_layout_compare.AVUTIL-58 ref: 00007FF8BFB64DAC
av_channel_layout_compare.AVUTIL-58 ref: 00007FF8BFB64DF3
av_channel_layout_compare.AVUTIL-58 ref: 00007FF8BFB64E3C
av_channel_layout_compare.AVUTIL-58 ref: 00007FF8BFB64ED5
av_channel_layout_compare.AVUTIL-58 ref: 00007FF8BFB64F19
av_channel_layout_compare.AVUTIL-58 ref: 00007FF8BFB65047
av_channel_layout_compare.AVUTIL-58 ref: 00007FF8BFB6508E
av_channel_layout_compare.AVUTIL-58 ref: 00007FF8BFB650D7
av_channel_layout_compare.AVUTIL-58 ref: 00007FF8BFB65170
av_channel_layout_compare.AVUTIL-58 ref: 00007FF8BFB651B4
av_calloc.AVUTIL-58 ref: 00007FF8BFB652AA
av_mallocz.AVUTIL-58 ref: 00007FF8BFB652BC
av_channel_layout_compare.AVUTIL-58 ref: 00007FF8BFB65380
av_channel_layout_compare.AVUTIL-58 ref: 00007FF8BFB653C7
av_channel_layout_compare.AVUTIL-58 ref: 00007FF8BFB65410
av_channel_layout_compare.AVUTIL-58 ref: 00007FF8BFB654A9
av_channel_layout_compare.AVUTIL-58 ref: 00007FF8BFB654ED
av_calloc.AVUTIL-58 ref: 00007FF8BFB655E3
av_mallocz.AVUTIL-58 ref: 00007FF8BFB655F5
av_channel_layout_compare.AVUTIL-58 ref: 00007FF8BFB656BD
av_channel_layout_compare.AVUTIL-58 ref: 00007FF8BFB65704
av_channel_layout_compare.AVUTIL-58 ref: 00007FF8BFB6574D
av_channel_layout_compare.AVUTIL-58 ref: 00007FF8BFB657E6
av_channel_layout_compare.AVUTIL-58 ref: 00007FF8BFB6582A
av_mallocz.AVUTIL-58 ref: 00007FF8BFB65918
av_calloc.AVUTIL-58 ref: 00007FF8BFB65937
av_freep.AVUTIL-58 ref: 00007FF8BFB65963
av_channel_layout_compare.AVUTIL-58 ref: 00007FF8BFB65A2C
av_channel_layout_compare.AVUTIL-58 ref: 00007FF8BFB65A73
av_channel_layout_compare.AVUTIL-58 ref: 00007FF8BFB65ABC
av_channel_layout_compare.AVUTIL-58 ref: 00007FF8BFB65B55
av_channel_layout_compare.AVUTIL-58 ref: 00007FF8BFB65B99
av_log.AVUTIL-58 ref: 00007FF8BFB65C71
abort.MSVCRT ref: 00007FF8BFB65C76
av_get_cpu_flags.AVUTIL-58 ref: 00007FF8BFB672E3
av_calloc.AVUTIL-58 ref: 00007FF8BFB67341
av_mallocz.AVUTIL-58 ref: 00007FF8BFB67352

Strings

?, xrefs: 00007FF8BFB65AAA
Assertion %s failed at %s:%d, xrefs: 00007FF8BFB65C62
@, xrefs: 00007FF8BFB64C24
src/libswresample/rematrix.c, xrefs: 00007FF8BFB65C4B

Memory Dump Source

Source File: 0000000B.00000002.2227411362.00007FF8BFB51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BFB50000, based on PE: true

Associated: 0000000B.00000002.2227392651.00007FF8BFB50000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227439652.00007FF8BFB69000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227461251.00007FF8BFB72000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227482039.00007FF8BFB73000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227501419.00007FF8BFB76000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227522561.00007FF8BFB77000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb50000_obs-ffmpeg-mux.jbxd

Similarity

API ID: av_channel_layout_compare$av_callocav_mallocz$av_get_packed_sample_fmt$abortav_freepav_get_cpu_flagsav_log
String ID: ?$@$Assertion %s failed at %s:%d$src/libswresample/rematrix.c
API String ID: 589828794-1409810779
Opcode ID: 5188afd4967a419cf0fd434335850466d59e66cd640ed80c7eb5b51fe742ae3d
Instruction ID: 23e286bab471394794b717b5f2a20ba024f57c17da20395f03f1014374bbd326
Opcode Fuzzy Hash: 5188afd4967a419cf0fd434335850466d59e66cd640ed80c7eb5b51fe742ae3d
Instruction Fuzzy Hash: 22A2F77390CA8AA5F7628BA99059FBAB3A8FF053C0F505135CB8D57684DF3DA099C704

Function 00007FF6129E2EE0 Relevance: 54.6, APIs: 29, Strings: 2, Instructions: 313COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140 ref: 00007FF6129E2F39
SetErrorMode.KERNEL32 ref: 00007FF6129E2F5D
malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6129E2F6B
WideCharToMultiByte.KERNEL32 ref: 00007FF6129E2FD8
malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6129E2FE7
WideCharToMultiByte.KERNEL32 ref: 00007FF6129E3016
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF6129E3044
_fileno.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF6129E304D
_setmode.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF6129E305A
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF6129E3065
setvbuf.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF6129E3077
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF6129E3098
fprintf.MSPDB140-MSVCRT ref: 00007FF6129E30A8
malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6129E30F8
realloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6129E311C
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF6129E3167
fprintf.MSPDB140-MSVCRT ref: 00007FF6129E3177
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6129E319A
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6129E31A3
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6129E31C5
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6129E31D6
malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6129E3215
realloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6129E3239
av_rescale_q_rnd.AVUTIL-58 ref: 00007FF6129E330C
av_rescale_q_rnd.AVUTIL-58 ref: 00007FF6129E3344
av_interleaved_write_frame.AVFORMAT-60 ref: 00007FF6129E336D
av_strerror.AVUTIL-58 ref: 00007FF6129E33BA
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF6129E33C4
fprintf.MSPDB140-MSVCRT ref: 00007FF6129E33DE

Part of subcall function 00007FF6129E2320: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,00007FF6129E29D8,?,?,?,00007FF6129E12F1), ref: 00007FF6129E2357

Strings

Couldn't initialize muxer, xrefs: 00007FF6129E30A1, 00007FF6129E3170
av_interleaved_write_frame failed: %d: %s, xrefs: 00007FF6129E33D7

Memory Dump Source

Source File: 0000000B.00000002.2221719961.00007FF6129E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6129E0000, based on PE: true

Associated: 0000000B.00000002.2221699491.00007FF6129E0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2221744703.00007FF6129E5000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2221759176.00007FF6129E6000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2221776644.00007FF6129E9000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6129e0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: __acrt_iob_func$freemalloc$fprintf$ByteCharMultiWideav_rescale_q_rndrealloc$ErrorMode__stdio_common_vfprintf_fileno_setmodeav_interleaved_write_frameav_strerrormemsetsetvbuf
String ID: Couldn't initialize muxer$av_interleaved_write_frame failed: %d: %s
API String ID: 4192084208-164389310
Opcode ID: 90e4d641eae2122b72088982d14054dbbcc6ef952270b6c02c8a2abd6878b3b9
Instruction ID: 529990e58752d9466228f9a772c0ac5f2427b7961600a0dae3d2dc742d4bc1d5
Opcode Fuzzy Hash: 90e4d641eae2122b72088982d14054dbbcc6ef952270b6c02c8a2abd6878b3b9
Instruction Fuzzy Hash: FEE18132A08E8186E720DF6BE8503BD6761FB88FA8F404939DE0D97756EFB8D5458700

Function 00007FF8A7BEC2F0 Relevance: 51.3, APIs: 25, Strings: 4, Instructions: 582stringCOMMON

Download Yara Rule

APIs

strcmp.MSVCRT ref: 00007FF8A7BEC347
strtol.MSVCRT ref: 00007FF8A7BEC3ED
strchr.MSVCRT ref: 00007FF8A7BEC462
strcmp.MSVCRT ref: 00007FF8A7BEC564
_aligned_free.MSVCRT ref: 00007FF8A7BEC594
_aligned_free.MSVCRT ref: 00007FF8A7BEC59E
_aligned_free.MSVCRT ref: 00007FF8A7BEC5D5

Strings

ambisonic , xrefs: 00007FF8A7BEC3A0
channels, xrefs: 00007FF8A7BECB80
mono, xrefs: 00007FF8A7BEC317
%d channels (%[^)], xrefs: 00007FF8A7BEC44B

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _aligned_free$strcmp$strchrstrtol
String ID: channels$%d channels (%[^)]$ambisonic $mono
API String ID: 6235670-221731140
Opcode ID: 9a9eb1e0a00dde1935faf8ff688298a0d262cbf1e4cfcb0e70de2c1dca8238e4
Instruction ID: dd7f250768444454186d89ac61579f48fbfe10d6e3e5ae0eb274f322c802c856
Opcode Fuzzy Hash: 9a9eb1e0a00dde1935faf8ff688298a0d262cbf1e4cfcb0e70de2c1dca8238e4
Instruction Fuzzy Hash: A84281B3A0E682A5EB648F15E45037E67A1FB84BC0F549035DA8D47B95EF3CE442EB40

Function 00007FF8BFB58DB0 Relevance: 42.1, APIs: 12, Strings: 12, Instructions: 108COMMON

Download Yara Rule

APIs

av_opt_set_chlayout.AVUTIL-58 ref: 00007FF8BFB58DFE
av_opt_set_int.AVUTIL-58 ref: 00007FF8BFB58E1B
av_opt_set_int.AVUTIL-58 ref: 00007FF8BFB58E38
av_opt_set_chlayout.AVUTIL-58 ref: 00007FF8BFB58E5A
av_opt_set_int.AVUTIL-58 ref: 00007FF8BFB58E7C
av_opt_set_int.AVUTIL-58 ref: 00007FF8BFB58E9E
av_opt_set_int.AVUTIL-58 ref: 00007FF8BFB58EBB
av_opt_set_int.AVUTIL-58 ref: 00007FF8BFB58ED0
av_opt_set_int.AVUTIL-58 ref: 00007FF8BFB58EE5
av_opt_set_int.AVUTIL-58 ref: 00007FF8BFB58EFA
av_opt_set_int.AVUTIL-58 ref: 00007FF8BFB58F0F
av_log.AVUTIL-58 ref: 00007FF8BFB58F53

Strings

osf, xrefs: 00007FF8BFB58E11
och, xrefs: 00007FF8BFB58F08
Failed to set option, xrefs: 00007FF8BFB58F40
ochl, xrefs: 00007FF8BFB58DE7
ich, xrefs: 00007FF8BFB58EF3
uch, xrefs: 00007FF8BFB58EB1
isr, xrefs: 00007FF8BFB58E94
ichl, xrefs: 00007FF8BFB58E50
osr, xrefs: 00007FF8BFB58E2E
icl, xrefs: 00007FF8BFB58EC9
isf, xrefs: 00007FF8BFB58E72
ocl, xrefs: 00007FF8BFB58EDE

Memory Dump Source

Source File: 0000000B.00000002.2227411362.00007FF8BFB51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BFB50000, based on PE: true

Associated: 0000000B.00000002.2227392651.00007FF8BFB50000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227439652.00007FF8BFB69000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227461251.00007FF8BFB72000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227482039.00007FF8BFB73000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227501419.00007FF8BFB76000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227522561.00007FF8BFB77000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb50000_obs-ffmpeg-mux.jbxd

Similarity

API ID: av_opt_set_int$av_opt_set_chlayout$av_log
String ID: Failed to set option$ich$ichl$icl$isf$isr$och$ochl$ocl$osf$osr$uch
API String ID: 4144258317-3247528414
Opcode ID: 10ab7c08c9e10468c087a0fc18b47031af3b6046317781463100eb67561eeeb0
Instruction ID: d73a74d02a417476c71cdee5adff2657d8965f814a9c05578b1518452dfbfec0
Opcode Fuzzy Hash: 10ab7c08c9e10468c087a0fc18b47031af3b6046317781463100eb67561eeeb0
Instruction Fuzzy Hash: 92417CA5B0825361FB60A7E9A962BB7B751EF983C8F805432EF4C47A55EE3CE0048700

Function 00007FF8A7C12D90 Relevance: 26.5, APIs: 7, Strings: 8, Instructions: 203COMMON

Download Yara Rule

APIs

_read.MSVCRT ref: 00007FF8A7C12E0D
_close.MSVCRT ref: 00007FF8A7C12E17
_read.MSVCRT ref: 00007FF8A7C12E48
_close.MSVCRT ref: 00007FF8A7C12E52
clock.MSVCRT ref: 00007FF8A7C12EF9

Strings

Microsoft Primitive Provider, xrefs: 00007FF8A7C12DA0
/dev/random, xrefs: 00007FF8A7C12E27
N, xrefs: 00007FF8A7C13087
Assertion %s failed at %s:%d, xrefs: 00007FF8A7C13080
/dev/urandom, xrefs: 00007FF8A7C12DEC
sizeof(tmp) >= av_sha_size, xrefs: 00007FF8A7C13070
src/libavutil/random_seed.c, xrefs: 00007FF8A7C13069
RNG, xrefs: 00007FF8A7C12DA7

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _close_read$clock
String ID: /dev/random$/dev/urandom$Assertion %s failed at %s:%d$Microsoft Primitive Provider$N$RNG$sizeof(tmp) >= av_sha_size$src/libavutil/random_seed.c
API String ID: 3077350862-4220122895
Opcode ID: 42a263d787bb1900c231adad2bae4144787def7db549a8d8b5a27e8b710399cc
Instruction ID: 5b264a2885ead62009a104311b3ed1d1a18f94d4a3427b79cba916c723a0ecf5
Opcode Fuzzy Hash: 42a263d787bb1900c231adad2bae4144787def7db549a8d8b5a27e8b710399cc
Instruction Fuzzy Hash: B3714472B1A642B6FB289F24E5412BD3791EF883C0F50413AEA0E87A95FE7CE544D740

Function 00007FF8A7C0F2C0 Relevance: 23.2, APIs: 3, Strings: 10, Instructions: 461COMMON

Download Yara Rule

APIs

_errno.MSVCRT ref: 00007FF8A7C0F94F
_errno.MSVCRT ref: 00007FF8A7C0F977

Strings

%H%M%S, xrefs: 00007FF8A7C0F6A9
%Y%m%d, xrefs: 00007FF8A7C0F64D
%M:%S, xrefs: 00007FF8A7C0F923
+, xrefs: 00007FF8A7C0F5A4
%H:%M:%S, xrefs: 00007FF8A7C0F68E
now, xrefs: 00007FF8A7C0F613
%Y - %m - %d, xrefs: 00007FF8A7C0F62C
%H:%M, xrefs: 00007FF8A7C0F57A
%J:%M:%S, xrefs: 00007FF8A7C0F331
AliceBlue, xrefs: 00007FF8A7C0F5CD

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _errno
String ID: %H%M%S$%H:%M$%H:%M:%S$%J:%M:%S$%M:%S$%Y - %m - %d$%Y%m%d$+$AliceBlue$now
API String ID: 2918714741-785088730
Opcode ID: 8cc4219109180221a37125365c6cb82e6481bf229ae85591e8e1ba171042397c
Instruction ID: 023dcfb832c837fcaf75593f9498608f31d8b714759b83d530eb52f5d54a6419
Opcode Fuzzy Hash: 8cc4219109180221a37125365c6cb82e6481bf229ae85591e8e1ba171042397c
Instruction Fuzzy Hash: F0025832B1E69666FB20CF25E44033EAB91EB817C4F548131DA4D07BE5DE3DE546AB40

Function 00007FF8A7BED9B0 Relevance: 21.3, APIs: 6, Strings: 6, Instructions: 272COMMON

Download Yara Rule

APIs

abort.MSVCRT ref: 00007FF8A7BED9FF

Strings

av_crc_init(av_crc_table[AV_CRC_16_CCITT], 0, 16, 0x1021, sizeof(av_crc_table[AV_CRC_16_CCITT])) >= 0, xrefs: 00007FF8A7BEDAFB
av_crc_init(av_crc_table[AV_CRC_8_ATM], 0, 8, 0x07, sizeof(av_crc_table[AV_CRC_8_ATM])) >= 0, xrefs: 00007FF8A7BED9DB, 00007FF8A7BEDA3B, 00007FF8A7BEDA9B
src/libavutil/crc.c, xrefs: 00007FF8A7BED9D4, 00007FF8A7BEDA34, 00007FF8A7BEDA94, 00007FF8A7BEDAF4, 00007FF8A7BEDB54, 00007FF8A7BEDBB4
av_crc_init(av_crc_table[AV_CRC_24_IEEE], 0, 24, 0x864CFB, sizeof(av_crc_table[AV_CRC_24_IEEE])) >= 0, xrefs: 00007FF8A7BEDB5B
av_crc_init(av_crc_table[AV_CRC_32_IEEE], 0, 32, 0x04C11DB7, sizeof(av_crc_table[AV_CRC_32_IEEE])) >= 0, xrefs: 00007FF8A7BEDBBB
Assertion %s failed at %s:%d, xrefs: 00007FF8A7BED9EB, 00007FF8A7BEDA4B, 00007FF8A7BEDAAB, 00007FF8A7BEDB0B, 00007FF8A7BEDB6B, 00007FF8A7BEDBCB

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: abort
String ID: Assertion %s failed at %s:%d$av_crc_init(av_crc_table[AV_CRC_16_CCITT], 0, 16, 0x1021, sizeof(av_crc_table[AV_CRC_16_CCITT])) >= 0$av_crc_init(av_crc_table[AV_CRC_24_IEEE], 0, 24, 0x864CFB, sizeof(av_crc_table[AV_CRC_24_IEEE])) >= 0$av_crc_init(av_crc_table[AV_CRC_32_IEEE], 0, 32, 0x04C11DB7, sizeof(av_crc_table[AV_CRC_32_IEEE])) >= 0$av_crc_init(av_crc_table[AV_CRC_8_ATM], 0, 8, 0x07, sizeof(av_crc_table[AV_CRC_8_ATM])) >= 0$src/libavutil/crc.c
API String ID: 4206212132-2611614167
Opcode ID: 92c9e43b5e3701d523069e98b3d843c3635d7b65042acc036af35ff1e6a13f27
Instruction ID: 384b9b1fc25ef92d2baf52cb86a0ec3ec77c49445e36ec991a77acde93fbcbea
Opcode Fuzzy Hash: 92c9e43b5e3701d523069e98b3d843c3635d7b65042acc036af35ff1e6a13f27
Instruction Fuzzy Hash: 35A1C4B3F1AA4697E7009F64D8817ED36A1EB84784FC48236D60DC6792EE7CE146E700

Function 00007FF8A7BFED32 Relevance: 17.7, APIs: 3, Strings: 7, Instructions: 176libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32 ref: 00007FF8A7BFED8A

Strings

dxgidebug.dll, xrefs: 00007FF8A7BFEF50
d3d11_1sdklayers.dll, xrefs: 00007FF8A7BFED80
Using device %04x:%04x (%ls)., xrefs: 00007FF8A7BFEEEF
DXGIGetDebugInterface, xrefs: 00007FF8A7BFEF65
Failed to create Direct3D device (%lx), xrefs: 00007FF8A7BFF02D
Failed to load D3D11 library or its functions, xrefs: 00007FF8A7BFF00B
debug, xrefs: 00007FF8A7BFED66

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: LibraryLoad
String ID: DXGIGetDebugInterface$Failed to create Direct3D device (%lx)$Failed to load D3D11 library or its functions$Using device %04x:%04x (%ls).$d3d11_1sdklayers.dll$debug$dxgidebug.dll
API String ID: 1029625771-4247103231
Opcode ID: 5e2a214d2a33974e5b6e87ebf4458333bd18d13c46bc31c7c438c065be5d4816
Instruction ID: 754694359c03af3db5957a0d1a1ee1c91ac9b0c3ca8e862af9a9dd0b9c168158
Opcode Fuzzy Hash: 5e2a214d2a33974e5b6e87ebf4458333bd18d13c46bc31c7c438c065be5d4816
Instruction Fuzzy Hash: D2712872B0AB42A2EB508F29E45077E67A0FB84BC8F545132DA8D47BA4DF7DE405E740

Function 00007FF8A7C0C650 Relevance: 16.8, APIs: 1, Strings: 10, Instructions: 299COMMON

Download Yara Rule

Strings

Unable to parse option value "%s", xrefs: 00007FF8A7C0CBAE
max, xrefs: 00007FF8A7C0C7C9
%d%*1[:/]%d%c, xrefs: 00007FF8A7C0CB60
default, xrefs: 00007FF8A7C0C784
-, xrefs: 00007FF8A7C0CA63
min, xrefs: 00007FF8A7C0C7E0
none, xrefs: 00007FF8A7C0C7EF
all, xrefs: 00007FF8A7C0C7FE
The "%s" option is deprecated: %s, xrefs: 00007FF8A7C0CABE
const_values array too small for %s, xrefs: 00007FF8A7C0CB8A

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID: %d%*1[:/]%d%c$-$The "%s" option is deprecated: %s$Unable to parse option value "%s"$all$const_values array too small for %s$default$max$min$none
API String ID: 0-679463259
Opcode ID: 9d9d9a3b7a0190a60b3e1d7de4052083c20cc3d048e1b11ee78faf5db607be51
Instruction ID: c80c2f163aeb0cd4c6e9ce6e8bed67ae332b1277f5193ae624fd2461f147be78
Opcode Fuzzy Hash: 9d9d9a3b7a0190a60b3e1d7de4052083c20cc3d048e1b11ee78faf5db607be51
Instruction Fuzzy Hash: 72E1BF33A0AB8296E7718F14E4407AFB3A4FB85788F144232EA8D57684DF3CD146EB40

Function 00007FF8BFB568B0 Relevance: 16.3, APIs: 6, Strings: 3, Instructions: 567COMMON

Download Yara Rule

APIs

av_malloc_array.AVUTIL-58 ref: 00007FF8BFB56976
av_malloc_array.AVUTIL-58 ref: 00007FF8BFB5698B

Strings

Assertion %s failed at %s:%d, xrefs: 00007FF8BFB56D05
src/libswresample/resample.c, xrefs: 00007FF8BFB56CEA, 00007FF8BFB573D2
tap_count == 1 || tap_count % 2 == 0, xrefs: 00007FF8BFB573E1

Memory Dump Source

Source File: 0000000B.00000002.2227411362.00007FF8BFB51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BFB50000, based on PE: true

Associated: 0000000B.00000002.2227392651.00007FF8BFB50000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227439652.00007FF8BFB69000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227461251.00007FF8BFB72000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227482039.00007FF8BFB73000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227501419.00007FF8BFB76000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227522561.00007FF8BFB77000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb50000_obs-ffmpeg-mux.jbxd

Similarity

API ID: av_malloc_array
String ID: Assertion %s failed at %s:%d$src/libswresample/resample.c$tap_count == 1 || tap_count % 2 == 0
API String ID: 1862890220-3187375394
Opcode ID: 821feb5264397491c723a34886a4805e0f008ad312c9caf0883d02201ff3be8e
Instruction ID: f13741d8450be293af949bc2605954e4a0c26aa1dba8a58a84938fd3e7cbd5e7
Opcode Fuzzy Hash: 821feb5264397491c723a34886a4805e0f008ad312c9caf0883d02201ff3be8e
Instruction Fuzzy Hash: B4427472D28F8549D6238B78986127AB725FF963C4F51D337EA4E36A55DF2CF0828600

Function 00007FF8A7C04C80 Relevance: 15.4, APIs: 3, Strings: 7, Instructions: 398COMMON

Download Yara Rule

Strings

[%s @ %p] , xrefs: 00007FF8A7C04DCB, 00007FF8A7C04E42
Last message repeated %d times, xrefs: 00007FF8A7C052F6
Last message repeated %d times, xrefs: 00007FF8A7C04FA2
[%s] , xrefs: 00007FF8A7C05316
%s%s%s%s, xrefs: 00007FF8A7C04F2A
?, xrefs: 00007FF8A7C050A8
8, xrefs: 00007FF8A7C0529D

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID: Last message repeated %d times$ Last message repeated %d times$%s%s%s%s$8$?$[%s @ %p] $[%s]
API String ID: 0-179686365
Opcode ID: ce54885c60954f378c52401b716c70c516f3c7c7a1fae476ce4e39e9d3599150
Instruction ID: fad14397280f9dde9b396e99692d554faa40dc3792357ecd9b7182a5d22c2709
Opcode Fuzzy Hash: ce54885c60954f378c52401b716c70c516f3c7c7a1fae476ce4e39e9d3599150
Instruction Fuzzy Hash: 78F10572A0E68666FB609F11A4407BE67A1FF867C4F444036DE8D07386DE3DE586E780

Function 00007FF8A7C024D0 Relevance: 14.4, APIs: 5, Strings: 3, Instructions: 442COMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 00007FF8A7C0262A
abort.MSVCRT ref: 00007FF8A7C026EF
memcpy.MSVCRT ref: 00007FF8A7C02A6B

Strings

ret >= 0, xrefs: 00007FF8A7C026CB
src/libavutil/imgutils.c, xrefs: 00007FF8A7C026C4
Assertion %s failed at %s:%d, xrefs: 00007FF8A7C026DB

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: memcpy$abort
String ID: Assertion %s failed at %s:%d$ret >= 0$src/libavutil/imgutils.c
API String ID: 3629556515-2504023021
Opcode ID: 2312a6da2723e7e0594906141bd6e79322ef9e88a15247b0ee1471fd6e159ad7
Instruction ID: f07b4b2a32143b835280aac53789c967370e0ea3137e189913812e930e378d81
Opcode Fuzzy Hash: 2312a6da2723e7e0594906141bd6e79322ef9e88a15247b0ee1471fd6e159ad7
Instruction Fuzzy Hash: FE02DE36A0968196EB60CF15E4403AEB7A0FB897C4F544135DE8E93B98EF3DE446DB40

Function 00007FF8BFBA6CBC Relevance: 13.6, APIs: 9, Instructions: 72COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32 ref: 00007FF8BFBA6CD8
memset.VCRUNTIME140 ref: 00007FF8BFBA6CFC
RtlCaptureContext.KERNEL32 ref: 00007FF8BFBA6D05
RtlLookupFunctionEntry.KERNEL32 ref: 00007FF8BFBA6D1F
RtlVirtualUnwind.KERNEL32 ref: 00007FF8BFBA6D60
memset.VCRUNTIME140 ref: 00007FF8BFBA6D93
IsDebuggerPresent.KERNEL32 ref: 00007FF8BFBA6DB4
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF8BFBA6DD5
UnhandledExceptionFilter.KERNEL32 ref: 00007FF8BFBA6DE0

Memory Dump Source

Source File: 0000000B.00000002.2227771240.00007FF8BFBA1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8BFBA0000, based on PE: true

Associated: 0000000B.00000002.2227749170.00007FF8BFBA0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2227797863.00007FF8BFBA8000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2227819325.00007FF8BFBAC000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfba0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
String ID:
API String ID: 313767242-0
Opcode ID: 13250969f5b2de30470bf22d6d750f243ba906d20c34ed2405166bb0a67cfad5
Instruction ID: 917ab1229e92aac6c67d73f9844038c5f1eecc0bcd7001cc73b1debfb2aaaab9
Opcode Fuzzy Hash: 13250969f5b2de30470bf22d6d750f243ba906d20c34ed2405166bb0a67cfad5
Instruction Fuzzy Hash: FC313E72609B8186EB609FA4E8507ED7361FB88784F44443ADB8E47B98EF3CD558C710

Function 00007FF6129E3C5C Relevance: 13.6, APIs: 9, Instructions: 72COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32 ref: 00007FF6129E3C78
memset.VCRUNTIME140 ref: 00007FF6129E3C9C
RtlCaptureContext.KERNEL32 ref: 00007FF6129E3CA5
RtlLookupFunctionEntry.KERNEL32 ref: 00007FF6129E3CBF
RtlVirtualUnwind.KERNEL32 ref: 00007FF6129E3D00
memset.VCRUNTIME140 ref: 00007FF6129E3D33
IsDebuggerPresent.KERNEL32 ref: 00007FF6129E3D54
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF6129E3D75
UnhandledExceptionFilter.KERNEL32 ref: 00007FF6129E3D80

Memory Dump Source

Source File: 0000000B.00000002.2221719961.00007FF6129E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6129E0000, based on PE: true

Associated: 0000000B.00000002.2221699491.00007FF6129E0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2221744703.00007FF6129E5000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2221759176.00007FF6129E6000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2221776644.00007FF6129E9000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6129e0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
String ID:
API String ID: 313767242-0
Opcode ID: 8e29f9cfb3282d508510f87b074f2afb23630758b427b43b81c2847ae2e7d6a0
Instruction ID: a41207eb4951f2e0dd3cc359ebe14fa6d1cf226ce5034b6081beddd00fcfaaf1
Opcode Fuzzy Hash: 8e29f9cfb3282d508510f87b074f2afb23630758b427b43b81c2847ae2e7d6a0
Instruction Fuzzy Hash: C0316E72609F8186EB608F66E8403ED7360FB84B58F444839DA4D87B95EFB8D248C704

Function 00007FF8A7C05980 Relevance: 12.7, APIs: 2, Strings: 5, Instructions: 408COMMON

Download Yara Rule

APIs

abort.MSVCRT ref: 00007FF8A7C059AF

Strings

cnt >= 0, xrefs: 00007FF8A7C0598F
[, xrefs: 00007FF8A7C059A2
Assertion %s failed at %s:%d, xrefs: 00007FF8A7C05996
?, xrefs: 00007FF8A7C05A39
src/libavutil/lzo.c, xrefs: 00007FF8A7C05984

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: abort
String ID: ?$Assertion %s failed at %s:%d$[$cnt >= 0$src/libavutil/lzo.c
API String ID: 4206212132-2884727783
Opcode ID: 7011ca950fc2a7db3eb286879491971854b83ca07a450eddb1490616219303e7
Instruction ID: a317324767a189a2caeafdb4043b72bd91389bd0ed278b701f5de7dec01bff23
Opcode Fuzzy Hash: 7011ca950fc2a7db3eb286879491971854b83ca07a450eddb1490616219303e7
Instruction Fuzzy Hash: FCE11672B1F662A7EB608E11A144B7D6AA2FB447C0F958131CE4D07780EA7DF606E780

Function 00007FF8A7BEBE20 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 216COMMON

Download Yara Rule

APIs

abort.MSVCRT ref: 00007FF8A7BEC141

Strings

ambisonic %d, xrefs: 00007FF8A7BEBF01
src/libavutil/channel_layout.c, xrefs: 00007FF8A7BEC116
Assertion %s failed at %s:%d, xrefs: 00007FF8A7BEC12D
channel_layout->order == AV_CHANNEL_ORDER_CUSTOM, xrefs: 00007FF8A7BEC11D

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: abort
String ID: Assertion %s failed at %s:%d$ambisonic %d$channel_layout->order == AV_CHANNEL_ORDER_CUSTOM$src/libavutil/channel_layout.c
API String ID: 4206212132-610793534
Opcode ID: 4154b1103f2502a80824f1cfea4b5c08add524b0e9befcb9efd5374d9646e1ef
Instruction ID: 736b549178fef7aeb4e45e53534e3a2215a533883e69db762d05b65170e1e6a9
Opcode Fuzzy Hash: 4154b1103f2502a80824f1cfea4b5c08add524b0e9befcb9efd5374d9646e1ef
Instruction Fuzzy Hash: 6E7129F3F2994643E7254B34D80176D5182EF947E0F4CD235E90AD6B85EA2CE5829B41

Function 00007FF8A7C646C0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 85COMMON

Download Yara Rule

APIs

abort.MSVCRT ref: 00007FF8A7C64707

Strings

Assertion %s failed at %s:%d, xrefs: 00007FF8A7C646F3
src/libavutil/utils.c, xrefs: 00007FF8A7C646DC
(state[4] & 3) == 3, xrefs: 00007FF8A7C646E3
n, xrefs: 00007FF8A7C646FA

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: abort
String ID: (state[4] & 3) == 3$Assertion %s failed at %s:%d$n$src/libavutil/utils.c
API String ID: 4206212132-3394967418
Opcode ID: f745146a8868629358c2eef4edc24f02b811a2bcba902581bbe48fb0424e79ec
Instruction ID: 5925a15c5381c954dafe1ab4907431e5c776cfa9ca2d49d278a4f8d67df20e59
Opcode Fuzzy Hash: f745146a8868629358c2eef4edc24f02b811a2bcba902581bbe48fb0424e79ec
Instruction Fuzzy Hash: 22217E6391E98256F7519E3C988427E72D2EB43BE5F951332E52AC25D0EF3CDB85D200

Function 00007FF8A7BEBA70 Relevance: 7.8, Strings: 6, Instructions: 250COMMON

Download Yara Rule

Strings

NONE, xrefs: 00007FF8A7BEBB96
%d channels (, xrefs: 00007FF8A7BEBB71
%d channels, xrefs: 00007FF8A7BEBB5E
@%s, xrefs: 00007FF8A7BEBC1D
AMBI%d, xrefs: 00007FF8A7BEBDD8
USR%d, xrefs: 00007FF8A7BEBCE0

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID: %d channels$%d channels ($@%s$AMBI%d$NONE$USR%d
API String ID: 0-1306170362
Opcode ID: b58385b35ee8c0576a5674ace7b060eb4fb2608f8c8b053f2f6c87950b102242
Instruction ID: d742082da5c1132ff05691024952c9523479acfaf9a47d901418c1ebc5b6bfde
Opcode Fuzzy Hash: b58385b35ee8c0576a5674ace7b060eb4fb2608f8c8b053f2f6c87950b102242
Instruction Fuzzy Hash: 2E91E2F2F1A557A2EB298E15A841E7E2691EF44BD0F44C031DD0E47785ED2CA982F740

Function 00007FF8A7C8DAA0 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 331COMMON

Download Yara Rule

Strings

pow, xrefs: 00007FF8A7C8DBCF, 00007FF8A7C8DCFE, 00007FF8A7C8E0AC

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID: pow
API String ID: 0-2276729525
Opcode ID: 4e4d1c9717f4655b5bbf70594396bdc5da546f85907a2c9caf3bda01d7e980ea
Instruction ID: ad3253eeb9ed91d3acb5b4118f4449af5ee6003786deda06ecba9f0f36533701
Opcode Fuzzy Hash: 4e4d1c9717f4655b5bbf70594396bdc5da546f85907a2c9caf3bda01d7e980ea
Instruction Fuzzy Hash: CCD1D822D0EA52B5F7625E25645037E6794EF5A3D0F208332EA8D361D9DF6DF881B380

Function 00007FF8A7C25B00 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 253COMMON

Download Yara Rule

APIs

abort.MSVCRT ref: 00007FF8A7C25E9A

Strings

src/libavutil/tx.c, xrefs: 00007FF8A7C25E6F
Assertion %s failed at %s:%d, xrefs: 00007FF8A7C25E86
', xrefs: 00007FF8A7C25E8D

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: abort
String ID: '$Assertion %s failed at %s:%d$src/libavutil/tx.c
API String ID: 4206212132-3565471776
Opcode ID: ec47289fc772912451eea82ccb2b1043ae62ca5012e7b26885c9d820250d193f
Instruction ID: 7cb0b36817467d3b91d57c71483ab71b7199a33236187afcba7e0e81b6a7ac6f
Opcode Fuzzy Hash: ec47289fc772912451eea82ccb2b1043ae62ca5012e7b26885c9d820250d193f
Instruction Fuzzy Hash: 02A10672A0A68196D760DF18E5403BEB7A1FB887D4F545035EA4E83764EF3DE841DB40

Function 00007FF8A7BED5C0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 79COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 00007FF8A7BED5CD
GetProcessAffinityMask.KERNEL32 ref: 00007FF8A7BED5E0

Strings

overriding to %d logical cores, xrefs: 00007FF8A7BED69D
detected %d logical cores, xrefs: 00007FF8A7BED6C3

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: Process$AffinityCurrentMask
String ID: detected %d logical cores$overriding to %d logical cores
API String ID: 1231390398-3421371979
Opcode ID: 2e9904b101b569c18024893eab007079966040748388d549111c530203c0def7
Instruction ID: 1689dc2f56e2e3a7387cd6fea0b2fbda783f6e9ed604b1b6076feda429761ad4
Opcode Fuzzy Hash: 2e9904b101b569c18024893eab007079966040748388d549111c530203c0def7
Instruction Fuzzy Hash: 1D21C1A3B2A90617E7144E29EC0136D1292FB987A0F4DD136DA0EC7B95FD7CE602C341

Function 00007FF8A7BE1C30 Relevance: 4.2, APIs: 3, Instructions: 497COMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 00007FF8A7BE1EA6
memcpy.MSVCRT ref: 00007FF8A7BE1EBB

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: memcpy
String ID:
API String ID: 3510742995-0
Opcode ID: 403baa3e1a488a5a0e7543da01e81e3aaffd6a2fe1ed6e15f3cbc0658172d83e
Instruction ID: db084ec03c3f68684de0ba84037f39e0ce36cbc662e01db52289ebfe06e1b92d
Opcode Fuzzy Hash: 403baa3e1a488a5a0e7543da01e81e3aaffd6a2fe1ed6e15f3cbc0658172d83e
Instruction Fuzzy Hash: 6032EFB2A0DBC096E7658F29E4403EEBBA1F795384F058126DBC943B56DB3CE165DB00

Function 00007FF8A7C90640 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 155COMMON

Download Yara Rule

APIs

_errno.MSVCRT ref: 00007FF8A7C90754

Strings

__powi, xrefs: 00007FF8A7C90761

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _errno
String ID: __powi
API String ID: 2918714741-2331859415
Opcode ID: 1ed4b1acd7149e56c63c0e5b63662fa1acdc3d18d69be49f294a8596855a1eb9
Instruction ID: fa6070f604dd55176af1927712dc1ea4d911a8a70b3d8489bcedce07031c5ef9
Opcode Fuzzy Hash: 1ed4b1acd7149e56c63c0e5b63662fa1acdc3d18d69be49f294a8596855a1eb9
Instruction Fuzzy Hash: 51517820E1EE47F5FBD64EA4996033A2364EFA67C8E149336D94D364C1EF1DA9C2A500

Function 00007FF8A7BE3B87 Relevance: 3.5, APIs: 2, Instructions: 484COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 238db13e466d98e71d78f61cae172d4804caeca104bc3b3bb4d467ddbb97d8ec
Instruction ID: 80f0480e9535fa13cceff6a4ff83e0c27d721e0bc7464f3f120ca7c0307cc5f9
Opcode Fuzzy Hash: 238db13e466d98e71d78f61cae172d4804caeca104bc3b3bb4d467ddbb97d8ec
Instruction Fuzzy Hash: 2422B0B2A0E7D5A9D7208E15A0403FEB7A1FB85BC0F544135EA9D53789EF2CE542E701

Function 00007FF8A7BEB030 Relevance: 3.1, APIs: 2, Instructions: 87stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF8A7BEAE10: strlen.MSVCRT ref: 00007FF8A7BEAE26
Part of subcall function 00007FF8A7BEAE10: memcmp.MSVCRT ref: 00007FF8A7BEAEA5

strtol.MSVCRT ref: 00007FF8A7BEB0F6
_errno.MSVCRT ref: 00007FF8A7BEB0FE

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _errnomemcmpstrlenstrtol
String ID:
API String ID: 1078869015-0
Opcode ID: 4e62ed5a4916453a6424c7a293e756ef9a25259ab9570582f9bd8a4894d05afe
Instruction ID: e75a6d0fa2a6c260933a27e57d6db748f3e5c6a0a3c4ef7f0cfaa9ddf2af531e
Opcode Fuzzy Hash: 4e62ed5a4916453a6424c7a293e756ef9a25259ab9570582f9bd8a4894d05afe
Instruction Fuzzy Hash: C2217FB3B2A50653EB5C8925DC2233D52C39B947B0F4CC139DE0AC6785F93C99968702

Function 00007FF8A7C89720 Relevance: 3.0, APIs: 2, Instructions: 39timeCOMMON

Download Yara Rule

APIs

GetTimeZoneInformation.KERNEL32 ref: 00007FF8A7C89739
GetSystemTimeAsFileTime.KERNEL32 ref: 00007FF8A7C89760

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: Time$FileInformationSystemZone
String ID:
API String ID: 2921752741-0
Opcode ID: a6735fc188ae2be04b6747e7321527e39212664d39bbfa2ed8a26b191bdbbc72
Instruction ID: a59717a95d1f357371eb225311622db58c17db1eb36db5a26792d9ba6faa0d99
Opcode Fuzzy Hash: a6735fc188ae2be04b6747e7321527e39212664d39bbfa2ed8a26b191bdbbc72
Instruction Fuzzy Hash: CF01D4B2B1854652EF68DF21F41037DA291EB547D4F08C131EA9E96798EF2CD445D700

Function 00007FF8A7C26350 Relevance: 1.7, Strings: 1, Instructions: 449COMMON

Download Yara Rule

Strings

%i: , xrefs: 00007FF8A7C2696A

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID: %i:
API String ID: 0-3112360579
Opcode ID: 56225696255aec5cf75f5aaaa0dab9d34a63c7dc86180539428f912345232fc3
Instruction ID: fab2023514668f6b7ba95948a9b7cfe04e7f2c624554433edccd0da8386f6517
Opcode Fuzzy Hash: 56225696255aec5cf75f5aaaa0dab9d34a63c7dc86180539428f912345232fc3
Instruction Fuzzy Hash: 65020173A0AB9292DB24DF28C46027C73A0FB60B88F654135CB5D23B90DF79E951D790

Function 00007FF8A7C25350 Relevance: 1.6, Strings: 1, Instructions: 329COMMON

Download Yara Rule

Strings

, xrefs: 00007FF8A7C25365, 00007FF8A7C2542D, 00007FF8A7C254AB, 00007FF8A7C25522, 00007FF8A7C2559D, 00007FF8A7C2561F, 00007FF8A7C25689, 00007FF8A7C256D4

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID: 0-399585960
Opcode ID: 32d18d1ae2b9536030ec3fb165465a0a39662cd1298dc4829aec3954e2195451
Instruction ID: 321f30f898c06f378f0805dbb8a520cc0fa5265464457eefad1f1169449157c8
Opcode Fuzzy Hash: 32d18d1ae2b9536030ec3fb165465a0a39662cd1298dc4829aec3954e2195451
Instruction Fuzzy Hash: 15E14B32A0968697E720AF16E480BAF77A4FB84BC4F514036DF8D43B55DE39E542DB80

Function 00007FF8A7C64840 Relevance: 1.4, Strings: 1, Instructions: 151COMMON

Download Yara Rule

Strings

0123456789abcdef, xrefs: 00007FF8A7C64840

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID: 0123456789abcdef
API String ID: 0-1757737011
Opcode ID: 067b04213758aebbec89ab64825b0ea9af463173314dc67680d0fe0a86fcad37
Instruction ID: 51e16081c6b482ad18476224c2e19a345c009c9c52e34290c1843add4c1ca93f
Opcode Fuzzy Hash: 067b04213758aebbec89ab64825b0ea9af463173314dc67680d0fe0a86fcad37
Instruction Fuzzy Hash: 4E61B8977292F19ED72247A9A810F9CBE56D266B45F1D4289D7C10BF93C212C0B2FB21

Function 00007FF8A7BEB150 Relevance: 1.4, Strings: 1, Instructions: 147COMMON

Download Yara Rule

Strings

%d channels, xrefs: 00007FF8A7BEB273

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID: %d channels
API String ID: 0-1351059727
Opcode ID: fb37549d1e1a87d1845128c91bcf027e9804e02a172115fddd54d2ad187c1367
Instruction ID: 8e7e5d3e939508498bf9b0966c397bd95f1403badc4e2ab6dad409756cec2b27
Opcode Fuzzy Hash: fb37549d1e1a87d1845128c91bcf027e9804e02a172115fddd54d2ad187c1367
Instruction Fuzzy Hash: 1B41D2B3F0A94662EB198E05BC02A6E1682EF94BF6F48D032DD0946B44FD3C9587E300

Function 00007FF8A7C22B60 Relevance: 1.4, Strings: 1, Instructions: 118COMMON

Download Yara Rule

Strings

%02u:%02u:%02u%c%02u, xrefs: 00007FF8A7C22C47

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID: %02u:%02u:%02u%c%02u
API String ID: 0-3773705257
Opcode ID: 05e44b18eb7a4dcf895f83e0c2975131c3305643ef67c3862a7710349e35a628
Instruction ID: 75d4ca458e715c338658c8846061788336f56ba9bb508a109a946bfd3ce202ad
Opcode Fuzzy Hash: 05e44b18eb7a4dcf895f83e0c2975131c3305643ef67c3862a7710349e35a628
Instruction Fuzzy Hash: F031BFB3F2A5555AFB25EE159C4076E2243F7447C9F898230ED0A4B758F93CE948E380

Function 00007FF8A7BEE9A0 Relevance: 1.4, Strings: 1, Instructions: 100COMMON

Download Yara Rule

Strings

9%lld, xrefs: 00007FF8A7BEEADF

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID: 9%lld
API String ID: 0-1067827528
Opcode ID: 4bf4b89b430cf95bf7994c152801e5258dcff788620b942f10691eac737950a8
Instruction ID: aac66258bdf9d8bbe593212eeb384ab8e848b3510220f25eee4c8d1ae21ae9cf
Opcode Fuzzy Hash: 4bf4b89b430cf95bf7994c152801e5258dcff788620b942f10691eac737950a8
Instruction Fuzzy Hash: A231C1A373594153E757CEA6A8552ED2792F3897CAF84A032FE0B87348E679DD06E100

Function 00007FF8A7BEE820 Relevance: 1.3, Strings: 1, Instructions: 97COMMON

Download Yara Rule

Strings

9%lld, xrefs: 00007FF8A7BEE95C

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID: 9%lld
API String ID: 0-1067827528
Opcode ID: b7dcea320b78e429be7da6e3a51ac97eece9d04196250d78cf97526035406e98
Instruction ID: 75482ecd64307d908e3b8eb0fcbb6389021084f7207d39a09ea618319d133096
Opcode Fuzzy Hash: b7dcea320b78e429be7da6e3a51ac97eece9d04196250d78cf97526035406e98
Instruction Fuzzy Hash: 8431C6A373195557E752CEA6A4556ED2752F34D7CAFC46032FE0AC7344EA78CD0AE200

Function 00007FF8A7C22CC0 Relevance: 1.3, Strings: 1, Instructions: 69COMMON

Download Yara Rule

Strings

%02u:%02u:%02u%c%02u, xrefs: 00007FF8A7C22D5D

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID: %02u:%02u:%02u%c%02u
API String ID: 0-3773705257
Opcode ID: fdd9d13a151395552cd65e209512f394c3a647e9cf21eb926f75bca4cb5d8e29
Instruction ID: 4b6e3259478d8558f6cdb222d693cf0b15c1885c81add3b4f7680caea484ecba
Opcode Fuzzy Hash: fdd9d13a151395552cd65e209512f394c3a647e9cf21eb926f75bca4cb5d8e29
Instruction Fuzzy Hash: D4112773528445469B49EF1A88116AD7691F390BC4FC84235EA9BCF344ED3CD709D704

Function 00007FF8A7BEB6A0 Relevance: 1.3, Strings: 1, Instructions: 67COMMON

Download Yara Rule

Strings

front left, xrefs: 00007FF8A7BEB743

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID: front left
API String ID: 0-959785498
Opcode ID: 23cad181ecbb07febb14ec29e22a05d1089456614179c0b502e2ad97e0cb5eae
Instruction ID: 4d31757ca64a0e2d7078b6bc562258033afbf3fc6c0adc04d079d2808b5c6865
Opcode Fuzzy Hash: 23cad181ecbb07febb14ec29e22a05d1089456614179c0b502e2ad97e0cb5eae
Instruction Fuzzy Hash: 8F11E7D7F3656A43EB604A2DCC01B5901C2D7957A174CD131E809C2F44FC3DE6429642

Function 00007FF8A7C087F0 Relevance: 1.3, APIs: 1, Instructions: 66COMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 00007FF8A7C08819

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: memset
String ID:
API String ID: 2221118986-0
Opcode ID: 30d0097c098d0a2c9e6ec4e870c0f712385f61fe009233d20c93c0c5dbd3fad9
Instruction ID: 5a35b87c3d5627300d083c20869375d040a3629af69b65da947ff4898fc4da88
Opcode Fuzzy Hash: 30d0097c098d0a2c9e6ec4e870c0f712385f61fe009233d20c93c0c5dbd3fad9
Instruction Fuzzy Hash: 4311B2A2711B4C52AD08C7AAA8B68B9925AA3ADFD4718F032CE0D5B354DD3CE091C340

Function 00007FF8A7C14920 Relevance: 1.0, Instructions: 994COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e651fe4c88c82812c6238caf3bdcde6ab459b46390ea8f8b4a9699f07545262f
Instruction ID: 1bda1fb4674d5b31257bf7ffee1b08a0ed086879fa134946f1178f46d8c42b44
Opcode Fuzzy Hash: e651fe4c88c82812c6238caf3bdcde6ab459b46390ea8f8b4a9699f07545262f
Instruction Fuzzy Hash: 6572EAB7B251204BE354CF2AE844E46BB92F7D8748B56A114EE56E7F04D23DEA06CF40

Function 00007FF8A7C13C00 Relevance: 1.0, Instructions: 989COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f1d4f91dbcd3920678f56ce2ea7d672d73a39a89e5afe551f032633b1d0d58bd
Instruction ID: 964c822f9f187339aa42b2d0479b64a4cd5d221fa53f8ffe4ad9e35da9718a6b
Opcode Fuzzy Hash: f1d4f91dbcd3920678f56ce2ea7d672d73a39a89e5afe551f032633b1d0d58bd
Instruction Fuzzy Hash: A0720977B282244B9318CF26E809D4AB796F7D4704B469128EF16D7F08E67DEA058F84

Function 00007FF8A7C03580 Relevance: .7, Instructions: 727COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a118a507555301ea384540139cf8e1fb3b65300ff54bfeb7e4b20e0f2e86e279
Instruction ID: 825945a5556259f70749e368445f0b23942f52eca5ab352ec8e4b425672cc25c
Opcode Fuzzy Hash: a118a507555301ea384540139cf8e1fb3b65300ff54bfeb7e4b20e0f2e86e279
Instruction Fuzzy Hash: 0A52066361D2A186E3648F69A400B3FF6A1FBD4781F10A129EFC993B99E73CD540DB50

Function 00007FF8A7C06820 Relevance: .6, Instructions: 593COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 36dddfe8cf3ff9be88c3b72cff50abe549f3a298be1906c93472ea6cf2cfdb2f
Instruction ID: 007f1cdac85b1506e5642b27f7d6de429fec37263e68defc195738d4fe4c1d0b
Opcode Fuzzy Hash: 36dddfe8cf3ff9be88c3b72cff50abe549f3a298be1906c93472ea6cf2cfdb2f
Instruction Fuzzy Hash: 7912A377B6016047D76CCF36E816F993796E399758389E12C9A02D7F08DA3DD90ACB80

Function 00007FF8A7C23560 Relevance: .5, Instructions: 518COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8160ea691a23e1b632a407eca822979379531e44aeec8686b9d2442b5e3ae57d
Instruction ID: e355a2c61ded5fb36f52494d659d3e468a2e4d016f01e8ff13a5ab7e0ee8a32e
Opcode Fuzzy Hash: 8160ea691a23e1b632a407eca822979379531e44aeec8686b9d2442b5e3ae57d
Instruction Fuzzy Hash: AA22C272B2AA4592DB60EF16E44492E7769FB85FC4B518136EF5E8B744DF38E400E380

Function 00007FF8A7C2CBE0 Relevance: .5, Instructions: 505COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff40ba625cf61736bb64c8bdf5840a366f4253e3d55665abfb5f43b414cbf64c
Instruction ID: 0aad16de59d5f99e6ef9f203eebbdea646d0e7253b1ff685105ca5ddef630061
Opcode Fuzzy Hash: ff40ba625cf61736bb64c8bdf5840a366f4253e3d55665abfb5f43b414cbf64c
Instruction Fuzzy Hash: 9722C462E29F904ED353CE75945223A6B58FFA67C4B41D323EE4B76B12DB34E5868200

Function 00007FF8A7C109B0 Relevance: .5, Instructions: 497COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d0debf0142da6a9273804bc82d00e17f960341957d4bf9a7368440b236c8168
Instruction ID: 2ad341d6817ac2dca6a57e0e8f244b59258a04ef193d7ce7795660a876ef74cd
Opcode Fuzzy Hash: 5d0debf0142da6a9273804bc82d00e17f960341957d4bf9a7368440b236c8168
Instruction Fuzzy Hash: E702E273F9AA91B6EB758F10A102E7C7FA0FB50B85F559039D74E13B80DA38A955E300

Function 00007FF8A7C42B80 Relevance: .5, Instructions: 495COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5050afa32f6ddfb6a114996f9f218715255f7c7b544984919c9caa6235c0bb16
Instruction ID: e2b680fe19b0c9c06e55166ed6ccba07f906bd679ce67be724260e69ff4a7c55
Opcode Fuzzy Hash: 5050afa32f6ddfb6a114996f9f218715255f7c7b544984919c9caa6235c0bb16
Instruction Fuzzy Hash: 39221432E28A8C96C712CE77948517D3B10FBAE7C4B59EB16EE05727A2DB34F1849700

Function 00007FF8A7BE7260 Relevance: .5, Instructions: 471COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 81a7950f2253a1c48c8c137fbc100e25f2fe9e5a0653b74c0b8ed70f9fb77fc6
Instruction ID: 880753f4b1e7438386be3a51d789a5e5db7a55ccdead1d12a386dab50ea39a3e
Opcode Fuzzy Hash: 81a7950f2253a1c48c8c137fbc100e25f2fe9e5a0653b74c0b8ed70f9fb77fc6
Instruction Fuzzy Hash: 3C1284732108148BD391CF5EE8C0E5DB7D1F798B4EB629324EB4693B61D632A863D790

Function 00007FF8A7C11160 Relevance: .3, Instructions: 310COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f7b787218cfe6dc98328e18f40f484bb36194aafcb0adaf6dc1dee95f7ee729
Instruction ID: ca9363cc01e3b1451cb20fca4d6b9591381f298c801a65f1bfcac4f17d15eb21
Opcode Fuzzy Hash: 6f7b787218cfe6dc98328e18f40f484bb36194aafcb0adaf6dc1dee95f7ee729
Instruction Fuzzy Hash: 6BB1D2B7F1AA8497DB748F54E042EBD7BB0FF54B84F459075CB0A53B80E62CA915A300

Function 00007FF8A7BE9D50 Relevance: .3, Instructions: 304COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b431d04f8cfd326d065826c0ea4a07768d4831b2dc7686569c959b8d95ae5da
Instruction ID: 4af2d01b7848f3a022ad8f99174974bba732e7eede495c17844ca35a8ae08eb3
Opcode Fuzzy Hash: 1b431d04f8cfd326d065826c0ea4a07768d4831b2dc7686569c959b8d95ae5da
Instruction Fuzzy Hash: 20B1C1A260A5C06AEB198F7698206EF6BA0EB5DBC4F44E032DFDD4B746DD2CD245D301

Function 00007FF8A7BEA520 Relevance: .3, Instructions: 299COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd04e1f6e5b77fd235431d6daf680498f867f8c369b5541b7e47b1bcb3da3638
Instruction ID: 8bd33862888c1fae510d53c8ca831b2cb035d662b991f24dbb22f92a23b6e9b3
Opcode Fuzzy Hash: bd04e1f6e5b77fd235431d6daf680498f867f8c369b5541b7e47b1bcb3da3638
Instruction Fuzzy Hash: 94B1CD735006588FD348DF6ED85843E7BA2F7D8B59B9B0229DB4317780EB706826DB90

Function 00007FF8A7BEA1B0 Relevance: .3, Instructions: 293COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c26bc9e0afa6a36dad590029bfac38e6475024b67d277dcd255fc33b8d7af121
Instruction ID: d29e0def2814247105a88675a651c2fdc66cd3e80cc4daae0afd3252ac3ae397
Opcode Fuzzy Hash: c26bc9e0afa6a36dad590029bfac38e6475024b67d277dcd255fc33b8d7af121
Instruction Fuzzy Hash: B2B17F33A001A48FD788CF6ED89887D37A3E7C871179B832ADB4553789DA746809DBD0

Function 00007FF8A7C02F20 Relevance: .3, Instructions: 274COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 99f169184c6d2b13734529f87c174bec29b0316c2a188a1d7a05902af3d816c2
Instruction ID: 5b160a82e91b71d4c18ee6dcf6cd0ce876b3d320e06b0d8d19979e41d5f8aaf0
Opcode Fuzzy Hash: 99f169184c6d2b13734529f87c174bec29b0316c2a188a1d7a05902af3d816c2
Instruction Fuzzy Hash: D7919C91B2E16263FB698E5D840173EA695FF11BC0F40A03DDD4E47780DA2EE782D780

Function 00007FF8A7BE6E70 Relevance: .2, Instructions: 220COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c8a701fd31c154d2dc192229eb25d8d25638208f0de1ecaa09b169f4e8a8f8eb
Instruction ID: 5ecff00a341bd34dbe8412c3541c4df4444f7e048cbc0b7a87d7250357c9fd73
Opcode Fuzzy Hash: c8a701fd31c154d2dc192229eb25d8d25638208f0de1ecaa09b169f4e8a8f8eb
Instruction Fuzzy Hash: 45A130720198148BE34BCF5E948021EB3E1FB48A9FB616710EF4F87661D636AE63D750

Function 00007FF8A7C244D0 Relevance: .2, Instructions: 203COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 90b32cb7f7fc63c6fb00127071f37436bbba4780064a9dd077ecd279716693df
Instruction ID: 12688690c1760798c70147a3f751e1435f1b4607293789735b5acae809f700be
Opcode Fuzzy Hash: 90b32cb7f7fc63c6fb00127071f37436bbba4780064a9dd077ecd279716693df
Instruction Fuzzy Hash: BE91D2231092E0AED306CF3A96449AE7FE0F71E788B9AD151DF954BB47C238E612D750

Function 00007FF8A7BE9A50 Relevance: .2, Instructions: 198COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 76ca8846758f7279c89c706cb55d4a6c794990205b94bc84ef3eb9dab7f83264
Instruction ID: 202b5fd875c05523ccb4d851c8da61d4de08a77a214321c6a3c3ca05a2bd2b59
Opcode Fuzzy Hash: 76ca8846758f7279c89c706cb55d4a6c794990205b94bc84ef3eb9dab7f83264
Instruction Fuzzy Hash: E2616DE27064655AEF989F368D612AE1395BB4CBC1F81F832DD4D87385ED2CD846C342

Function 00007FF8A7C130A0 Relevance: .2, Instructions: 170COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a01a8d336d240b66a520b8f76eca36f64ac119a91bb538f3d36a02399c46787c
Instruction ID: 3c1058904d314fbb08cbd148c735892433696fa0212d2bfe58223f622ad06f5e
Opcode Fuzzy Hash: a01a8d336d240b66a520b8f76eca36f64ac119a91bb538f3d36a02399c46787c
Instruction Fuzzy Hash: B7511762B1A3E541DB349E2B7900BAAA6C9FB48FC8F4990359D0D5BF86DA3CE4425300

Function 00007FF8A7BEE4C0 Relevance: .2, Instructions: 163COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d77631254022a2564090f98b8bfa30d20299f2ed0b727a65807a914737ba4ae
Instruction ID: 2bafac606200386496d90e29086f2d7cffe6652dee9c78889bc98c5954046c62
Opcode Fuzzy Hash: 5d77631254022a2564090f98b8bfa30d20299f2ed0b727a65807a914737ba4ae
Instruction Fuzzy Hash: 9E418662F0650213FF19ED76AC5906E5697BBC87D87049139EE0F8BB8DED78E482D240

Function 00007FF8A7C21E10 Relevance: .1, Instructions: 149COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: afccfe9f3e014e08196aad724a937f91ef825408217a78f00344b29ce58b4f81
Instruction ID: a65e7671d7d4234779d244854c6469e6454d5de9b305a3e8d6571c9e862b63af
Opcode Fuzzy Hash: afccfe9f3e014e08196aad724a937f91ef825408217a78f00344b29ce58b4f81
Instruction Fuzzy Hash: AC51C373A0A2C1ABD71A9F25A9046ADBFE0FB19788B488035DF9D43B45C63CE651D710

Function 00007FF8A7BED210 Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 925e7221762b452499bd5f1cd8d4647ae936fd8bfb8d6f0e8219c8ca6ea31777
Instruction ID: 3441bcb72072f3258c4f8cfcb1dc662fe98a9b365de27eacd00a944ddf9a4148
Opcode Fuzzy Hash: 925e7221762b452499bd5f1cd8d4647ae936fd8bfb8d6f0e8219c8ca6ea31777
Instruction Fuzzy Hash: FE41C0F3F1A40657EB784D69D841B3D1780EB64FE8B089135ED1AD6BC0E9ACE9839241

Function 00007FF8A7C12B40 Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1da0fa7538a61e1ec26d81ef3ee2e77181907d7570b22cc55868e0e260c2f721
Instruction ID: 8d6d4f458ec70918791298f2c2a6be5ad1943599190d38b2e0ca28eb74cf46a8
Opcode Fuzzy Hash: 1da0fa7538a61e1ec26d81ef3ee2e77181907d7570b22cc55868e0e260c2f721
Instruction Fuzzy Hash: C9414602F1A2E10BC7924EFF4DD922DADD2158E44638CC77AA7D4C52DFD86CE20E6614

Function 00007FF8A7BECCE0 Relevance: .1, Instructions: 138COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1bbb289327d116bb0d3926814ce134dcf89bf85936bb88c31896ce7583001f71
Instruction ID: 21f633414c77e090d33c072abb32113d25f3c41e5975d298bf5935da420e7fed
Opcode Fuzzy Hash: 1bbb289327d116bb0d3926814ce134dcf89bf85936bb88c31896ce7583001f71
Instruction Fuzzy Hash: F241D5F3F3A84503EB6C8A29CC057285183A7E47B174CD235D91ACAFC8F83DEA569542

Function 00007FF8A7C128B0 Relevance: .1, Instructions: 137COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8289133b11807aa708dee106fcce6d7ef6ccc2dac79a51c200281d0fae8d85f5
Instruction ID: 0a24dedc9a0a57ffe617537608a8400275a41b98e14bb4ea312f375e18c72059
Opcode Fuzzy Hash: 8289133b11807aa708dee106fcce6d7ef6ccc2dac79a51c200281d0fae8d85f5
Instruction Fuzzy Hash: 8741A2522380F00AC76E1F3D293AA39BE92725664774EE36EFE8342AC7D41D8910A714

Function 00007FF8A7BE13A0 Relevance: .1, Instructions: 131COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e751435a9f45e6580fe7b108adce3f96b0c8069535fb2d3307a909beff15caba
Instruction ID: 8c6ea9d5432440140b9cfa714aa7baff92c3242500218ec55f8ea40acf4a581a
Opcode Fuzzy Hash: e751435a9f45e6580fe7b108adce3f96b0c8069535fb2d3307a909beff15caba
Instruction Fuzzy Hash: 443168A3F6126A13EF198B596C02BB89441AF447D9F449231ED1E5BBC9F43CD947E200

Function 00007FF8A7BED030 Relevance: .1, Instructions: 127COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66cb80125cf637f8d0b0a114fc56422192b4e9792f88120ada6a7116402668c2
Instruction ID: a1ad1bd5ac1ad5a3da36552841876362552d8fad1d966ba1b0b9826b301edc3f
Opcode Fuzzy Hash: 66cb80125cf637f8d0b0a114fc56422192b4e9792f88120ada6a7116402668c2
Instruction Fuzzy Hash: 8D3151E7B355B943EB7C4639C856B2C0191D765BB0B8CE439DD4AC2F81E81EE6428F42

Function 00007FF8A7BE1990 Relevance: .1, Instructions: 120COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f50bf9d45b07f9fed7a8078693abee7f23351cad672a747608ffeb063cebe12d
Instruction ID: 4499982772650415fa68788e99b924cd414b49e6e828eec40e5823d0d44b1925
Opcode Fuzzy Hash: f50bf9d45b07f9fed7a8078693abee7f23351cad672a747608ffeb063cebe12d
Instruction Fuzzy Hash: 06518F73108AE58AD792DB64D448BED3BA4F71D384FA64471DBAC83712EBB5D890D700

Function 00007FF8A7BE1730 Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 860bab9d395cf43ed3b1cf56782110bfed2c0c3dddb8109515e6473b81413bd7
Instruction ID: e33df7ff0de53a4df0c352df232dec682c4ea03755cf591b1af5e47ed5b95cf4
Opcode Fuzzy Hash: 860bab9d395cf43ed3b1cf56782110bfed2c0c3dddb8109515e6473b81413bd7
Instruction Fuzzy Hash: 96518E73508AE186E792DB64D448BEE7BA4F718384FA68471CBEC83702DBA5D990D700

Function 00007FF8A7C033E0 Relevance: .1, Instructions: 114COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf754ad211c098a8f34c6fa0d70b3b75da22e1392d81fac143d3245663dd1af9
Instruction ID: d62f3ee82f61522c2a5c28bcc0d5e038748908fa788f4fdf90f99940016618ff
Opcode Fuzzy Hash: bf754ad211c098a8f34c6fa0d70b3b75da22e1392d81fac143d3245663dd1af9
Instruction Fuzzy Hash: B741D4A673C0B263F3354B08E001D2EFBA1FB42FC1B54A214DBA416E94C66AD659EF54

Function 00007FF8A7C24330 Relevance: .1, Instructions: 109COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 51b6c65e6f8fbbfa1a7d368a2725116908e408c53695cc2cda4a45b28fc02054
Instruction ID: f1cb3f17c000513af1f2a7fe4f464e8e0a2476b0fa6296fc1f4e410c42510e0b
Opcode Fuzzy Hash: 51b6c65e6f8fbbfa1a7d368a2725116908e408c53695cc2cda4a45b28fc02054
Instruction Fuzzy Hash: 12417E731046648BD301CF2AE980A9AB7E2F398B4CFA5D225DF4257356D739A907CB80

Function 00007FF8A7BEB460 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b83fdb0131200dfce48832797b5ce1ee65e01df28847898595a6ba08a50e8d6
Instruction ID: 9ff78d19f6ad1a3eb3fd0f5dff5c944c6df9c6ed44593c271d71de568142c779
Opcode Fuzzy Hash: 1b83fdb0131200dfce48832797b5ce1ee65e01df28847898595a6ba08a50e8d6
Instruction Fuzzy Hash: A82150E7F3186A07EB78427DEC16F1404C255B977434CE135E906D6F81F42EEA524A83

Function 00007FF8A7C02D20 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9accf3f83477c77ce7ab5b6679156a875be267288f965f0b915796913070d0d7
Instruction ID: 7eed5754b1834e89ad7b281dee9995115732208a055216060500222a49c2bc36
Opcode Fuzzy Hash: 9accf3f83477c77ce7ab5b6679156a875be267288f965f0b915796913070d0d7
Instruction Fuzzy Hash: 1121299B7315F903FB010ABE6D056759982A188BF73499732ECA8E77CDC478DC519290

Function 00007FF8A7C02BF0 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a414ea0c491aecb8e1acee4f50acb857c601688e8d49eddf1fb7be55f6bcb7eb
Instruction ID: 7a5d0e89ee220409aea0cd3b8462f96d225d0e593cd00c887ba69c6791ff7a16
Opcode Fuzzy Hash: a414ea0c491aecb8e1acee4f50acb857c601688e8d49eddf1fb7be55f6bcb7eb
Instruction Fuzzy Hash: 7F213E9FF656BA03FB1846AF6C412786280E648BF63489732DDDDE77CAD47C890291D0

Function 00007FF8A7BEC1A0 Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 13f149c23a356f76f238516a0c29d6d6da4b78dcaf03ebe63ea6bb4be2698659
Instruction ID: 4eca7cc1d8becbe433940e1160ffcb59a520695667363a121ec98fb3efea1781
Opcode Fuzzy Hash: 13f149c23a356f76f238516a0c29d6d6da4b78dcaf03ebe63ea6bb4be2698659
Instruction Fuzzy Hash: 7D21B5FBF390A557EB754B2DD400F2C1A41A361BF4698E134C91E83F80E916DA42AF02

Function 00007FF8A7BED700 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6e375ad6e9128b21d2b8073199f54bc1e05150e57f45dacb5095166fe167bd8
Instruction ID: 171779ec982a4b95c811b61005e3e378ac16f4dd49ed5def7ee2ace1a9a9b0df
Opcode Fuzzy Hash: b6e375ad6e9128b21d2b8073199f54bc1e05150e57f45dacb5095166fe167bd8
Instruction Fuzzy Hash: F6213673B708AA47D7508779E846F956990E3A1B4CF98E631E715D3E80D13EE093D740

Function 00007FF8A7BED8D0 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 333bc48ed0cd00a2d1b15b774f25581d7625ddc281499ec81eb7566562b50259
Instruction ID: d2e6b6e738862b8edefd92a4cab8ef1c955b1cae68104d5b19da72838a973db8
Opcode Fuzzy Hash: 333bc48ed0cd00a2d1b15b774f25581d7625ddc281499ec81eb7566562b50259
Instruction Fuzzy Hash: 81116DF3B324B20BD7489AB8CC0A3A932C3D3C8746F9CC534E745CAA89D57CE2529604

Function 00007FF8A7BEB790 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 921da5e6bee8a79c60022e540b3013bc24987b6f10c9384b169f9994f4f13c7f
Instruction ID: 553df05bde8730c2af5b775627e87df25167b30be8e249de382e34d587bfc127
Opcode Fuzzy Hash: 921da5e6bee8a79c60022e540b3013bc24987b6f10c9384b169f9994f4f13c7f
Instruction Fuzzy Hash: B8115EF7F3506A43EB7C055AE826F7905419671BA888CE03DDE0B52F81E81E56415B82

Function 00007FF8A7BEB5C0 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48c7e682ef6fe0021f165804b69b7812e3084bd1803e36f36abadd25f99cf90a
Instruction ID: d48b2549310a57d9e595f68f9dd508c99bf0721b7a51b100cf290c1c9796cb3c
Opcode Fuzzy Hash: 48c7e682ef6fe0021f165804b69b7812e3084bd1803e36f36abadd25f99cf90a
Instruction Fuzzy Hash: 7711C8D7F3696A47EB604A3DCC42B194182DBE57B178CE431EC09C6F45F83DE6429A42

Function 00007FF8A7BEDEF0 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b8c63fbc3d1884eef626a7aef42dd066a5768f9b76b144cbd0180c709170efd
Instruction ID: c6bd132d479d579003d0fe28ad71f0dcfb3dbf22236c1569930e95e4e782629b
Opcode Fuzzy Hash: 5b8c63fbc3d1884eef626a7aef42dd066a5768f9b76b144cbd0180c709170efd
Instruction Fuzzy Hash: 3F1129B2E050915BEB95CB29D458ABC33D1EB84B84FC58136DA058778CE77CE943E790

Function 00007FF8A7BEB8D0 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 87362e0b0484954b111388de62736d52838e743fda6cb01bb5a4730a87f793d9
Instruction ID: 68929f77910a6eac8f744af91c8fc6a36df83668b6563f2d0cafbdc424f4348f
Opcode Fuzzy Hash: 87362e0b0484954b111388de62736d52838e743fda6cb01bb5a4730a87f793d9
Instruction Fuzzy Hash: E4017CE7F3286943DB64867DCC0670400C396F877178CD031A904C6F89F83EE6418A42

Function 00007FF8A7BEB380 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b36b57bc46747f380974be252968c61105f93df6c2abcd15431a709e92770c1
Instruction ID: 14bd2cacf1174b1c4f3da44626b05ac20a3ec18444f4115fae820648a13c1207
Opcode Fuzzy Hash: 7b36b57bc46747f380974be252968c61105f93df6c2abcd15431a709e92770c1
Instruction Fuzzy Hash: 43F0B7D7F3685A03EB5C456DDC1631401C391E823238DD13ABA47C6B8AF839EA968643

Function 00007FF8A7BE99C0 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3dde2236b060dd472fafee045e56aa39d7b712360777964fc0ed02c3a9815e90
Instruction ID: bfd3546a5fbb30b6ebab84ceb017d4b00d2b2eaf998771553366fc11d10fd0b9
Opcode Fuzzy Hash: 3dde2236b060dd472fafee045e56aa39d7b712360777964fc0ed02c3a9815e90
Instruction Fuzzy Hash: 28F0AFD9231BB64BEA11A69990D07D69721F30CBC6B70A622DF4D27335CA17A10BCA00

Function 00007FF8BFB88C24 Relevance: 54.6, APIs: 3, Strings: 28, Instructions: 352COMMON

Download Yara Rule

APIs

DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8913D
DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB89175
DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB891AF

Strings

short, xrefs: 00007FF8BFB88CE0
__int8, xrefs: 00007FF8BFB88E2E
char16_t, xrefs: 00007FF8BFB89065
char, xrefs: 00007FF8BFB88CF2
char8_t, xrefs: 00007FF8BFB88F2D
__int16, xrefs: 00007FF8BFB88E1C
bool, xrefs: 00007FF8BFB89056
volatile, xrefs: 00007FF8BFB88FF8
__int64, xrefs: 00007FF8BFB88EC9
auto, xrefs: 00007FF8BFB88F3F
int, xrefs: 00007FF8BFB88CCE
wchar_t, xrefs: 00007FF8BFB890A8
long , xrefs: 00007FF8BFB88D31
<unknown>, xrefs: 00007FF8BFB88F1B
char32_t, xrefs: 00007FF8BFB890B7
long, xrefs: 00007FF8BFB88CBC
const, xrefs: 00007FF8BFB88FDD
volatile, xrefs: 00007FF8BFB89025
decltype(auto), xrefs: 00007FF8BFB890C6
__int32, xrefs: 00007FF8BFB88EDB
unsigned , xrefs: 00007FF8BFB890FA
signed , xrefs: 00007FF8BFB8910A
void, xrefs: 00007FF8BFB88D86
double, xrefs: 00007FF8BFB88D48
float, xrefs: 00007FF8BFB88D74
__w64 , xrefs: 00007FF8BFB88E3A
__int128, xrefs: 00007FF8BFB88EB7
UNKNOWN, xrefs: 00007FF8BFB8908D

Memory Dump Source

Source File: 0000000B.00000002.2227563165.00007FF8BFB81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB80000, based on PE: true

Associated: 0000000B.00000002.2227543809.00007FF8BFB80000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227588075.00007FF8BFB91000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227703058.00007FF8BFB96000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227726183.00007FF8BFB97000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb80000_obs-ffmpeg-mux.jbxd

Similarity

API ID: Name::operator+
String ID: volatile$<unknown>$UNKNOWN$__int128$__int16$__int32$__int64$__int8$__w64 $auto$bool$char$char16_t$char32_t$char8_t$const$decltype(auto)$double$float$int$long$long $short$signed $unsigned $void$volatile$wchar_t
API String ID: 2943138195-1388207849
Opcode ID: 34b20832b4d5a9c82cdd9a34609b0a596913eac70dfc3082442192f721d64891
Instruction ID: a3d4887396f8425792d121d257e1f93e13fe2aeb42bf9fec96c1bd4b8e7ecf0c
Opcode Fuzzy Hash: 34b20832b4d5a9c82cdd9a34609b0a596913eac70dfc3082442192f721d64891
Instruction Fuzzy Hash: 37F17072F1861695FB249BACC8942BC27B1BB857C8F408539DB1D16EAADF3DE644C340

Function 00007FF6129E25C0 Relevance: 51.0, APIs: 6, Strings: 23, Instructions: 206COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6129E2570: printf.MSPDB140-MSVCRT ref: 00007FF6129E2587

Part of subcall function 00007FF6129E2530: atoi.API-MS-WIN-CRT-CONVERT-L1-1-0(?,?,?,?,00000000,00007FF6129E2617,?,?,?,00007FF6129E1BD6,?,?,?,00007FF6129E1A02), ref: 00007FF6129E2552

puts.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,00007FF6129E1BD6,?,?,?,00007FF6129E1A02), ref: 00007FF6129E28DF

Strings

video color range, xrefs: 00007FF6129E274F
audio codec, xrefs: 00007FF6129E2809
video track count, xrefs: 00007FF6129E2601
video colorspace, xrefs: 00007FF6129E2731
video width, xrefs: 00007FF6129E26B9
video chroma sample location, xrefs: 00007FF6129E276D
Invalid number of video tracks, xrefs: 00007FF6129E28D8
video codec tag, xrefs: 00007FF6129E27DE
Must have at least 1 audio track or 1 video track, xrefs: 00007FF6129E266A
muxer settings, xrefs: 00007FF6129E28BA
video max luminance, xrefs: 00007FF6129E278B
audio track count, xrefs: 00007FF6129E261F
Invalid number of audio tracks, xrefs: 00007FF6129E2652
video bitrate, xrefs: 00007FF6129E269B
video fps num, xrefs: 00007FF6129E27A9
video color trc, xrefs: 00007FF6129E2713
stream key, xrefs: 00007FF6129E2872
video color primaries, xrefs: 00007FF6129E26F5
{stream_key}, xrefs: 00007FF6129E2897
video codec, xrefs: 00007FF6129E267D
video height, xrefs: 00007FF6129E26D7
file name, xrefs: 00007FF6129E25E1
video fps den, xrefs: 00007FF6129E27C7

Memory Dump Source

Source File: 0000000B.00000002.2221719961.00007FF6129E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6129E0000, based on PE: true

Associated: 0000000B.00000002.2221699491.00007FF6129E0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2221744703.00007FF6129E5000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2221759176.00007FF6129E6000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2221776644.00007FF6129E9000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6129e0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: atoiprintfputs
String ID: Invalid number of audio tracks$Invalid number of video tracks$Must have at least 1 audio track or 1 video track$audio codec$audio track count$file name$muxer settings$stream key$video bitrate$video chroma sample location$video codec$video codec tag$video color primaries$video color range$video color trc$video colorspace$video fps den$video fps num$video height$video max luminance$video track count$video width${stream_key}
API String ID: 3402752964-4246942696
Opcode ID: bbb72588bee9787a683502761444138c14bf0f1375247d53f9cdc5c5b4da8170
Instruction ID: eed2c146cca60c0d963b2ce6915b933017f756714517ffcee7a7d4939a5df369
Opcode Fuzzy Hash: bbb72588bee9787a683502761444138c14bf0f1375247d53f9cdc5c5b4da8170
Instruction Fuzzy Hash: E2815D74D08F5295FA14DB5BAA144F82391BF09FA8B8108B2DD1D87697EFBCE50AC300

Function 00007FF6129E1C50 Relevance: 42.2, APIs: 22, Strings: 2, Instructions: 215COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6129E1C70
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF6129E1C8E
fprintf.MSPDB140-MSVCRT ref: 00007FF6129E1C9E

Part of subcall function 00007FF6129E2320: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,00007FF6129E29D8,?,?,?,00007FF6129E12F1), ref: 00007FF6129E2357

os_event_wait.OBS ref: 00007FF6129E1CEF
pthread_mutex_lock.W32-PTHREADS ref: 00007FF6129E1D0F
memcpy.VCRUNTIME140 ref: 00007FF6129E1D5D
memcpy.VCRUNTIME140 ref: 00007FF6129E1D76
memcpy.VCRUNTIME140 ref: 00007FF6129E1E2D
memcpy.VCRUNTIME140 ref: 00007FF6129E1E48
os_event_signal.OBS ref: 00007FF6129E1EB8
fclose.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF6129E200F

Strings

Error allocating memory for output, xrefs: 00007FF6129E1C97
Error writing to '%s', %s, xrefs: 00007FF6129E1FC3

Memory Dump Source

Source File: 0000000B.00000002.2221719961.00007FF6129E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6129E0000, based on PE: true

Associated: 0000000B.00000002.2221699491.00007FF6129E0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2221744703.00007FF6129E5000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2221759176.00007FF6129E6000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2221776644.00007FF6129E9000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6129e0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: memcpy$__acrt_iob_func__stdio_common_vfprintffclosefprintfmallocos_event_signalos_event_waitpthread_mutex_lock
String ID: Error allocating memory for output$Error writing to '%s', %s
API String ID: 2637689336-4070097938
Opcode ID: a31c7b85b8c0d82d0157cb35a6e72543ed071c06804e902690462ed57beb3fc0
Instruction ID: 398a1c34ad86d4a335044f400af7b12b3410a7c5db1a93b4bdb5706d6ef932a8
Opcode Fuzzy Hash: a31c7b85b8c0d82d0157cb35a6e72543ed071c06804e902690462ed57beb3fc0
Instruction Fuzzy Hash: 4BA15B72A08E8285E7519F2BE4403FD6360FB88FA8F480835DE8D8775ADFB8D5448750

Function 00007FF8BFB58C00 Relevance: 38.6, APIs: 12, Strings: 10, Instructions: 105COMMON

Download Yara Rule

APIs

av_opt_set_int.AVUTIL-58 ref: 00007FF8BFB58C44
av_opt_set_int.AVUTIL-58 ref: 00007FF8BFB58C63
av_opt_set_int.AVUTIL-58 ref: 00007FF8BFB58C82
av_opt_set_int.AVUTIL-58 ref: 00007FF8BFB58CA3
av_opt_set_int.AVUTIL-58 ref: 00007FF8BFB58CC4
av_opt_set_int.AVUTIL-58 ref: 00007FF8BFB58CE5
av_get_channel_layout_nb_channels.AVUTIL-58 ref: 00007FF8BFB58CFE
av_opt_set_int.AVUTIL-58 ref: 00007FF8BFB58D15
av_get_channel_layout_nb_channels.AVUTIL-58 ref: 00007FF8BFB58D2A
av_opt_set_int.AVUTIL-58 ref: 00007FF8BFB58D41
av_opt_set_int.AVUTIL-58 ref: 00007FF8BFB58D5C
av_log.AVUTIL-58 ref: 00007FF8BFB58D9C

Strings

Failed to set option, xrefs: 00007FF8BFB58D90
osf, xrefs: 00007FF8BFB58C5C
och, xrefs: 00007FF8BFB58D37
ich, xrefs: 00007FF8BFB58D0B
uch, xrefs: 00007FF8BFB58D55
isr, xrefs: 00007FF8BFB58CDE
osr, xrefs: 00007FF8BFB58C7B
icl, xrefs: 00007FF8BFB58C9C
isf, xrefs: 00007FF8BFB58CBD
ocl, xrefs: 00007FF8BFB58C2B

Memory Dump Source

Source File: 0000000B.00000002.2227411362.00007FF8BFB51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BFB50000, based on PE: true

Associated: 0000000B.00000002.2227392651.00007FF8BFB50000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227439652.00007FF8BFB69000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227461251.00007FF8BFB72000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227482039.00007FF8BFB73000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227501419.00007FF8BFB76000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227522561.00007FF8BFB77000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb50000_obs-ffmpeg-mux.jbxd

Similarity

API ID: av_opt_set_int$av_get_channel_layout_nb_channels$av_log
String ID: Failed to set option$ich$icl$isf$isr$och$ocl$osf$osr$uch
API String ID: 2637049493-2814753009
Opcode ID: 0f1e360016396a0d2e4be37984f8ca9eacfdb0712dded5c64320b3a02cc610f5
Instruction ID: 0e689b8d55b0c7b49d82f27d39ea8c1a0840d56860de8a25cda274833b01f6fe
Opcode Fuzzy Hash: 0f1e360016396a0d2e4be37984f8ca9eacfdb0712dded5c64320b3a02cc610f5
Instruction Fuzzy Hash: F0413F62B0CA4251FA10ABD9F4906BAB7A1EF997C4F401031DF4D87A99EF3DE405C700

Function 00007FF8A7BF0410 Relevance: 36.1, APIs: 24, Instructions: 131COMMON

Download Yara Rule

APIs

_aligned_free.MSVCRT ref: 00007FF8A7BF043E
_aligned_free.MSVCRT ref: 00007FF8A7BF0475
_aligned_free.MSVCRT ref: 00007FF8A7BF04AD
_aligned_free.MSVCRT ref: 00007FF8A7BF04DD
_aligned_free.MSVCRT ref: 00007FF8A7BF050D
_aligned_free.MSVCRT ref: 00007FF8A7BF0528
_aligned_free.MSVCRT ref: 00007FF8A7BF0531
_aligned_free.MSVCRT ref: 00007FF8A7BF053A
_aligned_free.MSVCRT ref: 00007FF8A7BF0542
_aligned_free.MSVCRT ref: 00007FF8A7BF054A
_aligned_free.MSVCRT ref: 00007FF8A7BF0553
_aligned_free.MSVCRT ref: 00007FF8A7BF055C
_aligned_free.MSVCRT ref: 00007FF8A7BF0564
_aligned_free.MSVCRT ref: 00007FF8A7BF056C
_aligned_free.MSVCRT ref: 00007FF8A7BF0575
_aligned_free.MSVCRT ref: 00007FF8A7BF057E
_aligned_free.MSVCRT ref: 00007FF8A7BF0586
_aligned_free.MSVCRT ref: 00007FF8A7BF058F
_aligned_free.MSVCRT ref: 00007FF8A7BF0598
_aligned_free.MSVCRT ref: 00007FF8A7BF05A1
_aligned_free.MSVCRT ref: 00007FF8A7BF05A9
_aligned_free.MSVCRT ref: 00007FF8A7BF05B2
_aligned_free.MSVCRT ref: 00007FF8A7BF05BC
_aligned_free.MSVCRT ref: 00007FF8A7BF05C6

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _aligned_free
String ID:
API String ID: 2229574080-0
Opcode ID: b1b7e4f8b11abefead583c2dde418006ab1f199e84be47299285f48100eacfdc
Instruction ID: 2a0991ef1c859cce8761611d322c1acfb25988376ddec3d5b27e87859203c811
Opcode Fuzzy Hash: b1b7e4f8b11abefead583c2dde418006ab1f199e84be47299285f48100eacfdc
Instruction Fuzzy Hash: C1511D66B16512A2DB55EF16D89997E2325FF84FC5F024439DE4D473A2CE6CE802E380

Function 00007FF8BFB5B2B0 Relevance: 35.1, APIs: 13, Strings: 7, Instructions: 120COMMON

Download Yara Rule

APIs

av_channel_layout_from_mask.AVUTIL-58 ref: 00007FF8BFB5B314
av_channel_layout_copy.AVUTIL-58 ref: 00007FF8BFB5B32F
av_opt_set_chlayout.AVUTIL-58 ref: 00007FF8BFB5B34F
av_opt_set_int.AVUTIL-58 ref: 00007FF8BFB5B370
av_opt_set_int.AVUTIL-58 ref: 00007FF8BFB5B394
av_channel_layout_uninit.AVUTIL-58 ref: 00007FF8BFB5B3D2
av_channel_layout_from_mask.AVUTIL-58 ref: 00007FF8BFB5B3E1
av_opt_set_chlayout.AVUTIL-58 ref: 00007FF8BFB5B3F6
av_opt_set_int.AVUTIL-58 ref: 00007FF8BFB5B413
av_opt_set_int.AVUTIL-58 ref: 00007FF8BFB5B433
av_channel_layout_uninit.AVUTIL-58 ref: 00007FF8BFB5B477

Strings

isf, xrefs: 00007FF8BFB5B366
ochl, xrefs: 00007FF8BFB5B3EC
isr, xrefs: 00007FF8BFB5B38A
ichl, xrefs: 00007FF8BFB5B345
osr, xrefs: 00007FF8BFB5B429
osf, xrefs: 00007FF8BFB5B409
Failed to set option, xrefs: 00007FF8BFB5B460

Memory Dump Source

Source File: 0000000B.00000002.2227411362.00007FF8BFB51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BFB50000, based on PE: true

Associated: 0000000B.00000002.2227392651.00007FF8BFB50000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227439652.00007FF8BFB69000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227461251.00007FF8BFB72000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227482039.00007FF8BFB73000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227501419.00007FF8BFB76000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227522561.00007FF8BFB77000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb50000_obs-ffmpeg-mux.jbxd

Similarity

API ID: av_opt_set_int$av_channel_layout_from_maskav_channel_layout_uninitav_opt_set_chlayout$av_channel_layout_copy
String ID: Failed to set option$ichl$isf$isr$ochl$osf$osr
API String ID: 389780152-1201144049
Opcode ID: c1b362974a6b1451826b30618634720778a4b9fcb98fd731a30a779224ad2209
Instruction ID: f5a66effd7f69c02099ef65bc504f482e5f802d6e7f70058ce57615fc64b7b69
Opcode Fuzzy Hash: c1b362974a6b1451826b30618634720778a4b9fcb98fd731a30a779224ad2209
Instruction Fuzzy Hash: 93417C61B08643A1FE659AA9A4607B6B391FF45BC8F809432DF0D6B685EF7DF108C350

Function 00007FF8A7C18800 Relevance: 34.6, APIs: 12, Strings: 11, Instructions: 88stringCOMMON

Download Yara Rule

APIs

strcmp.MSVCRT ref: 00007FF8A7C18813
strcmp.MSVCRT ref: 00007FF8A7C1882A
strcmp.MSVCRT ref: 00007FF8A7C18841
strcmp.MSVCRT ref: 00007FF8A7C18858
strcmp.MSVCRT ref: 00007FF8A7C1886F
strcmp.MSVCRT ref: 00007FF8A7C18886
strcmp.MSVCRT ref: 00007FF8A7C1889D
strcmp.MSVCRT ref: 00007FF8A7C188B4
strcmp.MSVCRT ref: 00007FF8A7C188CB
strcmp.MSVCRT ref: 00007FF8A7C188DE
strcmp.MSVCRT ref: 00007FF8A7C188F1
strcmp.MSVCRT ref: 00007FF8A7C18904

Strings

s64, xrefs: 00007FF8A7C188EA
flt, xrefs: 00007FF8A7C18851
s64p, xrefs: 00007FF8A7C188FD
s16, xrefs: 00007FF8A7C18823
dbl, xrefs: 00007FF8A7C18868
s32, xrefs: 00007FF8A7C1883A
fltp, xrefs: 00007FF8A7C188C4
s32p, xrefs: 00007FF8A7C188AD
s16p, xrefs: 00007FF8A7C18896
u8p, xrefs: 00007FF8A7C1887F
dblp, xrefs: 00007FF8A7C188D7

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: strcmp
String ID: dbl$dblp$flt$fltp$s16$s16p$s32$s32p$s64$s64p$u8p
API String ID: 1004003707-1774405992
Opcode ID: c5f0c382e97445bf1fdad9ea523356781cb8596a76fcd8cb5a790a5f3faa4372
Instruction ID: 3b81c2d10bacd7b901d6de3e77fc9df250ad27d78942270a572c2477fc1ce174
Opcode Fuzzy Hash: c5f0c382e97445bf1fdad9ea523356781cb8596a76fcd8cb5a790a5f3faa4372
Instruction Fuzzy Hash: 53319E60B0E542B0FB909E22D96127E9385EF917E0F844432EA9DDA1D1EE1CFA40E312

Function 00007FF8BFB57650 Relevance: 33.6, APIs: 15, Strings: 4, Instructions: 309COMMON

Download Yara Rule

APIs

av_freep.AVUTIL-58 ref: 00007FF8BFB57784
av_freep.AVUTIL-58 ref: 00007FF8BFB57791
av_mallocz.AVUTIL-58 ref: 00007FF8BFB5779B
av_get_bytes_per_sample.AVUTIL-58 ref: 00007FF8BFB577BB
av_calloc.AVUTIL-58 ref: 00007FF8BFB5782F
memcpy.MSVCRT ref: 00007FF8BFB578D1
memcpy.MSVCRT ref: 00007FF8BFB57905
av_reduce.AVUTIL-58 ref: 00007FF8BFB57934

Strings

Unsupported sample format, xrefs: 00007FF8BFB57AF0
Assertion %s failed at %s:%d, xrefs: 00007FF8BFB57B1A
src/libswresample/resample.c, xrefs: 00007FF8BFB57B03
Filter length too large, xrefs: 00007FF8BFB579E2

Memory Dump Source

Source File: 0000000B.00000002.2227411362.00007FF8BFB51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BFB50000, based on PE: true

Associated: 0000000B.00000002.2227392651.00007FF8BFB50000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227439652.00007FF8BFB69000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227461251.00007FF8BFB72000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227482039.00007FF8BFB73000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227501419.00007FF8BFB76000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227522561.00007FF8BFB77000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb50000_obs-ffmpeg-mux.jbxd

Similarity

API ID: av_freepmemcpy$av_callocav_get_bytes_per_sampleav_malloczav_reduce
String ID: Assertion %s failed at %s:%d$Filter length too large$Unsupported sample format$src/libswresample/resample.c
API String ID: 2174235161-2726094951
Opcode ID: c5a204f5f4996df374bfc84a6a3db035d48d9563b93a9ca167c4fa16f58e0cf6
Instruction ID: e0dd103ba28cb486cd3c03c71b6880c8b0ca7b84325065ce94b7f3b558fed5f1
Opcode Fuzzy Hash: c5a204f5f4996df374bfc84a6a3db035d48d9563b93a9ca167c4fa16f58e0cf6
Instruction Fuzzy Hash: CDD1E372A08A858AD765DBA8E4513BEB7A4FB857C4F108337DB4A67690DF3CE445CB00

Function 00007FF8A7BF6890 Relevance: 31.7, APIs: 16, Strings: 2, Instructions: 201COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32 ref: 00007FF8A7BF6903
MultiByteToWideChar.KERNEL32 ref: 00007FF8A7BF6945
GetFullPathNameW.KERNEL32 ref: 00007FF8A7BF696E
GetFullPathNameW.KERNEL32 ref: 00007FF8A7BF69A2
wcslen.MSVCRT ref: 00007FF8A7BF69C1
_wsopen.MSVCRT ref: 00007FF8A7BF69EB
_sopen.MSVCRT ref: 00007FF8A7BF6A15
wcslen.MSVCRT ref: 00007FF8A7BF6A98
wcscpy.MSVCRT ref: 00007FF8A7BF6AE5
wcscat.MSVCRT ref: 00007FF8A7BF6AF0
_errno.MSVCRT ref: 00007FF8A7BF6B77
wcscpy.MSVCRT ref: 00007FF8A7BF6BB8
wcscat.MSVCRT ref: 00007FF8A7BF6BC4
_errno.MSVCRT ref: 00007FF8A7BF6BCE
_errno.MSVCRT ref: 00007FF8A7BF6BE3

Strings

\\?\UNC\, xrefs: 00007FF8A7BF6BAE
\\?\, xrefs: 00007FF8A7BF6ADB

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _errno$ByteCharFullMultiNamePathWidewcscatwcscpywcslen$_sopen_wsopen
String ID: \\?\$\\?\UNC\
API String ID: 2611099503-3019864461
Opcode ID: 8b58886237893d285495af4019e8dee8374e10659ea7d6d5ad0572367657074e
Instruction ID: 5bda19db7cba7c5dbd3c4b91699a91ee2e2265ce5c9d7eb9274e32fd248f07c2
Opcode Fuzzy Hash: 8b58886237893d285495af4019e8dee8374e10659ea7d6d5ad0572367657074e
Instruction Fuzzy Hash: 8871B171A0A642A0EB64AF15A42577E26E0FF44BD4F849139EE9E077D5EFBCD442E300

Function 00007FF8A7BFE100 Relevance: 30.1, APIs: 2, Strings: 15, Instructions: 302stringCOMMON

Download Yara Rule

APIs

strtol.MSVCRT ref: 00007FF8A7BFE144
strtol.MSVCRT ref: 00007FF8A7BFE178

Strings

cu->cuCtxCreate(&hwctx->cuda_ctx, desired_flags, hwctx->internal->cuda_device), xrefs: 00007FF8A7BFE258, 00007FF8A7BFE59C
Calling %s, xrefs: 00007FF8A7BFE1AE, 00007FF8A7BFE1F1, 00007FF8A7BFE25F, 00007FF8A7BFE29C, 00007FF8A7BFE30F, 00007FF8A7BFE36D, 00007FF8A7BFE4D2
Primary context already active with incompatible flags., xrefs: 00007FF8A7BFE520
Using CUDA primary device context, xrefs: 00007FF8A7BFE430
cu->cuDevicePrimaryCtxRetain(&hwctx->cuda_ctx, hwctx->internal->cuda_device), xrefs: 00007FF8A7BFE366, 00007FF8A7BFE3AF
cu->cuCtxPopCurrent(&dummy), xrefs: 00007FF8A7BFE295, 00007FF8A7BFE5DC
-> %s: %s, xrefs: 00007FF8A7BFE3ED, 00007FF8A7BFE610
cu->cuInit(0), xrefs: 00007FF8A7BFE1A7, 00007FF8A7BFE555
cu->cuDevicePrimaryCtxSetFlags(hwctx->internal->cuda_device, desired_flags), xrefs: 00007FF8A7BFE4CB, 00007FF8A7BFE514
primary_ctx, xrefs: 00007FF8A7BFE127
cu->cuDeviceGet(&hwctx->internal->cuda_device, device_idx), xrefs: 00007FF8A7BFE1EA, 00007FF8A7BFE57C
Disabling use of CUDA primary device context, xrefs: 00007FF8A7BFE151
cu->cuDevicePrimaryCtxGetState(hwctx->internal->cuda_device, &dev_flags, &dev_active), xrefs: 00007FF8A7BFE308, 00007FF8A7BFE5BC
%s failed, xrefs: 00007FF8A7BFE3C0, 00007FF8A7BFE5E3
Could not dynamically load CUDA, xrefs: 00007FF8A7BFE48E

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: strtol
String ID: -> %s: %s$%s failed$Calling %s$Could not dynamically load CUDA$Disabling use of CUDA primary device context$Primary context already active with incompatible flags.$Using CUDA primary device context$cu->cuCtxCreate(&hwctx->cuda_ctx, desired_flags, hwctx->internal->cuda_device)$cu->cuCtxPopCurrent(&dummy)$cu->cuDeviceGet(&hwctx->internal->cuda_device, device_idx)$cu->cuDevicePrimaryCtxGetState(hwctx->internal->cuda_device, &dev_flags, &dev_active)$cu->cuDevicePrimaryCtxRetain(&hwctx->cuda_ctx, hwctx->internal->cuda_device)$cu->cuDevicePrimaryCtxSetFlags(hwctx->internal->cuda_device, desired_flags)$cu->cuInit(0)$primary_ctx
API String ID: 76114499-3193254869
Opcode ID: b1d8503496d87b39853df48a8e21de1adfc12c32e64f3833a9af2b5287376059
Instruction ID: 6a43544d272e66ec00aac6157a590b02844f3ab487f3bf4576d826ff1720da31
Opcode Fuzzy Hash: b1d8503496d87b39853df48a8e21de1adfc12c32e64f3833a9af2b5287376059
Instruction Fuzzy Hash: 27D18E75A0AA42A2EB589F25E4007BE2762FF84BC8F805036DE4E17794DF7DE506E340

Function 00007FF8A7BE8700 Relevance: 28.9, APIs: 12, Strings: 7, Instructions: 414stringCOMMON

Download Yara Rule

APIs

strchr.MSVCRT ref: 00007FF8A7BE87CB

Strings

, xrefs: 00007FF8A7BE89A7, 00007FF8A7BE89C5, 00007FF8A7BE8AB7, 00007FF8A7BE8AD6
", xrefs: 00007FF8A7BE8771, 00007FF8A7BE8DC8
'\'', xrefs: 00007FF8A7BE88BB
<, xrefs: 00007FF8A7BE8742
>, xrefs: 00007FF8A7BE8753
', xrefs: 00007FF8A7BE8C16
&, xrefs: 00007FF8A7BE8926, 00007FF8A7BE8C88, 00007FF8A7BE8CA0

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: strchr
String ID: $&$'$>$<$"$'\''
API String ID: 2830005266-2908976646
Opcode ID: 58878a93e8017a577d70043575bf448a998ddca24cee1ed7eb6ac7db7c468040
Instruction ID: 7838997921ad993a6f628bb6cee772313da48b7888dad0c5571a443b134552bf
Opcode Fuzzy Hash: 58878a93e8017a577d70043575bf448a998ddca24cee1ed7eb6ac7db7c468040
Instruction Fuzzy Hash: DAE1AEB0F0FAA264FB649E1164553BE1782EF42BC5F486435DD0D0A3C6ED2EB947A381

Function 00007FF8A7BF0BA0 Relevance: 28.6, APIs: 19, Instructions: 115COMMON

Download Yara Rule

APIs

_aligned_free.MSVCRT ref: 00007FF8A7BF0BD6
_aligned_free.MSVCRT ref: 00007FF8A7BF0C0D
_aligned_free.MSVCRT ref: 00007FF8A7BF0C3D
_aligned_free.MSVCRT ref: 00007FF8A7BF0C6D
_aligned_free.MSVCRT ref: 00007FF8A7BF0C89
_aligned_free.MSVCRT ref: 00007FF8A7BF0C92
_aligned_free.MSVCRT ref: 00007FF8A7BF0C9B
_aligned_free.MSVCRT ref: 00007FF8A7BF0CA3
_aligned_free.MSVCRT ref: 00007FF8A7BF0CAB
_aligned_free.MSVCRT ref: 00007FF8A7BF0CB4
_aligned_free.MSVCRT ref: 00007FF8A7BF0CBD
_aligned_free.MSVCRT ref: 00007FF8A7BF0CC5
_aligned_free.MSVCRT ref: 00007FF8A7BF0CCE
_aligned_free.MSVCRT ref: 00007FF8A7BF0CD7
_aligned_free.MSVCRT ref: 00007FF8A7BF0CE0
_aligned_free.MSVCRT ref: 00007FF8A7BF0CE8
_aligned_free.MSVCRT ref: 00007FF8A7BF0CF1
_aligned_free.MSVCRT ref: 00007FF8A7BF0CFB
_aligned_free.MSVCRT ref: 00007FF8A7BF0D05

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _aligned_free
String ID:
API String ID: 2229574080-0
Opcode ID: d09f3d952e3eb66ce5eccd33bd3b0168fb06931170680be69507253bbd36f74d
Instruction ID: cd083823ca4044e08502a53c03c5e5b634fd4256cddf6a3fc6a813e7798a70bd
Opcode Fuzzy Hash: d09f3d952e3eb66ce5eccd33bd3b0168fb06931170680be69507253bbd36f74d
Instruction Fuzzy Hash: 2F413D66B1A511A2EB45EF16D89997E2715FF84FC5F024479DE0D473A2CE3CE842E380

Function 00007FF8BFB8C3C8 Relevance: 28.3, APIs: 15, Strings: 1, Instructions: 288COMMON

Download Yara Rule

APIs

DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8C459
DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8C492
DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8C566
DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8C577
DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8C5DA
DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8C5EA
DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8C636
DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8C648
DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8C7BB
DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8C83B
DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8C84A

Strings

`anonymous namespace', xrefs: 00007FF8BFB8C71B

Memory Dump Source

Source File: 0000000B.00000002.2227563165.00007FF8BFB81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB80000, based on PE: true

Associated: 0000000B.00000002.2227543809.00007FF8BFB80000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227588075.00007FF8BFB91000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227703058.00007FF8BFB96000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227726183.00007FF8BFB97000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb80000_obs-ffmpeg-mux.jbxd

Similarity

API ID: Name::operator+
String ID: `anonymous namespace'
API String ID: 2943138195-3062148218
Opcode ID: c36001f134547c1fc12f70ffa9b86d35a9d04869d0c52a2f257cd9dd74f3dfc9
Instruction ID: dde3d7a2b8de9ab356e5bc7fb4413c5e16eedcbb21dd9f617ad8e7eb71174fef
Opcode Fuzzy Hash: c36001f134547c1fc12f70ffa9b86d35a9d04869d0c52a2f257cd9dd74f3dfc9
Instruction Fuzzy Hash: AFE170B2A08B8695EB10DFA8E8811ED7BA0FB957C8F548035EB4D17B96DF38D554C700

Function 00007FF8A7BF6650 Relevance: 24.6, APIs: 10, Strings: 4, Instructions: 111fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF8A7BF6890: MultiByteToWideChar.KERNEL32 ref: 00007FF8A7BF6903
Part of subcall function 00007FF8A7BF6890: MultiByteToWideChar.KERNEL32 ref: 00007FF8A7BF6945
Part of subcall function 00007FF8A7BF6890: GetFullPathNameW.KERNEL32 ref: 00007FF8A7BF696E
Part of subcall function 00007FF8A7BF6890: GetFullPathNameW.KERNEL32 ref: 00007FF8A7BF69A2
Part of subcall function 00007FF8A7BF6890: wcslen.MSVCRT ref: 00007FF8A7BF69C1
Part of subcall function 00007FF8A7BF6890: _wsopen.MSVCRT ref: 00007FF8A7BF69EB
Part of subcall function 00007FF8A7BF6890: _sopen.MSVCRT ref: 00007FF8A7BF6A15

_fstat64.MSVCRT ref: 00007FF8A7BF66AE
_close.MSVCRT ref: 00007FF8A7BF66D7
_get_osfhandle.MSVCRT ref: 00007FF8A7BF66F3
CreateFileMappingA.KERNEL32 ref: 00007FF8A7BF6718
MapViewOfFile.KERNEL32 ref: 00007FF8A7BF6741
CloseHandle.KERNEL32 ref: 00007FF8A7BF674D
_errno.MSVCRT ref: 00007FF8A7BF6768
_errno.MSVCRT ref: 00007FF8A7BF67B0
_close.MSVCRT ref: 00007FF8A7BF67F1

Strings

Cannot read file '%s': %s, xrefs: 00007FF8A7BF679A
Error occurred in MapViewOfFile(), xrefs: 00007FF8A7BF6831
Error occurred in fstat(): %s, xrefs: 00007FF8A7BF67DD
Error occurred in CreateFileMapping(), xrefs: 00007FF8A7BF6800

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: ByteCharFileFullMultiNamePathWide_close_errno$CloseCreateHandleMappingView_fstat64_get_osfhandle_sopen_wsopenwcslen
String ID: Cannot read file '%s': %s$Error occurred in CreateFileMapping()$Error occurred in MapViewOfFile()$Error occurred in fstat(): %s
API String ID: 741575255-3109280323
Opcode ID: 7267cfeadb9c871bf9fb2dec6a57e72c4003b2fad726f8657ee3e356bb816377
Instruction ID: 6a5e8f4a62126848f1a8978f7a43266fafc0ecd4500570317bf1fd46c8396d0e
Opcode Fuzzy Hash: 7267cfeadb9c871bf9fb2dec6a57e72c4003b2fad726f8657ee3e356bb816377
Instruction Fuzzy Hash: B2418E71A0AB86A2E7559F11E4247AE62A4FF84BC8F404139EE8E07B94DF7DD406E740

Function 00007FF6129E1A40 Relevance: 24.6, APIs: 9, Strings: 5, Instructions: 87stringCOMMON

Download Yara Rule

APIs

strncmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF6129E1A6D

Part of subcall function 00007FF6129E2030: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF6129E23A2), ref: 00007FF6129E204A
Part of subcall function 00007FF6129E2030: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF6129E23A2), ref: 00007FF6129E2065
Part of subcall function 00007FF6129E2030: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF6129E23A2), ref: 00007FF6129E2080
Part of subcall function 00007FF6129E2030: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF6129E23A2), ref: 00007FF6129E209B
Part of subcall function 00007FF6129E2030: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF6129E23A2), ref: 00007FF6129E20B6

avformat_network_init.AVFORMAT-60 ref: 00007FF6129E1A85
av_guess_format.AVFORMAT-60 ref: 00007FF6129E1AAF
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF6129E1ABC
fprintf.MSPDB140-MSVCRT ref: 00007FF6129E1AD0
avformat_alloc_output_context2.AVFORMAT-60 ref: 00007FF6129E1AEC
av_strerror.AVUTIL-58 ref: 00007FF6129E1B19
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF6129E1B23
fprintf.MSPDB140-MSVCRT ref: 00007FF6129E1B38

Part of subcall function 00007FF6129E2910: calloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF6129E1B4C), ref: 00007FF6129E2939

Part of subcall function 00007FF6129E2370: avcodec_free_context.AVCODEC-60 ref: 00007FF6129E2388
Part of subcall function 00007FF6129E2370: av_free.AVUTIL-58 ref: 00007FF6129E23B1
Part of subcall function 00007FF6129E2370: avio_context_free.AVFORMAT-60 ref: 00007FF6129E23BD
Part of subcall function 00007FF6129E2370: avformat_free_context.AVFORMAT-60 ref: 00007FF6129E23CC
Part of subcall function 00007FF6129E2370: avcodec_free_context.AVCODEC-60 ref: 00007FF6129E2402
Part of subcall function 00007FF6129E2370: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6129E2415

Strings

Couldn't find an appropriate muxer for '%s', xrefs: 00007FF6129E1AC6
http, xrefs: 00007FF6129E1A5C
mpegts, xrefs: 00007FF6129E1A92
video/M2PT, xrefs: 00007FF6129E1A9C
Couldn't initialize output context: %s, xrefs: 00007FF6129E1B31

Memory Dump Source

Source File: 0000000B.00000002.2221719961.00007FF6129E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6129E0000, based on PE: true

Associated: 0000000B.00000002.2221699491.00007FF6129E0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2221744703.00007FF6129E5000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2221759176.00007FF6129E6000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2221776644.00007FF6129E9000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6129e0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: strncmp$__acrt_iob_funcavcodec_free_contextfprintf$av_freeav_guess_formatav_strerroravformat_alloc_output_context2avformat_free_contextavformat_network_initavio_context_freecallocfree
String ID: Couldn't find an appropriate muxer for '%s'$Couldn't initialize output context: %s$http$mpegts$video/M2PT
API String ID: 3777911973-2524251934
Opcode ID: 078559d49e555ef7517477361438487f95b7fa6d5945ffa6822e70d97715306d
Instruction ID: 3b96ead7165c15b7249629980c3e1327112e86e5a29793c0bbf3a6ef3beb85b6
Opcode Fuzzy Hash: 078559d49e555ef7517477361438487f95b7fa6d5945ffa6822e70d97715306d
Instruction Fuzzy Hash: 46319371E18E4242FA109B2FA4112FA2351BF89FBCF545A35E95D97297FEACE9408700

Function 00007FF8BFB5B4A0 Relevance: 24.2, APIs: 16, Instructions: 234COMMON

Download Yara Rule

APIs

av_channel_layout_from_mask.AVUTIL-58 ref: 00007FF8BFB5B5AA
av_channel_layout_compare.AVUTIL-58 ref: 00007FF8BFB5B5B6
av_channel_layout_uninit.AVUTIL-58 ref: 00007FF8BFB5B606
av_channel_layout_from_mask.AVUTIL-58 ref: 00007FF8BFB5B615
av_channel_layout_compare.AVUTIL-58 ref: 00007FF8BFB5B621
av_channel_layout_uninit.AVUTIL-58 ref: 00007FF8BFB5B649

Part of subcall function 00007FF8BFB5B2B0: av_channel_layout_from_mask.AVUTIL-58 ref: 00007FF8BFB5B314
Part of subcall function 00007FF8BFB5B2B0: av_opt_set_chlayout.AVUTIL-58 ref: 00007FF8BFB5B34F
Part of subcall function 00007FF8BFB5B2B0: av_opt_set_int.AVUTIL-58 ref: 00007FF8BFB5B370
Part of subcall function 00007FF8BFB5B2B0: av_opt_set_int.AVUTIL-58 ref: 00007FF8BFB5B394
Part of subcall function 00007FF8BFB5B2B0: av_channel_layout_uninit.AVUTIL-58 ref: 00007FF8BFB5B3D2
Part of subcall function 00007FF8BFB5B2B0: av_channel_layout_from_mask.AVUTIL-58 ref: 00007FF8BFB5B3E1
Part of subcall function 00007FF8BFB5B2B0: av_opt_set_chlayout.AVUTIL-58 ref: 00007FF8BFB5B3F6
Part of subcall function 00007FF8BFB5B2B0: av_opt_set_int.AVUTIL-58 ref: 00007FF8BFB5B413
Part of subcall function 00007FF8BFB5B2B0: av_opt_set_int.AVUTIL-58 ref: 00007FF8BFB5B433
Part of subcall function 00007FF8BFB5B2B0: av_channel_layout_uninit.AVUTIL-58 ref: 00007FF8BFB5B477

Part of subcall function 00007FF8BFB65F8E: av_log.AVUTIL-58 ref: 00007FF8BFB65FC9

av_frame_get_buffer.AVUTIL-58 ref: 00007FF8BFB5B706
av_get_bytes_per_sample.AVUTIL-58 ref: 00007FF8BFB5B74B
av_sample_fmt_is_planar.AVUTIL-58 ref: 00007FF8BFB5B763

Memory Dump Source

Source File: 0000000B.00000002.2227411362.00007FF8BFB51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BFB50000, based on PE: true

Associated: 0000000B.00000002.2227392651.00007FF8BFB50000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227439652.00007FF8BFB69000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227461251.00007FF8BFB72000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227482039.00007FF8BFB73000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227501419.00007FF8BFB76000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227522561.00007FF8BFB77000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb50000_obs-ffmpeg-mux.jbxd

Similarity

API ID: av_channel_layout_from_maskav_channel_layout_uninitav_opt_set_int$av_channel_layout_compareav_opt_set_chlayout$av_frame_get_bufferav_get_bytes_per_sampleav_logav_sample_fmt_is_planar
String ID:
API String ID: 1741793059-0
Opcode ID: 5f9c736c55c51c0448996e1834cac8009cd8094c6cea8c5c45183c0897257ebe
Instruction ID: 71b595b2e284fa34c75912097706aa9c33bd1ed9d1a68dcca8679db0e8838c6e
Opcode Fuzzy Hash: 5f9c736c55c51c0448996e1834cac8009cd8094c6cea8c5c45183c0897257ebe
Instruction Fuzzy Hash: DD916E22B0824686FA699EBDA46177AB7D5BF40BC4F448431DF0A9B696EF3DF4018700

Function 00007FF8BFB8A83C Relevance: 22.9, APIs: 15, Instructions: 358COMMON

Download Yara Rule

APIs

DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8A88D
DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8A969
DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8A9B2
DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8A9C3

Memory Dump Source

Source File: 0000000B.00000002.2227563165.00007FF8BFB81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB80000, based on PE: true

Associated: 0000000B.00000002.2227543809.00007FF8BFB80000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227588075.00007FF8BFB91000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227703058.00007FF8BFB96000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227726183.00007FF8BFB97000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb80000_obs-ffmpeg-mux.jbxd

Similarity

API ID: Name::operator+
String ID:
API String ID: 2943138195-0
Opcode ID: 63ad456de8db332c0b347e2e514b887ab112aaee213ccda8367cb7f767930e9c
Instruction ID: c7c05f362f43044eb9b904760e8aada016086ddeab4c1e12e35c09589849d93a
Opcode Fuzzy Hash: 63ad456de8db332c0b347e2e514b887ab112aaee213ccda8367cb7f767930e9c
Instruction Fuzzy Hash: F0F17E76B08682AAE710DFA8D4901FC77B5EB8478CB448136EB4D67A9ADF38D519C340

Function 00007FF8BFB8D20C Relevance: 21.3, APIs: 7, Strings: 5, Instructions: 349COMMON

Download Yara Rule

APIs

DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8D712

Strings

`template-type-parameter-, xrefs: 00007FF8BFB8D6D0
`generic-class-parameter-, xrefs: 00007FF8BFB8D6C7
nullptr, xrefs: 00007FF8BFB8D3FA
NULL, xrefs: 00007FF8BFB8D2D7
`generic-method-parameter-, xrefs: 00007FF8BFB8D6B7

Memory Dump Source

Source File: 0000000B.00000002.2227563165.00007FF8BFB81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB80000, based on PE: true

Associated: 0000000B.00000002.2227543809.00007FF8BFB80000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227588075.00007FF8BFB91000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227703058.00007FF8BFB96000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227726183.00007FF8BFB97000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb80000_obs-ffmpeg-mux.jbxd

Similarity

API ID: Name::operator+
String ID: NULL$`generic-class-parameter-$`generic-method-parameter-$`template-type-parameter-$nullptr
API String ID: 2943138195-2309034085
Opcode ID: 767f6b35ed257beddb1ea2fff1390adae3ecab9bc22a75a6672164d643aa4b64
Instruction ID: 0b22f75e484b1d7b71b28f3155ea2b8771ac3c3b6fcc9244c0b640348df37b54
Opcode Fuzzy Hash: 767f6b35ed257beddb1ea2fff1390adae3ecab9bc22a75a6672164d643aa4b64
Instruction Fuzzy Hash: 9FE14F62E0865294FB15ABECD9951FC27A1AF897C8F544137CF0D27A9BDE3CA904C360

Function 00007FF8A7C0EA60 Relevance: 21.2, APIs: 6, Strings: 6, Instructions: 176stringCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 00007FF8A7C0EAAA
strchr.MSVCRT ref: 00007FF8A7C0EAE4
strlen.MSVCRT ref: 00007FF8A7C0EB01
strtoul.MSVCRT ref: 00007FF8A7C0EB65

Strings

Invalid alpha value specifier '%s' in '%s', xrefs: 00007FF8A7C0ECF0
Invalid 0xRRGGBB[AA] color string: '%s', xrefs: 00007FF8A7C0ED09
bikeshed, xrefs: 00007FF8A7C0EB20
Cannot find color '%s', xrefs: 00007FF8A7C0ED2A
0123456789ABCDEFabcdef, xrefs: 00007FF8A7C0EC1C
random, xrefs: 00007FF8A7C0EB0A

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: strlen$strchrstrtoul
String ID: 0123456789ABCDEFabcdef$Cannot find color '%s'$Invalid 0xRRGGBB[AA] color string: '%s'$Invalid alpha value specifier '%s' in '%s'$bikeshed$random
API String ID: 643661298-1323625105
Opcode ID: 05b314dcd31ff43a5f327d01538bb3f4bf05cbc92719439464dceff93f7a60bd
Instruction ID: 083cc66c2802c642d29bab12fa626af39a6ab22eaa9befc3b9f5b4047231567f
Opcode Fuzzy Hash: 05b314dcd31ff43a5f327d01538bb3f4bf05cbc92719439464dceff93f7a60bd
Instruction Fuzzy Hash: E8712A12A5F682A5FB61AF21B41177D5690EF817C0F448231EE8E477C1DF6DF542A380

Function 00007FF8A7C23CB0 Relevance: 21.1, APIs: 14, Instructions: 123COMMON

Download Yara Rule

APIs

_aligned_free.MSVCRT ref: 00007FF8A7C23D1B
_aligned_free.MSVCRT ref: 00007FF8A7C23D23

Part of subcall function 00007FF8A7C23CB0: _aligned_free.MSVCRT ref: 00007FF8A7C23CF9

_aligned_free.MSVCRT ref: 00007FF8A7C23D4D
_aligned_free.MSVCRT ref: 00007FF8A7C23D6F
_aligned_free.MSVCRT ref: 00007FF8A7C23D77
_aligned_free.MSVCRT ref: 00007FF8A7C23D7F
_aligned_free.MSVCRT ref: 00007FF8A7C23DB7
_aligned_free.MSVCRT ref: 00007FF8A7C23DD9
_aligned_free.MSVCRT ref: 00007FF8A7C23DE1
_aligned_free.MSVCRT ref: 00007FF8A7C23E0B
_aligned_free.MSVCRT ref: 00007FF8A7C23E2D
_aligned_free.MSVCRT ref: 00007FF8A7C23E35
_aligned_free.MSVCRT ref: 00007FF8A7C23E3D

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _aligned_free
String ID:
API String ID: 2229574080-0
Opcode ID: 9507d53f166a1d0254cdadf622783abd4b684d210657e614246861b7e6ebef3c
Instruction ID: 4d46bd68ab77913e26dc236bc9e6d6741dc95cbabd142b08364e75dca3c94fe5
Opcode Fuzzy Hash: 9507d53f166a1d0254cdadf622783abd4b684d210657e614246861b7e6ebef3c
Instruction Fuzzy Hash: 1741D311B1A462A0EB4AFE12C45A57E2759FF85FD0B468935DE1D4B392CF3CE846A3C0

Function 00007FF8BFB82CE4 Relevance: 19.6, APIs: 8, Strings: 3, Instructions: 309COMMON

Download Yara Rule

APIs

__FrameHandler3::GetHandlerSearchState.LIBVCRUNTIME ref: 00007FF8BFB82D40

Part of subcall function 00007FF8BFB85010: _GetEstablisherFrame.LIBVCRUNTIME ref: 00007FF8BFB85045
Part of subcall function 00007FF8BFB85010: __GetUnwindTryBlock.LIBCMT ref: 00007FF8BFB85053
Part of subcall function 00007FF8BFB85010: __SetUnwindTryBlock.LIBVCRUNTIME ref: 00007FF8BFB85078

Is_bad_exception_allowed.LIBVCRUNTIME ref: 00007FF8BFB82E18
terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8BFB82E25
__FrameHandler3::ExecutionInCatch.LIBVCRUNTIME ref: 00007FF8BFB83060
terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8BFB8308E
_GetEstablisherFrame.LIBVCRUNTIME ref: 00007FF8BFB830CC

Part of subcall function 00007FF8BFB86710: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF8BFB8239E), ref: 00007FF8BFB8671E

abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8BFB83154
std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF8BFB83189

Strings

csm, xrefs: 00007FF8BFB82E3D
csm, xrefs: 00007FF8BFB82DC1
csm, xrefs: 00007FF8BFB82D5A

Memory Dump Source

Source File: 0000000B.00000002.2227563165.00007FF8BFB81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB80000, based on PE: true

Associated: 0000000B.00000002.2227543809.00007FF8BFB80000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227588075.00007FF8BFB91000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227703058.00007FF8BFB96000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227726183.00007FF8BFB97000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb80000_obs-ffmpeg-mux.jbxd

Similarity

API ID: Frame$BlockEstablisherHandler3::Unwindabortterminate$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
String ID: csm$csm$csm
API String ID: 3436797354-393685449
Opcode ID: d5e0e3ab29c15918133307a59fdea49d8ed4f7431b693d67295d57de9f2acebd
Instruction ID: 86a37aeaf06eb04e483cf3f8d3469abdb3fc568c131735268a09658bf7ad04cb
Opcode Fuzzy Hash: d5e0e3ab29c15918133307a59fdea49d8ed4f7431b693d67295d57de9f2acebd
Instruction Fuzzy Hash: 2BD16036A087418AEB609FA9D4802AD7BA1FB85BD8F144135EF8D57B5ADF38E494C700

Function 00007FF8BFB57400 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 161COMMON

Download Yara Rule

APIs

av_calloc.AVUTIL-58 ref: 00007FF8BFB57470
memcpy.MSVCRT ref: 00007FF8BFB574F2
memcpy.MSVCRT ref: 00007FF8BFB5751E
av_freep.AVUTIL-58(?,?), ref: 00007FF8BFB575A9

Strings

Assertion %s failed at %s:%d, xrefs: 00007FF8BFB57622
src/libswresample/resample.c, xrefs: 00007FF8BFB5760B
!c->frac && !c->dst_incr_mod, xrefs: 00007FF8BFB57612

Memory Dump Source

Source File: 0000000B.00000002.2227411362.00007FF8BFB51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BFB50000, based on PE: true

Associated: 0000000B.00000002.2227392651.00007FF8BFB50000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227439652.00007FF8BFB69000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227461251.00007FF8BFB72000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227482039.00007FF8BFB73000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227501419.00007FF8BFB76000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227522561.00007FF8BFB77000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb50000_obs-ffmpeg-mux.jbxd

Similarity

API ID: memcpy$av_callocav_freep
String ID: !c->frac && !c->dst_incr_mod$Assertion %s failed at %s:%d$src/libswresample/resample.c
API String ID: 1182148616-608564573
Opcode ID: ae225f1ac773ac5f9c1fe2fea1a141108402761e9a2d6cdf13e09e92a9034940
Instruction ID: 9cd4781f33bf87c42924a952460eea35e35c2782d53753ebc21ca507654105f6
Opcode Fuzzy Hash: ae225f1ac773ac5f9c1fe2fea1a141108402761e9a2d6cdf13e09e92a9034940
Instruction Fuzzy Hash: BC6172B2A087068BD758CF7DD59157DB7A5EB44B98B204136EB0D87798DB3CE441CB80

Function 00007FF8A7BEAE10 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 151stringCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 00007FF8A7BEAE26
memcmp.MSVCRT ref: 00007FF8A7BEAEA5

Strings

mono, xrefs: 00007FF8A7BEAE70

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: memcmpstrlen
String ID: mono
API String ID: 3108337309-2381334079
Opcode ID: 4442f9bb683f4af6272261eaf8af414874aa53633c76ffc30400c404e096c1e0
Instruction ID: 1cdbd9caa3b1d4b4491da20a2d7a985642ee08bcb28862614b34f96c67b0080d
Opcode Fuzzy Hash: 4442f9bb683f4af6272261eaf8af414874aa53633c76ffc30400c404e096c1e0
Instruction Fuzzy Hash: 7F51A0B2B0B542A6FF619F1594512BE6695EF05BC0F8D4432DE0E57780EE2CE446A340

Function 00007FF8BFB58F70 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 139COMMON

Download Yara Rule

APIs

av_freep.AVUTIL-58 ref: 00007FF8BFB5909C
av_log.AVUTIL-58 ref: 00007FF8BFB59187
abort.MSVCRT ref: 00007FF8BFB5918C
av_log.AVUTIL-58 ref: 00007FF8BFB591B5
abort.MSVCRT ref: 00007FF8BFB591BA

Strings

a->bps, xrefs: 00007FF8BFB59198
a->ch_count, xrefs: 00007FF8BFB59168
Assertion %s failed at %s:%d, xrefs: 00007FF8BFB59178, 00007FF8BFB591AE
src/libswresample/swresample.c, xrefs: 00007FF8BFB59161, 00007FF8BFB59191

Memory Dump Source

Source File: 0000000B.00000002.2227411362.00007FF8BFB51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BFB50000, based on PE: true

Associated: 0000000B.00000002.2227392651.00007FF8BFB50000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227439652.00007FF8BFB69000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227461251.00007FF8BFB72000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227482039.00007FF8BFB73000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227501419.00007FF8BFB76000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227522561.00007FF8BFB77000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb50000_obs-ffmpeg-mux.jbxd

Similarity

API ID: abortav_log$av_freep
String ID: Assertion %s failed at %s:%d$a->bps$a->ch_count$src/libswresample/swresample.c
API String ID: 2329147549-2798989596
Opcode ID: 8a6bc04a2563c4ca64b9d2f166cec7721cca9d96160b8b29e1ad9d54915bbd6c
Instruction ID: 3912c6949bd3892ae2d3b167be24ca124e2f635c2228e23530c43ed2c7041db4
Opcode Fuzzy Hash: 8a6bc04a2563c4ca64b9d2f166cec7721cca9d96160b8b29e1ad9d54915bbd6c
Instruction Fuzzy Hash: 91510072B0968295EB308FADA898BF97360EF547C8F044235DF1D4AA95DF3CE505C600

Function 00007FF8A7BEF360 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 170stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF8A7C078F0: strlen.MSVCRT ref: 00007FF8A7C078FF
Part of subcall function 00007FF8A7C078F0: _aligned_realloc.MSVCRT ref: 00007FF8A7C0791F
Part of subcall function 00007FF8A7C078F0: memcpy.MSVCRT ref: 00007FF8A7C07936

_aligned_free.MSVCRT ref: 00007FF8A7BEF410
_aligned_free.MSVCRT ref: 00007FF8A7BEF418
_aligned_free.MSVCRT ref: 00007FF8A7BEF49B
_aligned_free.MSVCRT ref: 00007FF8A7BEF4A5
_aligned_free.MSVCRT ref: 00007FF8A7BEF51E
_aligned_free.MSVCRT ref: 00007FF8A7BEF528
strlen.MSVCRT ref: 00007FF8A7BEF5C0
strlen.MSVCRT ref: 00007FF8A7BEF5CB
memcpy.MSVCRT ref: 00007FF8A7BEF5F9

Strings

%lld, xrefs: 00007FF8A7BEF386

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _aligned_free$strlen$memcpy$_aligned_realloc
String ID: %lld
API String ID: 3853940031-1962030014
Opcode ID: 8ef0d90d922d738ed908a9e8d1ebc5c3fb02acdd9b45e12231443154cef6d25c
Instruction ID: 042c7fbedddffe45dc9cb7dadcf4ca7fdf485b9293c49ac0c715493179679128
Opcode Fuzzy Hash: 8ef0d90d922d738ed908a9e8d1ebc5c3fb02acdd9b45e12231443154cef6d25c
Instruction Fuzzy Hash: 2261DD72A0BA42A5EBA59F15A51067E63A0FF88BD4F044534EE4D47785FF3CE542E380

Function 00007FF8A7C9AF60 Relevance: 16.7, APIs: 11, Instructions: 159sleepCOMMON

Download Yara Rule

APIs

CreateEventA.KERNEL32 ref: 00007FF8A7C9AFE2
Sleep.KERNEL32 ref: 00007FF8A7C9AFF7

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: CreateEventSleep
String ID:
API String ID: 3100162736-0
Opcode ID: e5aaf2775736aee3134771c4ec912a0918e928d2149e6c1679b1ab5e8eb6a53e
Instruction ID: 8f3094466886edd567e8fb830a5a410d3b4664345b93d1de282d13a5262e461e
Opcode Fuzzy Hash: e5aaf2775736aee3134771c4ec912a0918e928d2149e6c1679b1ab5e8eb6a53e
Instruction Fuzzy Hash: 10519072A0AA02E6E7919F25A948BAF32A5EB447E4F014735DE69473D1DF3CD885E300

Function 00007FF8BFB59B80 Relevance: 16.2, APIs: 2, Strings: 7, Instructions: 426COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF8BFB58F70: av_freep.AVUTIL-58 ref: 00007FF8BFB5909C

av_log.AVUTIL-58 ref: 00007FF8BFB5A2CE
abort.MSVCRT ref: 00007FF8BFB5A2D3

Strings

?, xrefs: 00007FF8BFB59ED2
s->midbuf.ch_count == s->out.ch_count, xrefs: 00007FF8BFB5A2E7
s->in.planar, xrefs: 00007FF8BFB5A321
s->midbuf.ch_count == s->used_ch_layout.nb_channels, xrefs: 00007FF8BFB5A2B7
Assertion %s failed at %s:%d, xrefs: 00007FF8BFB5A2C3
src/libswresample/swresample.c, xrefs: 00007FF8BFB5A2A8, 00007FF8BFB5A2D8, 00007FF8BFB5A2F5, 00007FF8BFB5A312
s->dither.noise.ch_count == preout->ch_count, xrefs: 00007FF8BFB5A304

Memory Dump Source

Source File: 0000000B.00000002.2227411362.00007FF8BFB51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BFB50000, based on PE: true

Associated: 0000000B.00000002.2227392651.00007FF8BFB50000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227439652.00007FF8BFB69000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227461251.00007FF8BFB72000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227482039.00007FF8BFB73000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227501419.00007FF8BFB76000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227522561.00007FF8BFB77000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb50000_obs-ffmpeg-mux.jbxd

Similarity

API ID: abortav_freepav_log
String ID: ?$Assertion %s failed at %s:%d$s->dither.noise.ch_count == preout->ch_count$s->in.planar$s->midbuf.ch_count == s->out.ch_count$s->midbuf.ch_count == s->used_ch_layout.nb_channels$src/libswresample/swresample.c
API String ID: 3736396223-3190629393
Opcode ID: d26e443fe19845a36fdde429c2a9a759add677dece32294348b5e2c239672df1
Instruction ID: 537e43ed3cddf1cb8e176ae39bd36429b02257f097ab387260e42451b7cd357a
Opcode Fuzzy Hash: d26e443fe19845a36fdde429c2a9a759add677dece32294348b5e2c239672df1
Instruction Fuzzy Hash: 1E02E072A0869686E7209FAA94607BAB7A5FB45BC8F580036DF4D5B788DF3CF444C710

Function 00007FF8BFB8E350 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 196COMMON

Download Yara Rule

Strings

template-parameter-, xrefs: 00007FF8BFB8E417
generic-type-, xrefs: 00007FF8BFB8E45E
`generic-type-, xrefs: 00007FF8BFB8E491
`template-parameter-, xrefs: 00007FF8BFB8E44A

Memory Dump Source

Source File: 0000000B.00000002.2227563165.00007FF8BFB81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB80000, based on PE: true

Associated: 0000000B.00000002.2227543809.00007FF8BFB80000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227588075.00007FF8BFB91000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227703058.00007FF8BFB96000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227726183.00007FF8BFB97000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb80000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID: `generic-type-$`template-parameter-$generic-type-$template-parameter-
API String ID: 0-3207858774
Opcode ID: 6f458657f8fae6e2f2557f40169539ea56a3e6fb73d2116d9b83691f1491e61c
Instruction ID: 3eda163644d6c9d6704849bba501ec1a87a5471fbedaa3212919024432804a1b
Opcode Fuzzy Hash: 6f458657f8fae6e2f2557f40169539ea56a3e6fb73d2116d9b83691f1491e61c
Instruction Fuzzy Hash: F1916B22A08A4699FB11DBE9D4502FC37A1AB95BC8F88813ADB4D037A6DF3CE505C740

Function 00007FF8A7C89990 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 155COMMON

Download Yara Rule

APIs

_errno.MSVCRT ref: 00007FF8A7C89AF8

Strings

-, xrefs: 00007FF8A7C89A98

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _errno
String ID: -
API String ID: 2918714741-2547889144
Opcode ID: f978b8ec28ce8a6f9b5e47dd2052fece94246ae97b2b9cc28d4a0647f4bf6175
Instruction ID: fc51648e0898abfaaefe6ccd891b2da4f61009866848bed0f02877a0ab5bdb81
Opcode Fuzzy Hash: f978b8ec28ce8a6f9b5e47dd2052fece94246ae97b2b9cc28d4a0647f4bf6175
Instruction Fuzzy Hash: 2D51F622F0F667A5FB758E2554103BD6681EF017EAF5A4630DD6E0A3C1ED3CE841A300

Function 00007FF8A7C89BF0 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 147COMMON

Download Yara Rule

APIs

_errno.MSVCRT ref: 00007FF8A7C89D38

Strings

-, xrefs: 00007FF8A7C89CFA
ambisonic , xrefs: 00007FF8A7C89BF9

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _errno
String ID: -$ambisonic
API String ID: 2918714741-2876420257
Opcode ID: c1d0ba877cb9a5e33fb598b34b3d9939bb9d6dbd7a5e029ec6c2859871519c45
Instruction ID: dd85364cf3fc52811cd6bbfbc0a8d67c251a1b77e95be704280c410b5487182d
Opcode Fuzzy Hash: c1d0ba877cb9a5e33fb598b34b3d9939bb9d6dbd7a5e029ec6c2859871519c45
Instruction Fuzzy Hash: E4414662F0F55365FBA14E2198583BE26C2EF027E6F454932DD2E4A2C1ED3DF841A704

Function 00007FF8BFB8A13C Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 120COMMON

Download Yara Rule

APIs

DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8A198

Part of subcall function 00007FF8BFB8722C: DName::operator+=.LIBVCRUNTIME ref: 00007FF8BFB87247

DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8A2C5

Strings

cointerface , xrefs: 00007FF8BFB8A26C
class , xrefs: 00007FF8BFB8A2DA
enum , xrefs: 00007FF8BFB8A287
`unknown ecsu', xrefs: 00007FF8BFB8A164
struct , xrefs: 00007FF8BFB8A2E9
coclass , xrefs: 00007FF8BFB8A27E
union , xrefs: 00007FF8BFB8A2F2

Memory Dump Source

Source File: 0000000B.00000002.2227563165.00007FF8BFB81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB80000, based on PE: true

Associated: 0000000B.00000002.2227543809.00007FF8BFB80000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227588075.00007FF8BFB91000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227703058.00007FF8BFB96000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227726183.00007FF8BFB97000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb80000_obs-ffmpeg-mux.jbxd

Similarity

API ID: Name::operator+$Name::operator+=
String ID: `unknown ecsu'$class $coclass $cointerface $enum $struct $union
API String ID: 179159573-1464470183
Opcode ID: 2fc61dd6c602e97fa3c1e55ca06bd20aebc659b0b394667bc2b1a0081ee2f141
Instruction ID: 57412be7b3d0433f7e5144368553e0a347e99db1b0a9cdd8ac94c1dc0354bfd9
Opcode Fuzzy Hash: 2fc61dd6c602e97fa3c1e55ca06bd20aebc659b0b394667bc2b1a0081ee2f141
Instruction Fuzzy Hash: AF516B71F18A16A9FB24DBA8E8805FC77B5BB543C4F504239EF0D12A5ADF29E541C700

Function 00007FF8A7C0D3D0 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 110stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF8A7BE5FB0: strlen.MSVCRT ref: 00007FF8A7BE5FC9

strspn.MSVCRT ref: 00007FF8A7C0D44B
_aligned_free.MSVCRT ref: 00007FF8A7C0D4BB
_aligned_free.MSVCRT ref: 00007FF8A7C0D4C3
_aligned_free.MSVCRT ref: 00007FF8A7C0D544
_aligned_free.MSVCRT ref: 00007FF8A7C0D54C
_aligned_free.MSVCRT ref: 00007FF8A7C0D57A

Strings

Setting entry with key '%s' to value '%s', xrefs: 00007FF8A7C0D40E
Key '%s' not found., xrefs: 00007FF8A7C0D525
Missing key or no key/value separator found after key '%s', xrefs: 00007FF8A7C0D55B

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _aligned_free$strlenstrspn
String ID: Key '%s' not found.$Missing key or no key/value separator found after key '%s'$Setting entry with key '%s' to value '%s'
API String ID: 1832283230-2858522012
Opcode ID: 6858625f83de9048fadb2900624906809c4cd63edab14c6c68f5989beb2d347c
Instruction ID: b56ac24a10f523039c12cb7b57e5923ee7b77077c0c033609503185736a23fd9
Opcode Fuzzy Hash: 6858625f83de9048fadb2900624906809c4cd63edab14c6c68f5989beb2d347c
Instruction Fuzzy Hash: 5941C351A0E682B0FB659E56A8007BE5B90FF85BC4F548431ED4E177D6CE3CE486E380

Function 00007FF8A7C09900 Relevance: 15.3, APIs: 1, Strings: 9, Instructions: 317stringCOMMON

Download Yara Rule

APIs

strcmp.MSVCRT ref: 00007FF8A7C099A4

Strings

%c%c%c%c%c%c%c%c%c%c%c, xrefs: 00007FF8A7C09B55
(default , xrefs: 00007FF8A7C09D46
I, xrefs: 00007FF8A7C09D30
%-12s , xrefs: 00007FF8A7C09A5D
to , xrefs: 00007FF8A7C09C59
(from , xrefs: 00007FF8A7C09C1B
%s%-17s , xrefs: 00007FF8A7C09A3D
%-15s , xrefs: 00007FF8A7C099B0
%s, xrefs: 00007FF8A7C09B9A

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: strcmp
String ID: %-15s $ %s%-17s $ %s$ (default $ (from $ I$ to $%-12s $%c%c%c%c%c%c%c%c%c%c%c
API String ID: 1004003707-1704579004
Opcode ID: 2ea16860b3427611d439ee252ee5f1f96aacb857c5cfc9ddd7f0c0fe524bede6
Instruction ID: 65af2fbece17ce0514670e2f91f29a4b113a6c2b68abd7b2f0a0dade0f3fd6ce
Opcode Fuzzy Hash: 2ea16860b3427611d439ee252ee5f1f96aacb857c5cfc9ddd7f0c0fe524bede6
Instruction Fuzzy Hash: CCC1D472B0AA42A6EB248F25E4407BE2761FB807D5F548135EA4E47B95DF3CE842D780

Function 00007FF8A7BEF640 Relevance: 15.2, APIs: 10, Instructions: 244stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF8A7BE5FB0: strlen.MSVCRT ref: 00007FF8A7BE5FC9

strspn.MSVCRT ref: 00007FF8A7BEF71E
_aligned_free.MSVCRT ref: 00007FF8A7BEF7E5
_aligned_free.MSVCRT ref: 00007FF8A7BEF7ED

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _aligned_free$strlenstrspn
String ID:
API String ID: 1832283230-0
Opcode ID: 26bc88a9fd69d679ea30a0b0f13b4c0f719b999fe5c0e19c8c29863e318b563f
Instruction ID: f7e1f3401b3ff36b8adf21baa42cc421f852e157225a3139d5a119db98260d06
Opcode Fuzzy Hash: 26bc88a9fd69d679ea30a0b0f13b4c0f719b999fe5c0e19c8c29863e318b563f
Instruction Fuzzy Hash: 8AA17F72A0AA82A5EF55DF15E45437EA7A0EF84BC0F044135EA8D47795EF3CE842E780

Function 00007FF8BFB888E4 Relevance: 15.2, APIs: 10, Instructions: 150COMMON

Download Yara Rule

APIs

DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB889AE
DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB889BE
DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB88A0A
DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB88A1A
DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB88A2A
DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB88A9D
DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB88AAE
DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB88AC0
DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB88AEC
DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB88AFB

Memory Dump Source

Source File: 0000000B.00000002.2227563165.00007FF8BFB81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB80000, based on PE: true

Associated: 0000000B.00000002.2227543809.00007FF8BFB80000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227588075.00007FF8BFB91000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227703058.00007FF8BFB96000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227726183.00007FF8BFB97000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb80000_obs-ffmpeg-mux.jbxd

Similarity

API ID: Name::operator+
String ID:
API String ID: 2943138195-0
Opcode ID: 28d39e64d2900046752fe00e0d170ae61e4b908a297697eb59c3c366de5be272
Instruction ID: ca57e452659b303addd90072ce14749a0d8f0947a53c3af6a316747859f549fc
Opcode Fuzzy Hash: 28d39e64d2900046752fe00e0d170ae61e4b908a297697eb59c3c366de5be272
Instruction Fuzzy Hash: 67614962B14B6699FB00DBE8D8801EC37B2BB84788F505436EF4D6BA9ADF78D545C340

Function 00007FF8A7BF09B0 Relevance: 15.1, APIs: 10, Instructions: 135COMMON

Download Yara Rule

APIs

_aligned_free.MSVCRT ref: 00007FF8A7BF0AA6
_aligned_free.MSVCRT ref: 00007FF8A7BF0ADD
_aligned_free.MSVCRT ref: 00007FF8A7BF0AFA
_aligned_free.MSVCRT ref: 00007FF8A7BF0B03
_aligned_free.MSVCRT ref: 00007FF8A7BF0B0C
_aligned_free.MSVCRT ref: 00007FF8A7BF0B14
_aligned_free.MSVCRT ref: 00007FF8A7BF0B1D
_aligned_free.MSVCRT ref: 00007FF8A7BF0B27
_aligned_free.MSVCRT ref: 00007FF8A7BF0B31
_aligned_free.MSVCRT ref: 00007FF8A7BF0B3C

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _aligned_free
String ID:
API String ID: 2229574080-0
Opcode ID: 5319d01e5d1025e7fc0068ae3d94082f79af11993daff4612deb7ef89ba06dda
Instruction ID: 98ee6debe6a87f508c6dccd11b032b404d8e828a664f120cdaea33b537a0cbc4
Opcode Fuzzy Hash: 5319d01e5d1025e7fc0068ae3d94082f79af11993daff4612deb7ef89ba06dda
Instruction Fuzzy Hash: 17416F76A0B616A1EB56AF15844977E2399EF84BC4F060439DE4D07392DEBCEC42E380

Function 00007FF8A7C99840 Relevance: 15.1, APIs: 10, Instructions: 100COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 00007FF8A7C9985D

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: de550876fdf94b650e17a9c6284cbc8fe7517bb1ab88a7b2ec8df1b363e153e6
Instruction ID: ccedb131b328c8fb27722a4e943c1cf8a0919f718d947bdc38fd277a7241f734
Opcode Fuzzy Hash: de550876fdf94b650e17a9c6284cbc8fe7517bb1ab88a7b2ec8df1b363e153e6
Instruction Fuzzy Hash: 5E316B72A0AB02A6EB919F25E80436D76A4FB44BD9F445239DE5C063E8EF3CE444D704

Function 00007FF8BFB55C20 Relevance: 14.3, APIs: 4, Strings: 4, Instructions: 341COMMON

Download Yara Rule

Strings

Assertion %s failed at %s:%d, xrefs: 00007FF8BFB561EB
s-> in_ch_layout.order == AV_CHANNEL_ORDER_UNSPEC || in ->ch_count == s->in_ch_layout.nb_channels, xrefs: 00007FF8BFB5620F
s->out_ch_layout.order == AV_CHANNEL_ORDER_UNSPEC || out->ch_count == s->out_ch_layout.nb_channels, xrefs: 00007FF8BFB561DF
src/libswresample/rematrix.c, xrefs: 00007FF8BFB561D0, 00007FF8BFB56200

Memory Dump Source

Source File: 0000000B.00000002.2227411362.00007FF8BFB51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BFB50000, based on PE: true

Associated: 0000000B.00000002.2227392651.00007FF8BFB50000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227439652.00007FF8BFB69000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227461251.00007FF8BFB72000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227482039.00007FF8BFB73000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227501419.00007FF8BFB76000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227522561.00007FF8BFB77000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb50000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID: Assertion %s failed at %s:%d$s-> in_ch_layout.order == AV_CHANNEL_ORDER_UNSPEC || in ->ch_count == s->in_ch_layout.nb_channels$s->out_ch_layout.order == AV_CHANNEL_ORDER_UNSPEC || out->ch_count == s->out_ch_layout.nb_channels$src/libswresample/rematrix.c
API String ID: 0-729179064
Opcode ID: 497491d05170ef8247b869581e7d03bb9a59682df4ab4db83a46a576b33f8865
Instruction ID: c6424993d13fb7ba8091519f3204d5ac6c8a1cad813ceaab799424074bf417b1
Opcode Fuzzy Hash: 497491d05170ef8247b869581e7d03bb9a59682df4ab4db83a46a576b33f8865
Instruction Fuzzy Hash: 7CE1DC73A08A8286DB208F99D054ABE7765FB447C9F465236DB4D17B98DF3CE146CB00

Function 00007FF8BFB831A0 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 314COMMON

Download Yara Rule

APIs

Is_bad_exception_allowed.LIBVCRUNTIME ref: 00007FF8BFB8333E
terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8BFB8334B

Part of subcall function 00007FF8BFB86710: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF8BFB8239E), ref: 00007FF8BFB8671E

terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8BFB835F9
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8BFB83644
std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF8BFB83679

Strings

csm, xrefs: 00007FF8BFB832E7
csm, xrefs: 00007FF8BFB83285
csm, xrefs: 00007FF8BFB83367

Memory Dump Source

Source File: 0000000B.00000002.2227563165.00007FF8BFB81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB80000, based on PE: true

Associated: 0000000B.00000002.2227543809.00007FF8BFB80000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227588075.00007FF8BFB91000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227703058.00007FF8BFB96000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227726183.00007FF8BFB97000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb80000_obs-ffmpeg-mux.jbxd

Similarity

API ID: abortterminate$Is_bad_exception_allowedstd::bad_alloc::bad_alloc
String ID: csm$csm$csm
API String ID: 211107550-393685449
Opcode ID: 1f2c6e9c8ad6c1917ecaa8d6efe9c468c91fc9baef10e6d9588306a72b9f3ebc
Instruction ID: 1542959659a5663cec8aa175234af273442f924243d733fe0a82547a0b794548
Opcode Fuzzy Hash: 1f2c6e9c8ad6c1917ecaa8d6efe9c468c91fc9baef10e6d9588306a72b9f3ebc
Instruction Fuzzy Hash: 8BE19F73A086828AE7109FACD4902AD7BA1FB84BC8F184136DF9D57796DF38E495C740

Function 00007FF8A7C01E20 Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 248COMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 00007FF8A7C02154

Strings

((src_linesize) >= 0 ? (src_linesize) : (-(src_linesize))) >= bytewidth, xrefs: 00007FF8A7C021A6
av_image_get_linesize failed, xrefs: 00007FF8A7C020D0
src/libavutil/imgutils.c, xrefs: 00007FF8A7C02167, 00007FF8A7C02197
((dst_linesize) >= 0 ? (dst_linesize) : (-(dst_linesize))) >= bytewidth, xrefs: 00007FF8A7C02176
Assertion %s failed at %s:%d, xrefs: 00007FF8A7C02182

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: memcpy
String ID: ((dst_linesize) >= 0 ? (dst_linesize) : (-(dst_linesize))) >= bytewidth$((src_linesize) >= 0 ? (src_linesize) : (-(src_linesize))) >= bytewidth$Assertion %s failed at %s:%d$av_image_get_linesize failed$src/libavutil/imgutils.c
API String ID: 3510742995-882259572
Opcode ID: 0f20995bfb48e77148fec557d5fbaa226202661854b0129ced2db76bb94dc692
Instruction ID: f5e54b2326ddbb4e1b9d72e827fa849edca1078fa5ee9e4204e61a5df33cd898
Opcode Fuzzy Hash: 0f20995bfb48e77148fec557d5fbaa226202661854b0129ced2db76bb94dc692
Instruction Fuzzy Hash: A1A1CE72A1AB959AEB14CF15A94016EB7A1FB88BD0F188035EF4D07B94DF3CE442E740

Function 00007FF8A7C01A70 Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 243COMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 00007FF8A7C01B99
memcpy.MSVCRT ref: 00007FF8A7C01D31
abort.MSVCRT ref: 00007FF8A7C01DF2

Strings

((src_linesize) >= 0 ? (src_linesize) : (-(src_linesize))) >= bytewidth, xrefs: 00007FF8A7C01DD6
av_image_get_linesize failed, xrefs: 00007FF8A7C01D93
src/libavutil/imgutils.c, xrefs: 00007FF8A7C01DC7, 00007FF8A7C01DF7
((dst_linesize) >= 0 ? (dst_linesize) : (-(dst_linesize))) >= bytewidth, xrefs: 00007FF8A7C01E06
Assertion %s failed at %s:%d, xrefs: 00007FF8A7C01DE2

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: memcpy$abort
String ID: ((dst_linesize) >= 0 ? (dst_linesize) : (-(dst_linesize))) >= bytewidth$((src_linesize) >= 0 ? (src_linesize) : (-(src_linesize))) >= bytewidth$Assertion %s failed at %s:%d$av_image_get_linesize failed$src/libavutil/imgutils.c
API String ID: 3629556515-882259572
Opcode ID: 720129b710e5ed98a497ce0c61193de95d3f52df19d8a310f2021f8bda355e19
Instruction ID: eb8a4e6d204579f16ab31e0a1af39f50ac573117fc603370cb657e829d239001
Opcode Fuzzy Hash: 720129b710e5ed98a497ce0c61193de95d3f52df19d8a310f2021f8bda355e19
Instruction Fuzzy Hash: D3A19F36A0AB859BDB658F15E44026EB7A0FB88BD0F148035EF8D43BA4DF3CE5429740

Function 00007FF8A7C0D5B0 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 145COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF8A7C0C1D0: strspn.MSVCRT ref: 00007FF8A7C0C1FC
Part of subcall function 00007FF8A7C0C1D0: strspn.MSVCRT ref: 00007FF8A7C0C245
Part of subcall function 00007FF8A7C0C1D0: strchr.MSVCRT ref: 00007FF8A7C0C25D
Part of subcall function 00007FF8A7C0C1D0: memcpy.MSVCRT ref: 00007FF8A7C0C28C

_aligned_free.MSVCRT ref: 00007FF8A7C0D678
_aligned_free.MSVCRT ref: 00007FF8A7C0D682
_aligned_free.MSVCRT ref: 00007FF8A7C0D72C
_aligned_free.MSVCRT ref: 00007FF8A7C0D736

Strings

Option '%s' not found, xrefs: 00007FF8A7C0D832
Unable to parse '%s': %s, xrefs: 00007FF8A7C0D7E3
Setting '%s' to value '%s', xrefs: 00007FF8A7C0D620
No option name near '%s', xrefs: 00007FF8A7C0D7FC

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _aligned_free$strspn$memcpystrchr
String ID: No option name near '%s'$Option '%s' not found$Setting '%s' to value '%s'$Unable to parse '%s': %s
API String ID: 2931229598-2003673103
Opcode ID: 5496a8e94afb4b653dcbea0521884cd186c85a6990d9a2e756bf1473de833a0d
Instruction ID: babe9a2c21dd3b8819a1ce7d82ba07b5cef48c41df17490394e365fe48a13839
Opcode Fuzzy Hash: 5496a8e94afb4b653dcbea0521884cd186c85a6990d9a2e756bf1473de833a0d
Instruction Fuzzy Hash: 2A519E36A0AB86A1EB618F15F8547AEA7A0FB847C4F404035EE8D07B99DF7CD045E780

Function 00007FF8A7C644C0 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 142COMMON

Download Yara Rule

APIs

abort.MSVCRT ref: 00007FF8A7C645DA

Strings

Assertion %s failed at %s:%d, xrefs: 00007FF8A7C645C6
src/libavutil/utils.c, xrefs: 00007FF8A7C645AF
. -_, xrefs: 00007FF8A7C6468B
[%d], xrefs: 00007FF8A7C64603
D, xrefs: 00007FF8A7C645CD
!"valid element size", xrefs: 00007FF8A7C645B6

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: abort
String ID: !"valid element size"$. -_$Assertion %s failed at %s:%d$D$[%d]$src/libavutil/utils.c
API String ID: 4206212132-1952739643
Opcode ID: 8dda062a40ab2f67f05643896e4bd6b922d436051c7bb03a64cbc94b01d14da1
Instruction ID: a4b2b301f478ac5519a726155a1e8f774a7949f830b4c87253f1640b6c803b7d
Opcode Fuzzy Hash: 8dda062a40ab2f67f05643896e4bd6b922d436051c7bb03a64cbc94b01d14da1
Instruction Fuzzy Hash: 545104B2E0AA5AA5EB208F11A54497D3B90FB55FC4F859035CE0E53784FE3CA795D300

Function 00007FF8BFB8BE24 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 111COMMON

Download Yara Rule

APIs

DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8BFD8

Part of subcall function 00007FF8BFB88C24: DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8913D
Part of subcall function 00007FF8BFB88C24: DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB89175

DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8BF8A

Strings

std::nullptr_t , xrefs: 00007FF8BFB8BF16
void , xrefs: 00007FF8BFB8BE96
cli::pin_ptr<, xrefs: 00007FF8BFB8BFA1
cli::array<, xrefs: 00007FF8BFB8BF57
void, xrefs: 00007FF8BFB8BE6E
std::nullptr_t, xrefs: 00007FF8BFB8BF03

Memory Dump Source

Source File: 0000000B.00000002.2227563165.00007FF8BFB81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB80000, based on PE: true

Associated: 0000000B.00000002.2227543809.00007FF8BFB80000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227588075.00007FF8BFB91000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227703058.00007FF8BFB96000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227726183.00007FF8BFB97000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb80000_obs-ffmpeg-mux.jbxd

Similarity

API ID: Name::operator+
String ID: cli::array<$cli::pin_ptr<$std::nullptr_t$std::nullptr_t $void$void
API String ID: 2943138195-2239912363
Opcode ID: e2dcc5ac231621b7bb9adceaede0f9dd180f9bba2b8fff5e7c5622460418e45f
Instruction ID: 62a6018308b4d67c254759c5f328e5506aae8002e6641cd06cbd69267843e90e
Opcode Fuzzy Hash: e2dcc5ac231621b7bb9adceaede0f9dd180f9bba2b8fff5e7c5622460418e45f
Instruction Fuzzy Hash: B8515D62E18B5699FB11CBB8D8852BC77B0BB98788F44853ADF4D12B96DF3CA444C710

Function 00007FF8BFB58AB0 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 68COMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 00007FF8BFB58B22
av_log.AVUTIL-58 ref: 00007FF8BFB58B83
abort.MSVCRT ref: 00007FF8BFB58B88

Strings

out->planar == in->planar, xrefs: 00007FF8BFB58BB9
Assertion %s failed at %s:%d, xrefs: 00007FF8BFB58B78
src/libswresample/swresample.c, xrefs: 00007FF8BFB58B5D, 00007FF8BFB58B8D, 00007FF8BFB58BAA
out->ch_count == in->ch_count, xrefs: 00007FF8BFB58B6C
out->bps == in->bps, xrefs: 00007FF8BFB58B9C

Memory Dump Source

Source File: 0000000B.00000002.2227411362.00007FF8BFB51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BFB50000, based on PE: true

Associated: 0000000B.00000002.2227392651.00007FF8BFB50000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227439652.00007FF8BFB69000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227461251.00007FF8BFB72000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227482039.00007FF8BFB73000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227501419.00007FF8BFB76000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227522561.00007FF8BFB77000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb50000_obs-ffmpeg-mux.jbxd

Similarity

API ID: abortav_logmemcpy
String ID: Assertion %s failed at %s:%d$out->bps == in->bps$out->ch_count == in->ch_count$out->planar == in->planar$src/libswresample/swresample.c
API String ID: 2496068414-3511948170
Opcode ID: b7f206457b9caba27af6789feee01ca3d186e054d088e26f0222d9f3267d756f
Instruction ID: 233e83b5c76a9cf5253617047d87c2b3d226544cfe92710e651a96db8483879c
Opcode Fuzzy Hash: b7f206457b9caba27af6789feee01ca3d186e054d088e26f0222d9f3267d756f
Instruction Fuzzy Hash: A021EFB6A09A46A6E720CF99E9550B9B3A8FB443D4F944232CF4C033A1DF3DF555CA00

Function 00007FF8BFBA63B0 Relevance: 13.7, APIs: 9, Instructions: 230COMMON

Download Yara Rule

APIs

__scrt_dllmain_crt_thread_attach.LIBCMT ref: 00007FF8BFBA63D8
__scrt_initialize_crt.LIBCMT ref: 00007FF8BFBA641D
__scrt_acquire_startup_lock.LIBCMT ref: 00007FF8BFBA642A
_RTC_Initialize.LIBCMT ref: 00007FF8BFBA6458
__scrt_dllmain_after_initialize_c.LIBCMT ref: 00007FF8BFBA647E
__scrt_release_startup_lock.LIBCMT ref: 00007FF8BFBA64A9

Memory Dump Source

Source File: 0000000B.00000002.2227771240.00007FF8BFBA1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8BFBA0000, based on PE: true

Associated: 0000000B.00000002.2227749170.00007FF8BFBA0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2227797863.00007FF8BFBA8000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2227819325.00007FF8BFBAC000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfba0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
String ID:
API String ID: 349153199-0
Opcode ID: 05d8b91213d8a4974e84562f7c7d5bb031e6d637f96e7ddce6b44401f1817edf
Instruction ID: 548069d657487b409e04fc9a90c20cad2dcaa244d492bf33d765814fea35c534
Opcode Fuzzy Hash: 05d8b91213d8a4974e84562f7c7d5bb031e6d637f96e7ddce6b44401f1817edf
Instruction Fuzzy Hash: 1F81B4A1E0C70786FA64ABED98412B963D2AF957C0F14A03DDB1D47796EF3CE8458700

Function 00007FF8A7BEFAD0 Relevance: 13.7, APIs: 9, Instructions: 221COMMON

Download Yara Rule

APIs

_aligned_free.MSVCRT ref: 00007FF8A7BEFBE6
_aligned_free.MSVCRT ref: 00007FF8A7BEFBF0
_aligned_free.MSVCRT ref: 00007FF8A7BEFC3D
_aligned_free.MSVCRT ref: 00007FF8A7BEFC45

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _aligned_free
String ID:
API String ID: 2229574080-0
Opcode ID: bb8437b69a084f07a8ed3204e31c2741436194e29f9f638b4584538b28a8ba08
Instruction ID: c492dd69ca7ab4b727b475fc3be227156891f6baeb8ef5e0b11cb5c156898c00
Opcode Fuzzy Hash: bb8437b69a084f07a8ed3204e31c2741436194e29f9f638b4584538b28a8ba08
Instruction Fuzzy Hash: 9C81D3B2A0A742A5EB949F16E45027EA7A0FF84BC0F144435EE8D47785EF3CE492E740

Function 00007FF8A7BEF080 Relevance: 13.7, APIs: 9, Instructions: 181COMMON

Download Yara Rule

APIs

_aligned_free.MSVCRT ref: 00007FF8A7BEF10E
_aligned_free.MSVCRT ref: 00007FF8A7BEF118
_aligned_free.MSVCRT ref: 00007FF8A7BEF157
_aligned_free.MSVCRT ref: 00007FF8A7BEF15F

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _aligned_free
String ID:
API String ID: 2229574080-0
Opcode ID: 01f721f6df29f9dd6bf7ef2f97b91fefc10836ccc23b581315bb421e2c98f023
Instruction ID: 48e65db637df153fa04a77c4c673f13ad4c6c256ef2dbf08a7e020cfecc68212
Opcode Fuzzy Hash: 01f721f6df29f9dd6bf7ef2f97b91fefc10836ccc23b581315bb421e2c98f023
Instruction Fuzzy Hash: 29618E76A0BA5665EFA59E15E41167E6390FF88BD8F044134EE8E477C2EF2CE442A340

Function 00007FF8A7C09D80 Relevance: 13.6, APIs: 2, Strings: 7, Instructions: 146stringCOMMON

Download Yara Rule

APIs

strcmp.MSVCRT ref: 00007FF8A7C099A4
strcmp.MSVCRT ref: 00007FF8A7C09DD7

Strings

I64_MAX, xrefs: 00007FF8A7C0A31A
I64_MIN, xrefs: 00007FF8A7C0A2CF
%lld, xrefs: 00007FF8A7C0A29D
INT_MIN, xrefs: 00007FF8A7C0A301
UINT32_MAX, xrefs: 00007FF8A7C0A2E8
INT_MAX, xrefs: 00007FF8A7C0A2B6
%-15s , xrefs: 00007FF8A7C099B0

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: strcmp
String ID: %-15s $%lld$I64_MAX$I64_MIN$INT_MAX$INT_MIN$UINT32_MAX
API String ID: 1004003707-1419900426
Opcode ID: 60724dc2eec3de23298e2ae44bcb11fdf03ae2348c3838bc2f08ec1f1516dc3e
Instruction ID: a09f20a9b882a3d1fdbfe19f0963899c34ac649933b5d89c46f2dec01bfff29a
Opcode Fuzzy Hash: 60724dc2eec3de23298e2ae44bcb11fdf03ae2348c3838bc2f08ec1f1516dc3e
Instruction Fuzzy Hash: 8E516A31A0A642B6EB609E21A1047BE2360EF81BD0F945232DA5D577D5CF7DE992E3C0

Function 00007FF6129E2160 Relevance: 13.6, APIs: 9, Instructions: 98COMMON

Download Yara Rule

APIs

pthread_mutex_lock.W32-PTHREADS ref: 00007FF6129E21BB
os_event_reset.OBS ref: 00007FF6129E21E7
pthread_mutex_unlock.W32-PTHREADS ref: 00007FF6129E21F3
os_event_wait.OBS ref: 00007FF6129E21FF
pthread_mutex_lock.W32-PTHREADS ref: 00007FF6129E220B
memcpy.VCRUNTIME140 ref: 00007FF6129E227B
memcpy.VCRUNTIME140 ref: 00007FF6129E228E
os_event_signal.OBS ref: 00007FF6129E22D1
pthread_mutex_unlock.W32-PTHREADS ref: 00007FF6129E22DD

Memory Dump Source

Source File: 0000000B.00000002.2221719961.00007FF6129E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6129E0000, based on PE: true

Associated: 0000000B.00000002.2221699491.00007FF6129E0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2221744703.00007FF6129E5000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2221759176.00007FF6129E6000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2221776644.00007FF6129E9000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6129e0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: memcpypthread_mutex_lockpthread_mutex_unlock$os_event_resetos_event_signalos_event_wait
String ID:
API String ID: 2918620995-0
Opcode ID: 2ecd02ec26d4cc9ba7addf2ffba6d2c38598a6939d4a4f97ceb40f02c73610ba
Instruction ID: 745320b6d645208e1b5ca2bf481acef570e1f345cfc374953dd5208332ce1a3a
Opcode Fuzzy Hash: 2ecd02ec26d4cc9ba7addf2ffba6d2c38598a6939d4a4f97ceb40f02c73610ba
Instruction Fuzzy Hash: DB414D72A18E8285D610DF27E4503B96760FB89FA8F440532EF8D8BB5BDFB8D1908700

Function 00007FF8A7C97C30 Relevance: 13.6, APIs: 9, Instructions: 96COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF8A7C97B90: EnterCriticalSection.KERNEL32(?,?,?,?,00007FF8A7C97EA7,?,?,?,?,?,?,?,?,00007FF8A7C21502), ref: 00007FF8A7C97BB6
Part of subcall function 00007FF8A7C97B90: LeaveCriticalSection.KERNEL32(?,?,00007FF8A7C97EA7,?,?,?,?,?,?,?,?,00007FF8A7C21502), ref: 00007FF8A7C97BDB

TryEnterCriticalSection.KERNEL32 ref: 00007FF8A7C97CB0
CloseHandle.KERNEL32(?,?,?,?,?,?,00007FF8A7C21817), ref: 00007FF8A7C97CF8
CloseHandle.KERNEL32(?,?,?,?,?,?,00007FF8A7C21817), ref: 00007FF8A7C97D02
LeaveCriticalSection.KERNEL32 ref: 00007FF8A7C97D07
DeleteCriticalSection.KERNEL32(?,?,?,?,?,?,00007FF8A7C21817), ref: 00007FF8A7C97D17
DeleteCriticalSection.KERNEL32(?,?,?,?,?,?,00007FF8A7C21817), ref: 00007FF8A7C97D1C
DeleteCriticalSection.KERNEL32(?,?,?,?,?,?,00007FF8A7C21817), ref: 00007FF8A7C97D23
free.MSVCRT ref: 00007FF8A7C97D28

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: CriticalSection$Delete$CloseEnterHandleLeave$free
String ID:
API String ID: 3899327206-0
Opcode ID: 2505bcbe3cd4d1a469b291fb81c03ba1909a3890b205137eb9b30536ece67948
Instruction ID: 9362c39a0c86d8db2efa29ed123cf64b8544ea77cabc02d4a96df6c0b49b85bc
Opcode Fuzzy Hash: 2505bcbe3cd4d1a469b291fb81c03ba1909a3890b205137eb9b30536ece67948
Instruction Fuzzy Hash: FF315A22A0AD22E1EB919F6298047BE2794FF45BE8F844631DD2E937D1DE3CD542E304

Function 00007FF6129E35E4 Relevance: 13.6, APIs: 9, Instructions: 94COMMON

Download Yara Rule

APIs

__scrt_initialize_crt.LIBCMT ref: 00007FF6129E35F8
__scrt_acquire_startup_lock.LIBCMT ref: 00007FF6129E360D
__scrt_release_startup_lock.LIBCMT ref: 00007FF6129E367B
_register_thread_local_exe_atexit_callback.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF6129E36C9
_get_initial_wide_environment.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF6129E36CE
__p___wargv.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF6129E36D6
__p___argc.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF6129E36DE
_cexit.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF6129E3700
_exit.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF6129E375A

Memory Dump Source

Source File: 0000000B.00000002.2221719961.00007FF6129E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6129E0000, based on PE: true

Associated: 0000000B.00000002.2221699491.00007FF6129E0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2221744703.00007FF6129E5000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2221759176.00007FF6129E6000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2221776644.00007FF6129E9000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6129e0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: __p___argc__p___wargv__scrt_acquire_startup_lock__scrt_initialize_crt__scrt_release_startup_lock_cexit_exit_get_initial_wide_environment_register_thread_local_exe_atexit_callback
String ID:
API String ID: 1184979102-0
Opcode ID: d1267e791b308d50114738cb6d3fcce0682459912f5f90b2ba963487117e6561
Instruction ID: 428cbe60c42d594ab6623418e15be520b1b9d95c4a4b3f24f479974c93615611
Opcode Fuzzy Hash: d1267e791b308d50114738cb6d3fcce0682459912f5f90b2ba963487117e6561
Instruction Fuzzy Hash: 46313D71A0CE0281EB14AB2FD4563B92391BF55FACF445834EA0DD72E3EEEDE4448614

Function 00007FF8A7C887A0 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 167COMMON

Download Yara Rule

APIs

VirtualQuery.KERNEL32 ref: 00007FF8A7C888B9

Strings

VirtualProtect failed with code 0x%x, xrefs: 00007FF8A7C889B2
Address %p has no image-section, xrefs: 00007FF8A7C88810, 00007FF8A7C88A20
Mingw-w64 runtime failure:, xrefs: 00007FF8A7C887D8
VirtualQuery failed for %d bytes at address %p, xrefs: 00007FF8A7C88A0C

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: QueryVirtual
String ID: VirtualProtect failed with code 0x%x$ VirtualQuery failed for %d bytes at address %p$Address %p has no image-section$Mingw-w64 runtime failure:
API String ID: 1804819252-1534286854
Opcode ID: a8cae70abf7ffee8518c3ea9921427e896fff9301f328d805a1cc0052b195cee
Instruction ID: 17502089697ad536eb635e2134183f3c44535591dfdc93a50a9ddb0f2ccd2a15
Opcode Fuzzy Hash: a8cae70abf7ffee8518c3ea9921427e896fff9301f328d805a1cc0052b195cee
Instruction Fuzzy Hash: 5361AE72B1AB42A6EB109F11E88426D77A1FB45BD0F544239EBAD477D5EE3CE580D300

Function 00007FF8BFB62290 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 167COMMON

Download Yara Rule

APIs

VirtualQuery.KERNEL32 ref: 00007FF8BFB623A9

Strings

Mingw-w64 runtime failure:, xrefs: 00007FF8BFB622C8
VirtualProtect failed with code 0x%x, xrefs: 00007FF8BFB624A2
Address %p has no image-section, xrefs: 00007FF8BFB62300, 00007FF8BFB62510
VirtualQuery failed for %d bytes at address %p, xrefs: 00007FF8BFB624FC

Memory Dump Source

Source File: 0000000B.00000002.2227411362.00007FF8BFB51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BFB50000, based on PE: true

Associated: 0000000B.00000002.2227392651.00007FF8BFB50000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227439652.00007FF8BFB69000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227461251.00007FF8BFB72000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227482039.00007FF8BFB73000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227501419.00007FF8BFB76000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227522561.00007FF8BFB77000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb50000_obs-ffmpeg-mux.jbxd

Similarity

API ID: QueryVirtual
String ID: VirtualProtect failed with code 0x%x$ VirtualQuery failed for %d bytes at address %p$Address %p has no image-section$Mingw-w64 runtime failure:
API String ID: 1804819252-1534286854
Opcode ID: 177a0442ffddc2d8412e742cb8e5249e265e09483f4b31c5fb5574984be0ec8a
Instruction ID: a1640eb021950a2c3daf9855610039eb626ab88aaacc8b2e76b881868e8e1293
Opcode Fuzzy Hash: 177a0442ffddc2d8412e742cb8e5249e265e09483f4b31c5fb5574984be0ec8a
Instruction Fuzzy Hash: 4E61CF32B09B42A6FB108F99E845669B7A0FB49BD4F448235EB5C47B90EE3CE484C700

Function 00007FF8BFB85F0A Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 162COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF8BFB863F0: RtlPcToFileHeader.KERNEL32 ref: 00007FF8BFB86434
Part of subcall function 00007FF8BFB863F0: RaiseException.KERNEL32 ref: 00007FF8BFB8647A

RtlPcToFileHeader.KERNEL32 ref: 00007FF8BFB85FA7
FindMITargetTypeInstance.LIBVCRUNTIME ref: 00007FF8BFB86003

Strings

Attempted a typeid of nullptr pointer!, xrefs: 00007FF8BFB860E5
Bad read pointer - no RTTI data!, xrefs: 00007FF8BFB86108
Bad dynamic_cast!, xrefs: 00007FF8BFB86072
Access violation - no RTTI data!, xrefs: 00007FF8BFB85F0A, 00007FF8BFB8612B

Memory Dump Source

Source File: 0000000B.00000002.2227563165.00007FF8BFB81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB80000, based on PE: true

Associated: 0000000B.00000002.2227543809.00007FF8BFB80000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227588075.00007FF8BFB91000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227703058.00007FF8BFB96000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227726183.00007FF8BFB97000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb80000_obs-ffmpeg-mux.jbxd

Similarity

API ID: FileHeader$ExceptionFindInstanceRaiseTargetType
String ID: Access violation - no RTTI data!$Attempted a typeid of nullptr pointer!$Bad dynamic_cast!$Bad read pointer - no RTTI data!
API String ID: 1852475696-928371585
Opcode ID: 7f6c35cefbfcfc98e88ebc0aa35afe6c2c6ede9eabcdb344d1914a97fbaad475
Instruction ID: d32f4f0aa600e8032ac7510b2150dcea80d767f76e03e96dbea36ed410b9ac5e
Opcode Fuzzy Hash: 7f6c35cefbfcfc98e88ebc0aa35afe6c2c6ede9eabcdb344d1914a97fbaad475
Instruction Fuzzy Hash: 7351C362B19A4692EE20DF9CE8906B96361FF84BD4F409435DB8D07766EF3CE505C700

Function 00007FF8BFB53F10 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 144COMMON

Download Yara Rule

APIs

av_free.AVUTIL-58 ref: 00007FF8BFB54056
av_log.AVUTIL-58 ref: 00007FF8BFB54139
abort.MSVCRT ref: 00007FF8BFB5413E

Strings

Assertion %s failed at %s:%d, xrefs: 00007FF8BFB5412E
src/libswresample/dither.c, xrefs: 00007FF8BFB54113, 00007FF8BFB5414B
*, xrefs: 00007FF8BFB5416A
s->dither.method < SWR_DITHER_NB, xrefs: 00007FF8BFB54152

Memory Dump Source

Source File: 0000000B.00000002.2227411362.00007FF8BFB51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BFB50000, based on PE: true

Associated: 0000000B.00000002.2227392651.00007FF8BFB50000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227439652.00007FF8BFB69000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227461251.00007FF8BFB72000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227482039.00007FF8BFB73000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227501419.00007FF8BFB76000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227522561.00007FF8BFB77000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb50000_obs-ffmpeg-mux.jbxd

Similarity

API ID: abortav_freeav_log
String ID: *$Assertion %s failed at %s:%d$s->dither.method < SWR_DITHER_NB$src/libswresample/dither.c
API String ID: 3300847756-1990850000
Opcode ID: ab30c3e9237167edfc00d8e6b718087be1c521b79e3897be0253280de5e0c4da
Instruction ID: 36cf6cff04ec9bf50c79797a130f9399cb93bcbec1659f6146f630b5705b0cec
Opcode Fuzzy Hash: ab30c3e9237167edfc00d8e6b718087be1c521b79e3897be0253280de5e0c4da
Instruction Fuzzy Hash: 46511872D18F4295EA26CBBC946217AF355EF563C4F548332D70E26694EF3DB08AC600

Function 00007FF8BFB8E148 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 127COMMON

Download Yara Rule

APIs

DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8E1BC
DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8E1CB
DName::operator+=.LIBVCRUNTIME ref: 00007FF8BFB8E2E8

Part of subcall function 00007FF8BFB8C3C8: DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8C459
Part of subcall function 00007FF8BFB8C3C8: DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8C492
Part of subcall function 00007FF8BFB8C3C8: DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8C7BB

DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8E26B
DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8E27B
DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8E325

Strings

{for , xrefs: 00007FF8BFB8E1F4

Memory Dump Source

Source File: 0000000B.00000002.2227563165.00007FF8BFB81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB80000, based on PE: true

Associated: 0000000B.00000002.2227543809.00007FF8BFB80000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227588075.00007FF8BFB91000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227703058.00007FF8BFB96000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227726183.00007FF8BFB97000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb80000_obs-ffmpeg-mux.jbxd

Similarity

API ID: Name::operator+$Name::operator+=
String ID: {for
API String ID: 179159573-864106941
Opcode ID: edc966f78679f2c80b6a90da374f91d2d358e76260b44eb27b7c84d8a506cb89
Instruction ID: d9aab5f11e3996da5c57b66349044b41bf7e1bd3e1c2c48d2c0c8ced17c69c6c
Opcode Fuzzy Hash: edc966f78679f2c80b6a90da374f91d2d358e76260b44eb27b7c84d8a506cb89
Instruction Fuzzy Hash: 3A515B72A08A85A9E7119FA8D4813EC77A1FB857C8F808035EB4C4BB9ADF7CD555C340

Function 00007FF8A7BFD650 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 101COMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32 ref: 00007FF8A7BFD6EA
free.MSVCRT ref: 00007FF8A7BFD6F3

Strings

Calling %s, xrefs: 00007FF8A7BFD695, 00007FF8A7BFD728
cu->cuDevicePrimaryCtxRelease(hwctx->internal->cuda_device), xrefs: 00007FF8A7BFD721, 00007FF8A7BFD76A
cu->cuCtxDestroy(hwctx->cuda_ctx), xrefs: 00007FF8A7BFD68E, 00007FF8A7BFD7DF
-> %s: %s, xrefs: 00007FF8A7BFD79E
%s failed, xrefs: 00007FF8A7BFD771

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: FreeLibraryfree
String ID: -> %s: %s$%s failed$Calling %s$cu->cuCtxDestroy(hwctx->cuda_ctx)$cu->cuDevicePrimaryCtxRelease(hwctx->internal->cuda_device)
API String ID: 155010425-3275200884
Opcode ID: 5bf74a7dc137a0c155993daea2b6d87e70908d77a28ad94112a4fe68d911b2e3
Instruction ID: 385a3de534df0f6a57794e3e8028e7d9799a20f514af6628d49ed95eab0f4ade
Opcode Fuzzy Hash: 5bf74a7dc137a0c155993daea2b6d87e70908d77a28ad94112a4fe68d911b2e3
Instruction Fuzzy Hash: 19415965A0BA86A2EB589F21E410BBE6361FB44BC4F844032DE9E17394CF7CE456E340

Function 00007FF8BFB56770 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 90COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF8BFB58F70: av_freep.AVUTIL-58 ref: 00007FF8BFB5909C

memcpy.MSVCRT ref: 00007FF8BFB56814
av_log.AVUTIL-58 ref: 00007FF8BFB56865
abort.MSVCRT ref: 00007FF8BFB5686A
av_freep.AVUTIL-58 ref: 00007FF8BFB56885

Strings

a->planar, xrefs: 00007FF8BFB56846
Assertion %s failed at %s:%d, xrefs: 00007FF8BFB56856
src/libswresample/resample.c, xrefs: 00007FF8BFB5683F

Memory Dump Source

Source File: 0000000B.00000002.2227411362.00007FF8BFB51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BFB50000, based on PE: true

Associated: 0000000B.00000002.2227392651.00007FF8BFB50000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227439652.00007FF8BFB69000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227461251.00007FF8BFB72000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227482039.00007FF8BFB73000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227501419.00007FF8BFB76000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227522561.00007FF8BFB77000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb50000_obs-ffmpeg-mux.jbxd

Similarity

API ID: av_freep$abortav_logmemcpy
String ID: Assertion %s failed at %s:%d$a->planar$src/libswresample/resample.c
API String ID: 932020481-1037444191
Opcode ID: 2fed7eb9d3f7d8d6d6ab3b2d75b72cd75ee98cc0c08d437b01389e601e0e5f9a
Instruction ID: 9a25b592f03a3b0d0954eaaddd7971b069af8aa54a42fb5e618c366409c241b3
Opcode Fuzzy Hash: 2fed7eb9d3f7d8d6d6ab3b2d75b72cd75ee98cc0c08d437b01389e601e0e5f9a
Instruction Fuzzy Hash: 0431E033F052829BEB25DBA998511BDB3A2FB88799F498135DF094B745DE3CE602C740

Function 00007FF8A7C89860 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 89stringCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 00007FF8A7C89878
_errno.MSVCRT ref: 00007FF8A7C89897
rand.MSVCRT ref: 00007FF8A7C89910
_sopen.MSVCRT ref: 00007FF8A7C8995F
_errno.MSVCRT ref: 00007FF8A7C89970

Strings

XXXX, xrefs: 00007FF8A7C8988F
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789, xrefs: 00007FF8A7C898FE

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _errno$_sopenrandstrlen
String ID: XXXX$abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789
API String ID: 1081397658-1416102993
Opcode ID: 7ac93ad39a8cb676dc86535b40274021b571b1fd82cfda16182900e2eb2af889
Instruction ID: fb33df12a70f887c5002c8ac1ce95a0007d72291cae2c139b9f311e44833d0e5
Opcode Fuzzy Hash: 7ac93ad39a8cb676dc86535b40274021b571b1fd82cfda16182900e2eb2af889
Instruction Fuzzy Hash: 003198A3E0B553BAFB619E249D0017C5A90EB457E6F898231CE0C477C0EE3DE802E310

Function 00007FF8A7C0C1D0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 89stringCOMMON

Download Yara Rule

APIs

strspn.MSVCRT ref: 00007FF8A7C0C1FC
strspn.MSVCRT ref: 00007FF8A7C0C245
strchr.MSVCRT ref: 00007FF8A7C0C25D
memcpy.MSVCRT ref: 00007FF8A7C0C28C

Strings

ambisonic , xrefs: 00007FF8A7C0C1D7
, xrefs: 00007FF8A7C0C1EF, 00007FF8A7C0C23B

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: strspn$memcpystrchr
String ID: $ambisonic
API String ID: 2918080867-3257024572
Opcode ID: 0f5482def2ad202852d1b32bcf54bb77238b5e8d6a621b367dc68f81b01bffa8
Instruction ID: b21f6c8499cd69d6f73cdb2ea75f6a7157d5e7f30bb244d2c61d54ef5da4ffae
Opcode Fuzzy Hash: 0f5482def2ad202852d1b32bcf54bb77238b5e8d6a621b367dc68f81b01bffa8
Instruction Fuzzy Hash: 6B310523B0AA42A0EB309F7599501FE2791EF497D4F488032EE1D97B85EE3CE142E240

Function 00007FF8BFB868AC Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 88libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(?,?,?,00007FF8BFB86A6B,?,?,00000000,00007FF8BFB8689C,?,?,?,?,00007FF8BFB865E5), ref: 00007FF8BFB86931
GetLastError.KERNEL32(?,?,?,00007FF8BFB86A6B,?,?,00000000,00007FF8BFB8689C,?,?,?,?,00007FF8BFB865E5), ref: 00007FF8BFB8693F
wcsncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF8BFB86A6B,?,?,00000000,00007FF8BFB8689C,?,?,?,?,00007FF8BFB865E5), ref: 00007FF8BFB86958
LoadLibraryExW.KERNEL32(?,?,?,00007FF8BFB86A6B,?,?,00000000,00007FF8BFB8689C,?,?,?,?,00007FF8BFB865E5), ref: 00007FF8BFB8696A
FreeLibrary.KERNEL32(?,?,?,00007FF8BFB86A6B,?,?,00000000,00007FF8BFB8689C,?,?,?,?,00007FF8BFB865E5), ref: 00007FF8BFB869B0
GetProcAddress.KERNEL32(?,?,?,00007FF8BFB86A6B,?,?,00000000,00007FF8BFB8689C,?,?,?,?,00007FF8BFB865E5), ref: 00007FF8BFB869BC

Strings

api-ms-, xrefs: 00007FF8BFB86951

Memory Dump Source

Source File: 0000000B.00000002.2227563165.00007FF8BFB81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB80000, based on PE: true

Associated: 0000000B.00000002.2227543809.00007FF8BFB80000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227588075.00007FF8BFB91000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227703058.00007FF8BFB96000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227726183.00007FF8BFB97000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb80000_obs-ffmpeg-mux.jbxd

Similarity

API ID: Library$Load$AddressErrorFreeLastProcwcsncmp
String ID: api-ms-
API String ID: 916704608-2084034818
Opcode ID: 45bb9c456b18d615664943834e4003b355ea3ec7f5874fc1f64106649d67ca5c
Instruction ID: a9f4bc84fae163994e6a63c5eb242186ebe8f882cc15f44d07dc5421ec7d0e92
Opcode Fuzzy Hash: 45bb9c456b18d615664943834e4003b355ea3ec7f5874fc1f64106649d67ca5c
Instruction Fuzzy Hash: 48319421A1A69191EE15DB8AE8005B56395FF88BE0F594539DF2D0B395DF3CE944C700

Function 00007FF8A7BF0D30 Relevance: 12.2, APIs: 8, Instructions: 150COMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 00007FF8A7BF0E09
memcpy.MSVCRT ref: 00007FF8A7BF0E31
memcpy.MSVCRT ref: 00007FF8A7BF0E64
_aligned_free.MSVCRT ref: 00007FF8A7BF0EFD
_aligned_free.MSVCRT ref: 00007FF8A7BF0F22
_aligned_free.MSVCRT ref: 00007FF8A7BF0F2B
_aligned_free.MSVCRT ref: 00007FF8A7BF0F34
_aligned_free.MSVCRT ref: 00007FF8A7BF0F3C

Part of subcall function 00007FF8A7BF09B0: _aligned_free.MSVCRT ref: 00007FF8A7BF0AA6
Part of subcall function 00007FF8A7BF09B0: _aligned_free.MSVCRT ref: 00007FF8A7BF0ADD
Part of subcall function 00007FF8A7BF09B0: _aligned_free.MSVCRT ref: 00007FF8A7BF0AFA
Part of subcall function 00007FF8A7BF09B0: _aligned_free.MSVCRT ref: 00007FF8A7BF0B03
Part of subcall function 00007FF8A7BF09B0: _aligned_free.MSVCRT ref: 00007FF8A7BF0B0C
Part of subcall function 00007FF8A7BF09B0: _aligned_free.MSVCRT ref: 00007FF8A7BF0B14
Part of subcall function 00007FF8A7BF09B0: _aligned_free.MSVCRT ref: 00007FF8A7BF0B1D
Part of subcall function 00007FF8A7BF09B0: _aligned_free.MSVCRT ref: 00007FF8A7BF0B27
Part of subcall function 00007FF8A7BF09B0: _aligned_free.MSVCRT ref: 00007FF8A7BF0B31

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _aligned_free$memcpy
String ID:
API String ID: 2399556850-0
Opcode ID: 3c9d650dbb13996a3ec22da08a15398705cb45436fe499cb8ebfbe706efbcf1e
Instruction ID: 9f14a77ce804e3a8246355e9f87e2e510138db36a26cc872041b8f5e7047ab0f
Opcode Fuzzy Hash: 3c9d650dbb13996a3ec22da08a15398705cb45436fe499cb8ebfbe706efbcf1e
Instruction Fuzzy Hash: 53519F76F1AA5595EB549F15E44436DA7A0FB88FC4F044035EE8E07BA5DF7CE842A300

Function 00007FF8BFB827CC Relevance: 12.1, APIs: 8, Instructions: 148COMMON

Download Yara Rule

APIs

abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8BFB82886
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8BFB828A5
__AdjustPointer.LIBCMT ref: 00007FF8BFB828E6
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8BFB828F3
__AdjustPointer.LIBCMT ref: 00007FF8BFB8292F
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8BFB82944
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8BFB82989
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8BFB82990

Memory Dump Source

Source File: 0000000B.00000002.2227563165.00007FF8BFB81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB80000, based on PE: true

Associated: 0000000B.00000002.2227543809.00007FF8BFB80000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227588075.00007FF8BFB91000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227703058.00007FF8BFB96000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227726183.00007FF8BFB97000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb80000_obs-ffmpeg-mux.jbxd

Similarity

API ID: abort$AdjustPointer
String ID:
API String ID: 1501936508-0
Opcode ID: ad7bbbe6b4c289a22ae1e43e79ef4439cf3ee9b14764b2eff01f06dd25f3f236
Instruction ID: f46a53b4d0226a3741fda8fb53a49cfb6715db3640ba9c53e24bf2b91c2885b8
Opcode Fuzzy Hash: ad7bbbe6b4c289a22ae1e43e79ef4439cf3ee9b14764b2eff01f06dd25f3f236
Instruction Fuzzy Hash: 27515A61E0AA9381FE699BDDD9446387795AF84BD0F098439DB4D06B96DF3CE442C300

Function 00007FF8BFB825E8 Relevance: 12.1, APIs: 8, Instructions: 148COMMON

Download Yara Rule

APIs

abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8BFB826A0
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8BFB826BE
__AdjustPointer.LIBCMT ref: 00007FF8BFB826FF
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8BFB8270C
__AdjustPointer.LIBCMT ref: 00007FF8BFB82748
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8BFB8275D
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8BFB827A2
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8BFB827A9

Memory Dump Source

Source File: 0000000B.00000002.2227563165.00007FF8BFB81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB80000, based on PE: true

Associated: 0000000B.00000002.2227543809.00007FF8BFB80000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227588075.00007FF8BFB91000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227703058.00007FF8BFB96000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227726183.00007FF8BFB97000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb80000_obs-ffmpeg-mux.jbxd

Similarity

API ID: abort$AdjustPointer
String ID:
API String ID: 1501936508-0
Opcode ID: d386002f74db6febb42ef9b4bac4e43e25a554ab645870d9c47f674d5a84533b
Instruction ID: e2b19baa4bc2bb157625f640f8093f8e907efe78899ab47e3eb4fd2f138cfa41
Opcode Fuzzy Hash: d386002f74db6febb42ef9b4bac4e43e25a554ab645870d9c47f674d5a84533b
Instruction Fuzzy Hash: 37517C25A0AA5282FE669F9ED5446387394AFD5FD4F098436CF4E06B96DE3CE842C300

Function 00007FF8A7C9BC90 Relevance: 12.1, APIs: 8, Instructions: 89timethreadCOMMON

Download Yara Rule

APIs

QueryPerformanceFrequency.KERNEL32 ref: 00007FF8A7C9BCBD
QueryPerformanceCounter.KERNEL32 ref: 00007FF8A7C9BCD0
GetCurrentThread.KERNEL32 ref: 00007FF8A7C9BD39
GetThreadTimes.KERNEL32 ref: 00007FF8A7C9BD5B
GetCurrentProcess.KERNEL32 ref: 00007FF8A7C9BDA8
GetProcessTimes.KERNEL32 ref: 00007FF8A7C9BDCA
_errno.MSVCRT ref: 00007FF8A7C9BDD4
GetSystemTimeAsFileTime.KERNEL32 ref: 00007FF8A7C9BDF5

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: CurrentPerformanceProcessQueryThreadTimeTimes$CounterFileFrequencySystem_errno
String ID:
API String ID: 3786581644-0
Opcode ID: d139243207ebbece3588048b73cc12c1a18ec046571d34b62e2ee2edf8e95ea4
Instruction ID: a5e8637558d42ccb20884043b2367fe39b9ce42fee105fd760f217c89aa57871
Opcode Fuzzy Hash: d139243207ebbece3588048b73cc12c1a18ec046571d34b62e2ee2edf8e95ea4
Instruction Fuzzy Hash: 4D31D3B2B1AA46E2DF948F25E41017E6365EB80BC4F40913ADA8E46B5CEF3CD444DB00

Function 00007FF8A7C11C90 Relevance: 12.1, APIs: 2, Strings: 6, Instructions: 85stringCOMMON

Download Yara Rule

APIs

strcmp.MSVCRT ref: 00007FF8A7C11D24

Strings

%s%s, xrefs: 00007FF8A7C11D63
rgb32, xrefs: 00007FF8A7C11C9A
yuv420p, xrefs: 00007FF8A7C11CE5, 00007FF8A7C11D74
bgra, xrefs: 00007FF8A7C11D40
rgba, xrefs: 00007FF8A7C11CD3
bgr32, xrefs: 00007FF8A7C11CC3

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: strcmp
String ID: %s%s$bgr32$bgra$rgb32$rgba$yuv420p
API String ID: 1004003707-3566121812
Opcode ID: 98d685d57b4154a566717737cbd7b33df6296256410a4f9ae653ec1de5376476
Instruction ID: f6db96d3221d5c43067bd6f3313625da08e78a562cc11caccd3fdb5b97909566
Opcode Fuzzy Hash: 98d685d57b4154a566717737cbd7b33df6296256410a4f9ae653ec1de5376476
Instruction Fuzzy Hash: 5D315E61F1A902B6FF62AF12A9112BD1359EF91BC4F880132DE0E57790FE6CE605E300

Function 00007FF8A7BE6810 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 226COMMON

Download Yara Rule

Strings

tail_len <= 5, xrefs: 00007FF8A7BE69FD
Assertion %s failed at %s:%d, xrefs: 00007FF8A7BE6A0D
src/libavutil/avstring.c, xrefs: 00007FF8A7BE69F6

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID: Assertion %s failed at %s:%d$src/libavutil/avstring.c$tail_len <= 5
API String ID: 0-789252298
Opcode ID: 329d394584cb3486badaf9e4265f6a7098fb55d9a784c86af4291aec6c9427e0
Instruction ID: 80ff2be292bfcd580b80c940d729d840101f7d554e5d8327bad5125fa91df1e2
Opcode Fuzzy Hash: 329d394584cb3486badaf9e4265f6a7098fb55d9a784c86af4291aec6c9427e0
Instruction Fuzzy Hash: F87102B3E0F64261EB668E24652477D2591FF057E8F489232EE6E067C4FD7DA842E300

Function 00007FF8A7BFAF20 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 189COMMON

Download Yara Rule

Strings

Failed to map frame into derived frame context: %d., xrefs: 00007FF8A7BFB1DD
src/libavutil/hwcontext.c, xrefs: 00007FF8A7BFB115
Assertion %s failed at %s:%d, xrefs: 00007FF8A7BFB12C
orig_dst_frames == ((void *)0) || orig_dst_frames == dst->hw_frames_ctx, xrefs: 00007FF8A7BFB11C
Invalid mapping found when attempting unmap., xrefs: 00007FF8A7BFB0F6

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID: Assertion %s failed at %s:%d$Failed to map frame into derived frame context: %d.$Invalid mapping found when attempting unmap.$orig_dst_frames == ((void *)0) || orig_dst_frames == dst->hw_frames_ctx$src/libavutil/hwcontext.c
API String ID: 0-1886799933
Opcode ID: 7de98eef6f36daff8acd38367cc58669d168e51f435deb3ddf0eda039419a1c9
Instruction ID: ceca00b02389227dc0e01c8879d61ead28d67a4a6eb17d0c675d4f2d46e8f88a
Opcode Fuzzy Hash: 7de98eef6f36daff8acd38367cc58669d168e51f435deb3ddf0eda039419a1c9
Instruction Fuzzy Hash: 9471A0B2A0AB46E1EB508F26D454A6F67A0FB44FD4F444136DE9D873A0EE78E442E740

Function 00007FF8A7C05342 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 148stringCOMMON

Download Yara Rule

APIs

strcmp.MSVCRT ref: 00007FF8A7C04F79
strcpy.MSVCRT ref: 00007FF8A7C04FC5
strlen.MSVCRT ref: 00007FF8A7C052C6

Strings

verbose, xrefs: 00007FF8A7C05342
Last message repeated %d times, xrefs: 00007FF8A7C04FA2
[%s] , xrefs: 00007FF8A7C05316
%s%s%s%s, xrefs: 00007FF8A7C04F2A
?, xrefs: 00007FF8A7C050A8

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: strcmpstrcpystrlen
String ID: Last message repeated %d times$%s%s%s%s$?$[%s] $verbose
API String ID: 895318938-125437466
Opcode ID: 111cff4ae6d6aba25a1bf3a452fafae3e172758b0fbde44d0ea9f4480844efc2
Instruction ID: 9aedf86e9a172545055424a5b42c5e5820effb12d0018397c5925bdb585d2f48
Opcode Fuzzy Hash: 111cff4ae6d6aba25a1bf3a452fafae3e172758b0fbde44d0ea9f4480844efc2
Instruction Fuzzy Hash: 8B61A261D0E68A66EB609F11B4107FE67A2FF867C4F804036DA8D17286DE3DE546E7C0

Function 00007FF8A7C05339 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 148stringCOMMON

Download Yara Rule

APIs

strcmp.MSVCRT ref: 00007FF8A7C04F79
strcpy.MSVCRT ref: 00007FF8A7C04FC5
strlen.MSVCRT ref: 00007FF8A7C052C6

Strings

Last message repeated %d times, xrefs: 00007FF8A7C04FA2
[%s] , xrefs: 00007FF8A7C05316
fatal, xrefs: 00007FF8A7C05339
%s%s%s%s, xrefs: 00007FF8A7C04F2A
?, xrefs: 00007FF8A7C050A8

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: strcmpstrcpystrlen
String ID: Last message repeated %d times$%s%s%s%s$?$[%s] $fatal
API String ID: 895318938-1232420508
Opcode ID: e43060acaf70824709399effa99a617178f79ba8015f1816a65e9df156666156
Instruction ID: 182e9a61cf89a89046665f56aae88910393c44c79c52eb20913b0d54e17bd543
Opcode Fuzzy Hash: e43060acaf70824709399effa99a617178f79ba8015f1816a65e9df156666156
Instruction Fuzzy Hash: A461A261D0E68A66EB609F11B4107FE67A1FF867C4F804036DA8D17286DE3DE546E7C0

Function 00007FF8A7C05354 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 148stringCOMMON

Download Yara Rule

APIs

strcmp.MSVCRT ref: 00007FF8A7C04F79
strcpy.MSVCRT ref: 00007FF8A7C04FC5
strlen.MSVCRT ref: 00007FF8A7C052C6

Strings

warning, xrefs: 00007FF8A7C05354
Last message repeated %d times, xrefs: 00007FF8A7C04FA2
[%s] , xrefs: 00007FF8A7C05316
%s%s%s%s, xrefs: 00007FF8A7C04F2A
?, xrefs: 00007FF8A7C050A8

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: strcmpstrcpystrlen
String ID: Last message repeated %d times$%s%s%s%s$?$[%s] $warning
API String ID: 895318938-1705345410
Opcode ID: b34cf2a9aa40cf4703508ede8532485c6d2ea4047648aeaf1220a8223c5c525f
Instruction ID: 1c7f4d74c5914f7d1014314f13302ff1dee6cf007df0d05c01e294ee176b8e40
Opcode Fuzzy Hash: b34cf2a9aa40cf4703508ede8532485c6d2ea4047648aeaf1220a8223c5c525f
Instruction Fuzzy Hash: E961A261D0E68A66EB609F11B4107FE67A1FF867C4F804036DA8D17286DE3DE546E7C0

Function 00007FF8A7C0534B Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 148stringCOMMON

Download Yara Rule

APIs

strcmp.MSVCRT ref: 00007FF8A7C04F79
strcpy.MSVCRT ref: 00007FF8A7C04FC5
strlen.MSVCRT ref: 00007FF8A7C052C6

Strings

Last message repeated %d times, xrefs: 00007FF8A7C04FA2
[%s] , xrefs: 00007FF8A7C05316
%s%s%s%s, xrefs: 00007FF8A7C04F2A
?, xrefs: 00007FF8A7C050A8
info, xrefs: 00007FF8A7C0534B

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: strcmpstrcpystrlen
String ID: Last message repeated %d times$%s%s%s%s$?$[%s] $info
API String ID: 895318938-3747654419
Opcode ID: 1be4c7bd4cf85f2f8b6acf3c87bb03881b465a4d7c3eb98ae2da582cd249990e
Instruction ID: 60dd8ed6704c296ea7c21f3811cf947e5589373c4391833ba5bf796a0d8342b1
Opcode Fuzzy Hash: 1be4c7bd4cf85f2f8b6acf3c87bb03881b465a4d7c3eb98ae2da582cd249990e
Instruction Fuzzy Hash: C661A261D0E68A66EB609F11B4107FE67A1FF867C4F804036DA8D17286DE3DE546E7C0

Function 00007FF8A7C05366 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 148stringCOMMON

Download Yara Rule

APIs

strcmp.MSVCRT ref: 00007FF8A7C04F79
strcpy.MSVCRT ref: 00007FF8A7C04FC5
strlen.MSVCRT ref: 00007FF8A7C052C6

Strings

Last message repeated %d times, xrefs: 00007FF8A7C04FA2
[%s] , xrefs: 00007FF8A7C05316
debug, xrefs: 00007FF8A7C05366
%s%s%s%s, xrefs: 00007FF8A7C04F2A
?, xrefs: 00007FF8A7C050A8

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: strcmpstrcpystrlen
String ID: Last message repeated %d times$%s%s%s%s$?$[%s] $debug
API String ID: 895318938-486550452
Opcode ID: ca6cd3af04bd65ff9df01a8aa6ed36bed15bcb452fe8f5dd11deeb11099c855e
Instruction ID: 28af3d8460ff4a41d5654c2f6d2682aa7877d8ddedeae602a1240feddb8b245d
Opcode Fuzzy Hash: ca6cd3af04bd65ff9df01a8aa6ed36bed15bcb452fe8f5dd11deeb11099c855e
Instruction Fuzzy Hash: 3361A261D0E68A66EB609F11B4107FE67A1FF867C4F804036DA8D17286DE3DE546E7C0

Function 00007FF8A7C0535D Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 148stringCOMMON

Download Yara Rule

APIs

strcmp.MSVCRT ref: 00007FF8A7C04F79
strcpy.MSVCRT ref: 00007FF8A7C04FC5
strlen.MSVCRT ref: 00007FF8A7C052C6

Strings

Last message repeated %d times, xrefs: 00007FF8A7C04FA2
[%s] , xrefs: 00007FF8A7C05316
trace, xrefs: 00007FF8A7C0535D
%s%s%s%s, xrefs: 00007FF8A7C04F2A
?, xrefs: 00007FF8A7C050A8

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: strcmpstrcpystrlen
String ID: Last message repeated %d times$%s%s%s%s$?$[%s] $trace
API String ID: 895318938-1090435506
Opcode ID: 3a7e4ea2ce39469d736bb449845fd121ad088e9476b66ab627605bef7bb8b932
Instruction ID: 3dc496e2f0e1cc6cbd34bf485e16884e7476674c62c124bd45707c210c8d169b
Opcode Fuzzy Hash: 3a7e4ea2ce39469d736bb449845fd121ad088e9476b66ab627605bef7bb8b932
Instruction Fuzzy Hash: 9061A261D0E68A66EB609F11B4107FE67A2FF867C4F804036DA8D17286DE3DE546E7C0

Function 00007FF8A7C05327 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 148stringCOMMON

Download Yara Rule

APIs

strcmp.MSVCRT ref: 00007FF8A7C04F79
strcpy.MSVCRT ref: 00007FF8A7C04FC5
strlen.MSVCRT ref: 00007FF8A7C052C6

Strings

Last message repeated %d times, xrefs: 00007FF8A7C04FA2
[%s] , xrefs: 00007FF8A7C05316
%s%s%s%s, xrefs: 00007FF8A7C04F2A
?, xrefs: 00007FF8A7C050A8
panic, xrefs: 00007FF8A7C05327

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: strcmpstrcpystrlen
String ID: Last message repeated %d times$%s%s%s%s$?$[%s] $panic
API String ID: 895318938-4009946497
Opcode ID: 0b1fd8db72d8f79bd2880fc2ae61cae8c81ef59cf9502c5cc70fc41dd9ef4533
Instruction ID: 1c1716af7a114a03d0379bd9ceb3e9ce6928aebb6d035e37879985a775bb0668
Opcode Fuzzy Hash: 0b1fd8db72d8f79bd2880fc2ae61cae8c81ef59cf9502c5cc70fc41dd9ef4533
Instruction Fuzzy Hash: 9661A261D0E68A66EB609F11B4107FE67A1FF867C4F804036DA8D17286DE3DE546E7C0

Function 00007FF8A7C05330 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 148stringCOMMON

Download Yara Rule

APIs

strcmp.MSVCRT ref: 00007FF8A7C04F79
strcpy.MSVCRT ref: 00007FF8A7C04FC5
strlen.MSVCRT ref: 00007FF8A7C052C6

Strings

Last message repeated %d times, xrefs: 00007FF8A7C04FA2
[%s] , xrefs: 00007FF8A7C05316
%s%s%s%s, xrefs: 00007FF8A7C04F2A
?, xrefs: 00007FF8A7C050A8
error, xrefs: 00007FF8A7C05330

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: strcmpstrcpystrlen
String ID: Last message repeated %d times$%s%s%s%s$?$[%s] $error
API String ID: 895318938-746115170
Opcode ID: 57478434a447384fa94a03ff1bade18b8ff03ea6d8e4a2e89f8b75d2d60d4bc3
Instruction ID: e9e70f69fdf142d84edab2933a21541dec383f7e4c71cca570a0e76b7c6ad6aa
Opcode Fuzzy Hash: 57478434a447384fa94a03ff1bade18b8ff03ea6d8e4a2e89f8b75d2d60d4bc3
Instruction Fuzzy Hash: FD61A261D0E68A66EB609F11B4107FE67A2FF867C4F804036DA8D17286DE3DE546E7C0

Function 00007FF8BFB85520 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 132COMMON

Download Yara Rule

APIs

RtlPcToFileHeader.KERNEL32 ref: 00007FF8BFB855E9
_local_unwind.LIBVCRUNTIME ref: 00007FF8BFB8568C

Strings

csm, xrefs: 00007FF8BFB85584
csm, xrefs: 00007FF8BFB856D0
MOC, xrefs: 00007FF8BFB85562
RCC, xrefs: 00007FF8BFB8556E

Memory Dump Source

Source File: 0000000B.00000002.2227563165.00007FF8BFB81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB80000, based on PE: true

Associated: 0000000B.00000002.2227543809.00007FF8BFB80000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227588075.00007FF8BFB91000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227703058.00007FF8BFB96000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227726183.00007FF8BFB97000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb80000_obs-ffmpeg-mux.jbxd

Similarity

API ID: FileHeader_local_unwind
String ID: MOC$RCC$csm$csm
API String ID: 2627209546-1441736206
Opcode ID: 385ada566cdd30ad99b7ac5e1d5c8025a7264eea7c22efa234297d7bd0e399d8
Instruction ID: f86054bcf62643f1762f3efe51d0fa645309f139cc8ae3aaf077c315fe105312
Opcode Fuzzy Hash: 385ada566cdd30ad99b7ac5e1d5c8025a7264eea7c22efa234297d7bd0e399d8
Instruction Fuzzy Hash: 23518B76A0964286EB609FA9D84177927A0FFC4BE4F142035EF4C4238BEE3CE841CB41

Function 00007FF8BFB5AC80 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 92COMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 00007FF8BFB5AD29
av_log.AVUTIL-58 ref: 00007FF8BFB5AD9C

Strings

adding %d audio samples of silence, xrefs: 00007FF8BFB5AD8D

Memory Dump Source

Source File: 0000000B.00000002.2227411362.00007FF8BFB51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BFB50000, based on PE: true

Associated: 0000000B.00000002.2227392651.00007FF8BFB50000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227439652.00007FF8BFB69000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227461251.00007FF8BFB72000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227482039.00007FF8BFB73000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227501419.00007FF8BFB76000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227522561.00007FF8BFB77000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb50000_obs-ffmpeg-mux.jbxd

Similarity

API ID: av_logmemset
String ID: adding %d audio samples of silence
API String ID: 1585849880-1798122562
Opcode ID: 43dec4429a85b2510075a362c729a0e6794df002455a30ccca771920209cc6fe
Instruction ID: 45c2fa4628bab721d53bb5d961792b68ed9b39815f0724f5d701f287548af3b8
Opcode Fuzzy Hash: 43dec4429a85b2510075a362c729a0e6794df002455a30ccca771920209cc6fe
Instruction Fuzzy Hash: 6A310122B0826256F755A69AA069FAAA34DFB84BC1F404037DF0CA7BC6CE3CF501C744

Function 00007FF8BFB8D740 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 89COMMON

Download Yara Rule

APIs

atol.API-MS-WIN-CRT-CONVERT-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF8BFB8CE14), ref: 00007FF8BFB8D803
DName::DName.LIBVCRUNTIME ref: 00007FF8BFB8D822

Strings

`template-parameter, xrefs: 00007FF8BFB8D830
void, xrefs: 00007FF8BFB8D786

Memory Dump Source

Source File: 0000000B.00000002.2227563165.00007FF8BFB81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB80000, based on PE: true

Associated: 0000000B.00000002.2227543809.00007FF8BFB80000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227588075.00007FF8BFB91000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227703058.00007FF8BFB96000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227726183.00007FF8BFB97000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb80000_obs-ffmpeg-mux.jbxd

Similarity

API ID: NameName::atol
String ID: `template-parameter$void
API String ID: 2130343216-4057429177
Opcode ID: 2821a58495c29764098872c6b010649cccddcb6c42941e500fb92a9452cac6b1
Instruction ID: 2749fdc2c3cb853701163d5588712d01b2ae13ccb7c86b426d0034fbdb036696
Opcode Fuzzy Hash: 2821a58495c29764098872c6b010649cccddcb6c42941e500fb92a9452cac6b1
Instruction Fuzzy Hash: 7041F662F08B5698FB009BA9D8512AC23B1BB887C8F54513ADF0D26B6ADF78A545C350

Function 00007FF8BFB88624 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 85COMMON

Download Yara Rule

APIs

DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB886DB

Strings

..., xrefs: 00007FF8BFB88724
,<ellipsis>, xrefs: 00007FF8BFB886B8
,..., xrefs: 00007FF8BFB886A8
<ellipsis>, xrefs: 00007FF8BFB88734
void, xrefs: 00007FF8BFB88759

Memory Dump Source

Source File: 0000000B.00000002.2227563165.00007FF8BFB81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB80000, based on PE: true

Associated: 0000000B.00000002.2227543809.00007FF8BFB80000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227588075.00007FF8BFB91000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227703058.00007FF8BFB96000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227726183.00007FF8BFB97000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb80000_obs-ffmpeg-mux.jbxd

Similarity

API ID: Name::operator+
String ID: ,...$,<ellipsis>$...$<ellipsis>$void
API String ID: 2943138195-2211150622
Opcode ID: 16d5b7056506ac1aa3be62c87a897449e0af35361c1a5b370ad614f7e7c3f2e7
Instruction ID: 6035e0e78a3f2e3320c420f29683b94bc4825167c13c5da257612200709cf266
Opcode Fuzzy Hash: 16d5b7056506ac1aa3be62c87a897449e0af35361c1a5b370ad614f7e7c3f2e7
Instruction Fuzzy Hash: B5413772E28B4699FB118FACD8812AC37B0BB88788F548139DB4D12769DF3CE545C740

Function 00007FF8BFB8A31C Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 83COMMON

Download Yara Rule

APIs

DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8A40F

Strings

long , xrefs: 00007FF8BFB8A37E
short , xrefs: 00007FF8BFB8A39C
int , xrefs: 00007FF8BFB8A38D
char , xrefs: 00007FF8BFB8A3A5
unsigned , xrefs: 00007FF8BFB8A3E3

Memory Dump Source

Source File: 0000000B.00000002.2227563165.00007FF8BFB81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB80000, based on PE: true

Associated: 0000000B.00000002.2227543809.00007FF8BFB80000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227588075.00007FF8BFB91000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227703058.00007FF8BFB96000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227726183.00007FF8BFB97000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb80000_obs-ffmpeg-mux.jbxd

Similarity

API ID: Name::operator+
String ID: char $int $long $short $unsigned
API String ID: 2943138195-3894466517
Opcode ID: 1a667bf595c3f0eddcec5e75b1b20bf055c895b242c78c01af1086ecda962d52
Instruction ID: d4fc56c2c3a0982fa2afceabd73fe0a28a4f24d9716f8c2718a6473281832526
Opcode Fuzzy Hash: 1a667bf595c3f0eddcec5e75b1b20bf055c895b242c78c01af1086ecda962d52
Instruction Fuzzy Hash: EA416A32E18A56A9EB118FACD8441BC7BB5BB89784F448235CB0C16B9ADF3CE544C700

Function 00007FF8A7BEAD20 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 80stringCOMMON

Download Yara Rule

APIs

strcmp.MSVCRT ref: 00007FF8A7BEAD79

Strings

AMBI, xrefs: 00007FF8A7BEAD2A
U, xrefs: 00007FF8A7BEADC0
S, xrefs: 00007FF8A7BEADC6
R, xrefs: 00007FF8A7BEADD4

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: strcmp
String ID: AMBI$R$S$U
API String ID: 1004003707-1923686996
Opcode ID: 2c03c1ff48f72caf1a01bafe690d171ef4b5263fdc57e4468dab7bf39da5722a
Instruction ID: 474bca973fb646163fbcccd7a7db495ce2484552123f10dd956332fa99ac200d
Opcode Fuzzy Hash: 2c03c1ff48f72caf1a01bafe690d171ef4b5263fdc57e4468dab7bf39da5722a
Instruction Fuzzy Hash: 6521F763E0A54374FB628E24A8002BE1754EB417EAF8C8571DF0D066D0FE7CE586E304

Function 00007FF8A7C01880 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 77COMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 00007FF8A7C0191C

Strings

((src_linesize) >= 0 ? (src_linesize) : (-(src_linesize))) >= bytewidth, xrefs: 00007FF8A7C01945
src/libavutil/imgutils.c, xrefs: 00007FF8A7C01936, 00007FF8A7C01966
((dst_linesize) >= 0 ? (dst_linesize) : (-(dst_linesize))) >= bytewidth, xrefs: 00007FF8A7C01975
Assertion %s failed at %s:%d, xrefs: 00007FF8A7C01951

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: memcpy
String ID: ((dst_linesize) >= 0 ? (dst_linesize) : (-(dst_linesize))) >= bytewidth$((src_linesize) >= 0 ? (src_linesize) : (-(src_linesize))) >= bytewidth$Assertion %s failed at %s:%d$src/libavutil/imgutils.c
API String ID: 3510742995-1436408019
Opcode ID: 29eedba0b8a561808ce1373c0d83b9e424659025d8d80de6197fb189af70282f
Instruction ID: 1f206afe899490c055c7987f5a4f8b0e5f6d165d08cb0293052eb4a4bc7ca7c6
Opcode Fuzzy Hash: 29eedba0b8a561808ce1373c0d83b9e424659025d8d80de6197fb189af70282f
Instruction Fuzzy Hash: D221B8A3F0BA5566FB519F11BD001AEA755EB887D8F484132EE4C07755DE3CE286D700

Function 00007FF8A7C0D160 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 65COMMON

Download Yara Rule

Strings

true,y,yes,enable,enabled,on, xrefs: 00007FF8A7C0D2C8
auto, xrefs: 00007FF8A7C0D169
Unable to parse option value "%s" as boolean, xrefs: 00007FF8A7C0D3A8
false,n,no,disable,disabled,off, xrefs: 00007FF8A7C0D326

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID: Unable to parse option value "%s" as boolean$auto$false,n,no,disable,disabled,off$true,y,yes,enable,enabled,on
API String ID: 0-3796170252
Opcode ID: 80dcf72f5eaf96136f939c22b2c5b1b32456b8058e2967939369524f2b68426d
Instruction ID: c7bf6ac9d45c259bc0e6226b54a2bccf252bfc61eba35c983472a883524623d4
Opcode Fuzzy Hash: 80dcf72f5eaf96136f939c22b2c5b1b32456b8058e2967939369524f2b68426d
Instruction Fuzzy Hash: F521A426E0AA02A1FB529F34A4113BE5255EF817E4F504631DD1D272C1EF3CE58BB344

Function 00007FF8A7BF6860 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 64stringCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 00007FF8A7BF6C25

Part of subcall function 00007FF8A7C89860: strlen.MSVCRT ref: 00007FF8A7C89878
Part of subcall function 00007FF8A7C89860: _errno.MSVCRT ref: 00007FF8A7C89897

_errno.MSVCRT ref: 00007FF8A7BF6C93

Strings

ff_tempfile: Cannot open temporary file %s, xrefs: 00007FF8A7BF6CA2
ff_tempfile: Cannot allocate file name, xrefs: 00007FF8A7BF6CD6
/tmp/%sXXXXXX, xrefs: 00007FF8A7BF6C49
./%sXXXXXX, xrefs: 00007FF8A7BF6C77

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _errnostrlen
String ID: ./%sXXXXXX$/tmp/%sXXXXXX$ff_tempfile: Cannot allocate file name$ff_tempfile: Cannot open temporary file %s
API String ID: 860928405-2152079688
Opcode ID: 0f688c71126fc59946a20c54ec96a80db71b419569075c9b5168e78452e7bea4
Instruction ID: 554d6d4822689128d0b5cb1c49dcfd6569caddd15f4f7b818e88794e17999cc0
Opcode Fuzzy Hash: 0f688c71126fc59946a20c54ec96a80db71b419569075c9b5168e78452e7bea4
Instruction Fuzzy Hash: 9F216AB6E0AA06A1EB41DF11E4594BE2364EF84BD8F844536FD9D87391EE3CE406E740

Function 00007FF8A7C01990 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 61COMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 00007FF8A7C019F9
abort.MSVCRT ref: 00007FF8A7C01A3F

Strings

((src_linesize) >= 0 ? (src_linesize) : (-(src_linesize))) >= bytewidth, xrefs: 00007FF8A7C01A23
src/libavutil/imgutils.c, xrefs: 00007FF8A7C01A14, 00007FF8A7C01A44
((dst_linesize) >= 0 ? (dst_linesize) : (-(dst_linesize))) >= bytewidth, xrefs: 00007FF8A7C01A53
Assertion %s failed at %s:%d, xrefs: 00007FF8A7C01A2F

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: abortmemcpy
String ID: ((dst_linesize) >= 0 ? (dst_linesize) : (-(dst_linesize))) >= bytewidth$((src_linesize) >= 0 ? (src_linesize) : (-(src_linesize))) >= bytewidth$Assertion %s failed at %s:%d$src/libavutil/imgutils.c
API String ID: 985927305-1436408019
Opcode ID: 57f52b22eac4459bf228b66986decd4f74425c1849e3cd511780a932ceefaf11
Instruction ID: e34ebe4c295daf033a61355ad5d7bb04a7c491ddd57f38687f3175505b49587e
Opcode Fuzzy Hash: 57f52b22eac4459bf228b66986decd4f74425c1849e3cd511780a932ceefaf11
Instruction Fuzzy Hash: F1112C62E1B962B6E730DF54A9015BE6790EF893D4F884534EE0C07B52DE3CE545D740

Function 00007FF6129E2370 Relevance: 10.6, APIs: 7, Instructions: 55COMMON

Download Yara Rule

APIs

avcodec_free_context.AVCODEC-60 ref: 00007FF6129E2388
avformat_free_context.AVFORMAT-60 ref: 00007FF6129E23CC

Part of subcall function 00007FF6129E2030: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF6129E23A2), ref: 00007FF6129E204A
Part of subcall function 00007FF6129E2030: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF6129E23A2), ref: 00007FF6129E2065
Part of subcall function 00007FF6129E2030: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF6129E23A2), ref: 00007FF6129E2080
Part of subcall function 00007FF6129E2030: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF6129E23A2), ref: 00007FF6129E209B
Part of subcall function 00007FF6129E2030: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF6129E23A2), ref: 00007FF6129E20B6

av_free.AVUTIL-58 ref: 00007FF6129E23B1
avio_context_free.AVFORMAT-60 ref: 00007FF6129E23BD
avio_close.AVFORMAT-60 ref: 00007FF6129E23C4
avcodec_free_context.AVCODEC-60 ref: 00007FF6129E2402
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6129E2415

Memory Dump Source

Source File: 0000000B.00000002.2221719961.00007FF6129E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6129E0000, based on PE: true

Associated: 0000000B.00000002.2221699491.00007FF6129E0000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2221744703.00007FF6129E5000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2221759176.00007FF6129E6000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000B.00000002.2221776644.00007FF6129E9000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff6129e0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: strncmp$avcodec_free_context$av_freeavformat_free_contextavio_closeavio_context_freefree
String ID:
API String ID: 1086289117-0
Opcode ID: 5750c0e3cd2fb8260dfd87b4c22098c1e8e3cbc363b4994d39577057d30215b3
Instruction ID: 51cc2c146f2c2ae32672787e77e9c055c4f318f17dc778d49609064392646a6a
Opcode Fuzzy Hash: 5750c0e3cd2fb8260dfd87b4c22098c1e8e3cbc363b4994d39577057d30215b3
Instruction Fuzzy Hash: ED214F72A04A5182EB10DF2BE4513BC63A0FF88F9CF055936DA4D9724BCFB8D8828710

Function 00007FF8A7C9A660 Relevance: 10.6, APIs: 7, Instructions: 52COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF8A7C99840: TlsGetValue.KERNEL32 ref: 00007FF8A7C9985D

longjmp.MSVCRT ref: 00007FF8A7C9A69B
TlsGetValue.KERNEL32 ref: 00007FF8A7C9A6A7
CloseHandle.KERNEL32 ref: 00007FF8A7C9A6D3
_endthreadex.MSVCRT ref: 00007FF8A7C9A6EB
CloseHandle.KERNEL32 ref: 00007FF8A7C9A6FD
TlsSetValue.KERNEL32 ref: 00007FF8A7C9A71B
CloseHandle.KERNEL32 ref: 00007FF8A7C9A72E

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: CloseHandleValue$_endthreadexlongjmp
String ID:
API String ID: 3990644698-0
Opcode ID: 73060f70dbe4c489cd31e19d1776919e8e936670c78b2bffbe7749b2f46d11de
Instruction ID: 5c37742cba82f5de98181c536a1901ace0f9928b41399c3c965dcfee2f15cd4a
Opcode Fuzzy Hash: 73060f70dbe4c489cd31e19d1776919e8e936670c78b2bffbe7749b2f46d11de
Instruction Fuzzy Hash: 0A210725A0BA82E6FB959F11E45877E76A8EF84F85F058135CE0E07390EF7CA844E700

Function 00007FF8A7BED810 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 40COMMON

Download Yara Rule

APIs

abort.MSVCRT ref: 00007FF8A7BED85F

Strings

av_crc_init(av_crc_table[AV_CRC_16_ANSI_LE], 1, 16, 0xA001, sizeof(av_crc_table[AV_CRC_16_ANSI_LE])) >= 0, xrefs: 00007FF8A7BED89B
src/libavutil/crc.c, xrefs: 00007FF8A7BED834, 00007FF8A7BED894
av_crc_init(av_crc_table[AV_CRC_32_IEEE_LE], 1, 32, 0xEDB88320, sizeof(av_crc_table[AV_CRC_32_IEEE_LE])) >= 0, xrefs: 00007FF8A7BED83B
Assertion %s failed at %s:%d, xrefs: 00007FF8A7BED84B, 00007FF8A7BED8AB

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: abort
String ID: Assertion %s failed at %s:%d$av_crc_init(av_crc_table[AV_CRC_16_ANSI_LE], 1, 16, 0xA001, sizeof(av_crc_table[AV_CRC_16_ANSI_LE])) >= 0$av_crc_init(av_crc_table[AV_CRC_32_IEEE_LE], 1, 32, 0xEDB88320, sizeof(av_crc_table[AV_CRC_32_IEEE_LE])) >= 0$src/libavutil/crc.c
API String ID: 4206212132-3869419772
Opcode ID: 96f5f185df5af9d250496bea1b812434c02eec593cc3f23363683570a2ddd386
Instruction ID: f38f38571cd6612d493c0004daa49bda4b42cbe061eba47249caa1e8e26d7765
Opcode Fuzzy Hash: 96f5f185df5af9d250496bea1b812434c02eec593cc3f23363683570a2ddd386
Instruction Fuzzy Hash: 03116171E0AA46A1F710AF20E8052FE6766EF85384FC04236D94D467A3EE3CE206E714

Function 00007FF8A7C08E40 Relevance: 9.1, APIs: 1, Strings: 5, Instructions: 136stringCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 00007FF8A7C08F33

Strings

INT64_MAX, xrefs: 00007FF8A7C0901B
%d:%02d.%06d, xrefs: 00007FF8A7C08EE2
%d.%06d, xrefs: 00007FF8A7C0907B
INT64_MIN, xrefs: 00007FF8A7C09056
%lld:%02d:%02d.%06d, xrefs: 00007FF8A7C08FE4

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: strlen
String ID: %d.%06d$%d:%02d.%06d$%lld:%02d:%02d.%06d$INT64_MAX$INT64_MIN
API String ID: 39653677-2240581584
Opcode ID: cf4f16006c1c0a862bb4f663b07b40e742fc65853bf7fc4d11485ba963f2ff38
Instruction ID: 79e83db062b0bafcbd7ceeac5f2926a1bc4a843916639d3245d72a15acb16509
Opcode Fuzzy Hash: cf4f16006c1c0a862bb4f663b07b40e742fc65853bf7fc4d11485ba963f2ff38
Instruction Fuzzy Hash: DB413AD1B1AB8959EF74CF2658052BD55C2DB98BD0E84C132EF1E47BD5DE3CA305A280

Function 00007FF8BFBA1920 Relevance: 9.1, APIs: 6, Instructions: 124COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF8BFBA5530: _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00007FF8BFBA1688), ref: 00007FF8BFBA5552

_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8BFBA1980
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8BFBA19DE
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8BFBA1A07
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8BFBA1A1C
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8BFBA1A73
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8BFBA1A86

Memory Dump Source

Source File: 0000000B.00000002.2227771240.00007FF8BFBA1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8BFBA0000, based on PE: true

Associated: 0000000B.00000002.2227749170.00007FF8BFBA0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2227797863.00007FF8BFBA8000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2227819325.00007FF8BFBAC000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfba0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _errno$free
String ID:
API String ID: 4247730083-0
Opcode ID: 34b5fe769a158e21acccb4ad1b5a9f683f14a6e55ea9ebd6d8c1efb0b3076924
Instruction ID: c7d26729e88d75461bfc298023cd1c01e39105573b6dea05ce6b1f8aa4cdf5a1
Opcode Fuzzy Hash: 34b5fe769a158e21acccb4ad1b5a9f683f14a6e55ea9ebd6d8c1efb0b3076924
Instruction Fuzzy Hash: F1513132A08B0796EA60DBA9D54017933A4FF587D4F444132DB6D83AE5EF3CE865CB40

Function 00007FF8BFB862D0 Relevance: 9.1, APIs: 6, Instructions: 84stringCOMMON

Download Yara Rule

APIs

__unDName.LIBVCRUNTIME ref: 00007FF8BFB86326
malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8BFB86369
strcpy_s.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF8BFB86393
InterlockedPushEntrySList.KERNEL32 ref: 00007FF8BFB863B0
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8BFB863BC
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8BFB863C5

Memory Dump Source

Source File: 0000000B.00000002.2227563165.00007FF8BFB81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB80000, based on PE: true

Associated: 0000000B.00000002.2227543809.00007FF8BFB80000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227588075.00007FF8BFB91000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227703058.00007FF8BFB96000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227726183.00007FF8BFB97000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb80000_obs-ffmpeg-mux.jbxd

Similarity

API ID: free$EntryInterlockedListNamePush__unmallocstrcpy_s
String ID:
API String ID: 3741236498-0
Opcode ID: 6447550c70440ae48e9dc09acfbe7fa3055870e3a5d625089a78ddc05dba8847
Instruction ID: 249528ff6a78341969894b47dafc18f895e69e16cdd8170a2934eea86c48cd1c
Opcode Fuzzy Hash: 6447550c70440ae48e9dc09acfbe7fa3055870e3a5d625089a78ddc05dba8847
Instruction Fuzzy Hash: 2031C721B1975191EB11DF6EA8045696395FF89FD4F554539DF2D03391EE3DD842C300

Function 00007FF8BFBA3AB0 Relevance: 9.1, APIs: 6, Instructions: 66threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00007FF8BFBA3B29
GetCurrentProcess.KERNEL32 ref: 00007FF8BFBA3B35
GetCurrentThread.KERNEL32 ref: 00007FF8BFBA3B3E
GetCurrentProcess.KERNEL32 ref: 00007FF8BFBA3B47
DuplicateHandle.KERNEL32 ref: 00007FF8BFBA3B6C

Memory Dump Source

Source File: 0000000B.00000002.2227771240.00007FF8BFBA1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8BFBA0000, based on PE: true

Associated: 0000000B.00000002.2227749170.00007FF8BFBA0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2227797863.00007FF8BFBA8000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2227819325.00007FF8BFBAC000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfba0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: Current$ProcessThread$DuplicateHandle
String ID:
API String ID: 4285418203-0
Opcode ID: 122369a1c330d7f29e53f35644df85b62e1c336a8a69c3fc79a39b0e983c8277
Instruction ID: ec7ecd8647a7c9c5d36bd2b17eb8c3195fce1fec8ef33a0e0e01d57ca755d4ea
Opcode Fuzzy Hash: 122369a1c330d7f29e53f35644df85b62e1c336a8a69c3fc79a39b0e983c8277
Instruction Fuzzy Hash: 02317032908BC18AE7209FA9E8012AAB7A0FF947C4F444134EF8D06B55DF3DE1A58700

Function 00007FF8BFBA5C10 Relevance: 9.0, APIs: 6, Instructions: 44COMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32 ref: 00007FF8BFBA5C22
OpenProcess.KERNEL32 ref: 00007FF8BFBA5C36
GetLastError.KERNEL32 ref: 00007FF8BFBA5C41
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8BFBA5C57
CloseHandle.KERNEL32 ref: 00007FF8BFBA5C72
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8BFBA5C7C

Memory Dump Source

Source File: 0000000B.00000002.2227771240.00007FF8BFBA1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8BFBA0000, based on PE: true

Associated: 0000000B.00000002.2227749170.00007FF8BFBA0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2227797863.00007FF8BFBA8000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2227819325.00007FF8BFBAC000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfba0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: Process_errno$CloseCurrentErrorHandleLastOpen
String ID:
API String ID: 3861255796-0
Opcode ID: e8f9237df677979dc71b34d724e04c16cd4c67e5f51f945e8c435fea502eb581
Instruction ID: 80e948a72df1a9fa954222cc11e914580c86b9634a587e087c86c0c1b09ddd7a
Opcode Fuzzy Hash: e8f9237df677979dc71b34d724e04c16cd4c67e5f51f945e8c435fea502eb581
Instruction Fuzzy Hash: BC015222F0860282EB654BADB48422963A1EF88B90F455138DB2E47BD4DE3CDD948700

Function 00007FF8A7BE8250 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 196stringCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 00007FF8A7BE828B
strftime.MSVCRT ref: 00007FF8A7BE832A

Strings

[truncated strftime output], xrefs: 00007FF8A7BE840E, 00007FF8A7BE8421, 00007FF8A7BE84F1

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: strftimestrlen
String ID: [truncated strftime output]
API String ID: 1668665056-4273287863
Opcode ID: 48fee134cde3df212bc8b5240acc974637bc91c92b5dcb55f0befaaa1fd8cc70
Instruction ID: a66bf5255f89ca8b77e29370561cdbb37d480a057a543a45f8413896ca24951a
Opcode Fuzzy Hash: 48fee134cde3df212bc8b5240acc974637bc91c92b5dcb55f0befaaa1fd8cc70
Instruction Fuzzy Hash: 2071F7B2B06A515AEB15CE29D88863D2391EF887D4F559235DE1A833D1FE3CEC46E300

Function 00007FF8BFB838A8 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 189COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF8BFB86710: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF8BFB8239E), ref: 00007FF8BFB8671E

EncodePointer.KERNEL32 ref: 00007FF8BFB83918
_CallSETranslator.LIBVCRUNTIME ref: 00007FF8BFB83963
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8BFB83B91

Strings

RCC, xrefs: 00007FF8BFB83934
MOC, xrefs: 00007FF8BFB8392C

Memory Dump Source

Source File: 0000000B.00000002.2227563165.00007FF8BFB81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB80000, based on PE: true

Associated: 0000000B.00000002.2227543809.00007FF8BFB80000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227588075.00007FF8BFB91000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227703058.00007FF8BFB96000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227726183.00007FF8BFB97000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb80000_obs-ffmpeg-mux.jbxd

Similarity

API ID: abort$CallEncodePointerTranslator
String ID: MOC$RCC
API String ID: 2889003569-2084237596
Opcode ID: 63425386b35f735f5eb303e83bfbe55818570f32e5447e3767ff35a3eaf3afb3
Instruction ID: 63e9f83e9745564b36c61e2f7a5fdbdb6dc08a974d6ae15da47fa6655f2275af
Opcode Fuzzy Hash: 63425386b35f735f5eb303e83bfbe55818570f32e5447e3767ff35a3eaf3afb3
Instruction Fuzzy Hash: 5D916F73A087958AE750CFA9E4802AD7BA0F7847C8F14412AEF8D17756DF38D1A5C700

Function 00007FF8A7C013C0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 188COMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 00007FF8A7C015FB
_aligned_free.MSVCRT ref: 00007FF8A7C01633

Strings

Picture size %ux%u is invalid, xrefs: 00007FF8A7C01649
Formats with a palette require a minimum alignment of 4, xrefs: 00007FF8A7C01604

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _aligned_freememset
String ID: Formats with a palette require a minimum alignment of 4$Picture size %ux%u is invalid
API String ID: 4139559148-2772728507
Opcode ID: d2bce35dc7bea88bc8b002da499a7abb22af52d3ac8cced75f3b84996035a56c
Instruction ID: 81bec43c1089d0f777cccf6063a90b30e553180d46294e1279086b25057f802e
Opcode Fuzzy Hash: d2bce35dc7bea88bc8b002da499a7abb22af52d3ac8cced75f3b84996035a56c
Instruction Fuzzy Hash: 5E612966B0AB8267EB048F15D90477EA692FF857D4F448131EE4E477D8DE3CE4429780

Function 00007FF8A7C21850 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 172COMMON

Download Yara Rule

APIs

abort.MSVCRT ref: 00007FF8A7C21AF8

Part of subcall function 00007FF8A7C9AF60: CreateEventA.KERNEL32 ref: 00007FF8A7C9AFE2
Part of subcall function 00007FF8A7C9AF60: Sleep.KERNEL32 ref: 00007FF8A7C9AFF7

Strings

src/libavutil/slicethread.c, xrefs: 00007FF8A7C21ACD
Assertion %s failed at %s:%d, xrefs: 00007FF8A7C21AE4
nb_threads >= 0, xrefs: 00007FF8A7C21AD4
j, xrefs: 00007FF8A7C21AEB

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: CreateEventSleepabort
String ID: Assertion %s failed at %s:%d$j$nb_threads >= 0$src/libavutil/slicethread.c
API String ID: 723382662-4085466978
Opcode ID: 0dd97ee1e1389a45ab9eeccc6ffecfb3266947cce79cf5f2d17546453878bf81
Instruction ID: 2e3c1bd9b7d8d5dd95b9f82c9198bfdaef8a1cb3804a333c8b81686009fa6f4f
Opcode Fuzzy Hash: 0dd97ee1e1389a45ab9eeccc6ffecfb3266947cce79cf5f2d17546453878bf81
Instruction Fuzzy Hash: 04719F72A0AB82A6EB64AF11E5403AE73A2FB847C4F144131DA8D47785DF3CE511D781

Function 00007FF8BFB8BB70 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 167COMMON

Download Yara Rule

APIs

DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8BC50

Part of subcall function 00007FF8BFB88C24: DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8913D
Part of subcall function 00007FF8BFB88C24: DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB89175

Strings

std::nullptr_t , xrefs: 00007FF8BFB8BDC5
volatile , xrefs: 00007FF8BFB8BBD3, 00007FF8BFB8BD21
volatile, xrefs: 00007FF8BFB8BBE2, 00007FF8BFB8BD30
std::nullptr_t, xrefs: 00007FF8BFB8BDF1

Memory Dump Source

Source File: 0000000B.00000002.2227563165.00007FF8BFB81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB80000, based on PE: true

Associated: 0000000B.00000002.2227543809.00007FF8BFB80000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227588075.00007FF8BFB91000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227703058.00007FF8BFB96000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227726183.00007FF8BFB97000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb80000_obs-ffmpeg-mux.jbxd

Similarity

API ID: Name::operator+
String ID: std::nullptr_t$std::nullptr_t $volatile$volatile
API String ID: 2943138195-757766384
Opcode ID: 8ec89114dc1e92fb087ff84a90b975bd849231731579a14e6ae3ff20f009c8f1
Instruction ID: cfd1ac9df379a15da2fe8860f10ebb50dc7aaee042009b7310938672b75bc096
Opcode Fuzzy Hash: 8ec89114dc1e92fb087ff84a90b975bd849231731579a14e6ae3ff20f009c8f1
Instruction Fuzzy Hash: 6F716872A08A4694EB148FACD9411BC67A5BB857C4F44C539DB4E07BAADF3CE650C700

Function 00007FF8BFB63660 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 166COMMON

Download Yara Rule

APIs

av_get_packed_sample_fmt.AVUTIL-58 ref: 00007FF8BFB63693
av_get_packed_sample_fmt.AVUTIL-58 ref: 00007FF8BFB6369E
av_get_bytes_per_sample.AVUTIL-58 ref: 00007FF8BFB6386F
av_log.AVUTIL-58 ref: 00007FF8BFB638CE

Strings

Requested noise shaping dither not available at this sampling rate, using triangular hp dither, xrefs: 00007FF8BFB638BF

Memory Dump Source

Source File: 0000000B.00000002.2227411362.00007FF8BFB51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BFB50000, based on PE: true

Associated: 0000000B.00000002.2227392651.00007FF8BFB50000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227439652.00007FF8BFB69000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227461251.00007FF8BFB72000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227482039.00007FF8BFB73000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227501419.00007FF8BFB76000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227522561.00007FF8BFB77000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb50000_obs-ffmpeg-mux.jbxd

Similarity

API ID: av_get_packed_sample_fmt$av_get_bytes_per_sampleav_log
String ID: Requested noise shaping dither not available at this sampling rate, using triangular hp dither
API String ID: 3201340904-3665241142
Opcode ID: 3aabd3796ad4e8e3c28a21a01194fa0efc64d4ec367513780e46d480d1dae623
Instruction ID: f68d18d4486c553c6b5f79ba28ab711b040937992fa552a0d29443b33e99b788
Opcode Fuzzy Hash: 3aabd3796ad4e8e3c28a21a01194fa0efc64d4ec367513780e46d480d1dae623
Instruction Fuzzy Hash: 89612533E18A8659E752CB7C89417B9F395BF597C4F088332DB0E66390EF6DA4A5C600

Function 00007FF8BFB83690 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 145COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF8BFB86710: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF8BFB8239E), ref: 00007FF8BFB8671E

EncodePointer.KERNEL32 ref: 00007FF8BFB836DC
_CallSETranslator.LIBVCRUNTIME ref: 00007FF8BFB8372B
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8BFB8389F

Strings

RCC, xrefs: 00007FF8BFB836F9
MOC, xrefs: 00007FF8BFB836F0

Memory Dump Source

Source File: 0000000B.00000002.2227563165.00007FF8BFB81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB80000, based on PE: true

Associated: 0000000B.00000002.2227543809.00007FF8BFB80000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227588075.00007FF8BFB91000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227703058.00007FF8BFB96000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227726183.00007FF8BFB97000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb80000_obs-ffmpeg-mux.jbxd

Similarity

API ID: abort$CallEncodePointerTranslator
String ID: MOC$RCC
API String ID: 2889003569-2084237596
Opcode ID: bda6881e4fb6ddd96fb50e60b72b5d1eaa618bcc944dda4a5bc0b193bb5b3b27
Instruction ID: 2acbb592e27071bed484ddf7126a03528cd763ea83e5ac7af000430b36879a92
Opcode Fuzzy Hash: bda6881e4fb6ddd96fb50e60b72b5d1eaa618bcc944dda4a5bc0b193bb5b3b27
Instruction Fuzzy Hash: 2D613777A08A858AE724CFA9D4807AD77A0FB84BC8F184125EF4D13B5ADF38E465C700

Function 00007FF8A7C8D620 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 123COMMON

Download Yara Rule

APIs

_errno.MSVCRT ref: 00007FF8A7C8D6C0
_errno.MSVCRT ref: 00007FF8A7C8D710

Strings

exp, xrefs: 00007FF8A7C8D6E6, 00007FF8A7C8D72B, 00007FF8A7C8D765

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _errno
String ID: exp
API String ID: 2918714741-113136155
Opcode ID: e90ec1942e2a92b2f1d0ed0121cc3710e2463ace097223b5873384d11cd1195e
Instruction ID: 0a8d9b5151757534f84dd1a5dfa0a271ce80e918f9f958f68d58793ebd192999
Opcode Fuzzy Hash: e90ec1942e2a92b2f1d0ed0121cc3710e2463ace097223b5873384d11cd1195e
Instruction Fuzzy Hash: BB510652D0DA85A2E7026F34E81227E6364FF9A384F50D331EB8D3059AFF2DE5919B40

Function 00007FF8BFB63000 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 123COMMON

Download Yara Rule

APIs

_errno.MSVCRT ref: 00007FF8BFB630A0
_errno.MSVCRT ref: 00007FF8BFB630F0

Strings

exp, xrefs: 00007FF8BFB630C6, 00007FF8BFB6310B, 00007FF8BFB63145

Memory Dump Source

Source File: 0000000B.00000002.2227411362.00007FF8BFB51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BFB50000, based on PE: true

Associated: 0000000B.00000002.2227392651.00007FF8BFB50000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227439652.00007FF8BFB69000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227461251.00007FF8BFB72000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227482039.00007FF8BFB73000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227501419.00007FF8BFB76000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227522561.00007FF8BFB77000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb50000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _errno
String ID: exp
API String ID: 2918714741-113136155
Opcode ID: e892162a4feb91c5f06d0adc05f7b2a5d8b4b961a27d821f26560dc97cede207
Instruction ID: 6daacfd21e1c04d6320fff3906ecd900d432ae7e1316f0ea02a4b46d2eab533d
Opcode Fuzzy Hash: e892162a4feb91c5f06d0adc05f7b2a5d8b4b961a27d821f26560dc97cede207
Instruction Fuzzy Hash: 8851FC53D0CA85A2E7025F78D81227BB320FF95384F54D325EB8D31696FF1DE5949A40

Function 00007FF8A7BE9750 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 121COMMON

Download Yara Rule

Strings

Assertion %s failed at %s:%d, xrefs: 00007FF8A7BE98E6
src/libavutil/buffer.c, xrefs: 00007FF8A7BE98C9
pool->alloc || pool->alloc2, xrefs: 00007FF8A7BE98D0

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID: Assertion %s failed at %s:%d$pool->alloc || pool->alloc2$src/libavutil/buffer.c
API String ID: 0-4265094632
Opcode ID: d76ba869af0c935bc261349364afef7ac018e203dbb1c970f62eb4bb728a1136
Instruction ID: baf7c83bb1c5287bd7c52f938db61ef1bed420212774ca000b225983c570e275
Opcode Fuzzy Hash: d76ba869af0c935bc261349364afef7ac018e203dbb1c970f62eb4bb728a1136
Instruction Fuzzy Hash: 38517AB6606B41A5EB659F11E8487AE33A8FB48BC9F454135DE8E07390EF3CE449D381

Function 00007FF8A7C06510 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 119COMMON

Download Yara Rule

APIs

abort.MSVCRT ref: 00007FF8A7C066C3

Strings

Assertion %s failed at %s:%d, xrefs: 00007FF8A7C066B3
in_ts != ((int64_t)0x8000000000000000ULL), xrefs: 00007FF8A7C066A7
duration >= 0, xrefs: 00007FF8A7C066D7
src/libavutil/mathematics.c, xrefs: 00007FF8A7C06698, 00007FF8A7C066C8

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: abort
String ID: Assertion %s failed at %s:%d$duration >= 0$in_ts != ((int64_t)0x8000000000000000ULL)$src/libavutil/mathematics.c
API String ID: 4206212132-3367517387
Opcode ID: 513caed045a4db0526df902e940f6b02687e0721ee3627fbbd4727eb2fb21fc4
Instruction ID: c6e673b0b102a8f3a0f605770559c2d9b7b31a1e9a28c942a4f6e146193658e4
Opcode Fuzzy Hash: 513caed045a4db0526df902e940f6b02687e0721ee3627fbbd4727eb2fb21fc4
Instruction Fuzzy Hash: A841F42670AB45A0EB20CF41B9506AEA7A8FB88BD0F444436EE8D17B94DE7CE142D740

Function 00007FF8A7C261E0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 85COMMON

Download Yara Rule

APIs

abort.MSVCRT ref: 00007FF8A7C262C2

Strings

!dual_stride || !(dual_stride & (dual_stride - 1)), xrefs: 00007FF8A7C262A6
src/libavutil/tx.c, xrefs: 00007FF8A7C26297, 00007FF8A7C26312
Assertion %s failed at %s:%d, xrefs: 00007FF8A7C262B2
dual_stride <= basis, xrefs: 00007FF8A7C26321

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: abort
String ID: !dual_stride || !(dual_stride & (dual_stride - 1))$Assertion %s failed at %s:%d$dual_stride <= basis$src/libavutil/tx.c
API String ID: 4206212132-1907613106
Opcode ID: b2d68d41104b27e6dcc2f546f5ee05c62e4ee261660e14a4176fa03e21371bc5
Instruction ID: 623f89bacbaf02649187a8c438c71a6faa5f7e00d825b3c5db719894f5cfdf5d
Opcode Fuzzy Hash: b2d68d41104b27e6dcc2f546f5ee05c62e4ee261660e14a4176fa03e21371bc5
Instruction Fuzzy Hash: 9531C432A0E686A7E3609F14A4407AEBAA0FB983D4F504139EA8D43F94DF3CE145DF50

Function 00007FF8BFB5AEC0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 67COMMON

Download Yara Rule

APIs

av_log.AVUTIL-58 ref: 00007FF8BFB5AF42
abort.MSVCRT ref: 00007FF8BFB5AF47

Strings

s->out_sample_rate == s->in_sample_rate, xrefs: 00007FF8BFB5AF23
Assertion %s failed at %s:%d, xrefs: 00007FF8BFB5AF33
src/libswresample/swresample.c, xrefs: 00007FF8BFB5AF1C

Memory Dump Source

Source File: 0000000B.00000002.2227411362.00007FF8BFB51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BFB50000, based on PE: true

Associated: 0000000B.00000002.2227392651.00007FF8BFB50000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227439652.00007FF8BFB69000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227461251.00007FF8BFB72000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227482039.00007FF8BFB73000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227501419.00007FF8BFB76000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227522561.00007FF8BFB77000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb50000_obs-ffmpeg-mux.jbxd

Similarity

API ID: abortav_log
String ID: Assertion %s failed at %s:%d$s->out_sample_rate == s->in_sample_rate$src/libswresample/swresample.c
API String ID: 208496458-2566888546
Opcode ID: 6f075df65b6eed603a674aefd9f5f2e9a38cef1fcc3b0318237051135531fcf6
Instruction ID: 32398e982eb3367660bff6d0912aebd9e7f87653bbd6ca865867f671309bd87e
Opcode Fuzzy Hash: 6f075df65b6eed603a674aefd9f5f2e9a38cef1fcc3b0318237051135531fcf6
Instruction Fuzzy Hash: B4218161E0974289EB258BADD460779B7A4EF84788F584236EB0D967E4DF3CF542CA00

Function 00007FF8A7C0E750 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 63stringCOMMON

Download Yara Rule

APIs

strcmp.MSVCRT ref: 00007FF8A7C0E792

Strings

ntsc, xrefs: 00007FF8A7C0E76B
none, xrefs: 00007FF8A7C0E755

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: strcmp
String ID: none$ntsc
API String ID: 1004003707-2486863473
Opcode ID: 6b738e6fadc790c156b69ca33ae2bb0c185686464ba8ef256ca71794a6c641fc
Instruction ID: ece8e187a884432e2be6e41c4b877d0b18b9be28aa53ab4d90e72f7450aa6e2b
Opcode Fuzzy Hash: 6b738e6fadc790c156b69ca33ae2bb0c185686464ba8ef256ca71794a6c641fc
Instruction Fuzzy Hash: DB112663F4A151A1E7209F2AFC442BE6790EB44BE8F484431EE0C8B390DF2CE582D380

Function 00007FF8A7C99780 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 54threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00007FF8A7C997D6
_ultoa.MSVCRT ref: 00007FF8A7C997E9
OutputDebugStringA.KERNEL32 ref: 00007FF8A7C9982D
abort.MSVCRT ref: 00007FF8A7C99833

Strings

Error cleaning up spin_keys for thread , xrefs: 00007FF8A7C997BE

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: CurrentDebugOutputStringThread_ultoaabort
String ID: Error cleaning up spin_keys for thread
API String ID: 4191895893-2906507043
Opcode ID: 81378f2af0811eeb7f04898ebd31de8b15f56f487cc7d9f9e4b7e3e7059bb688
Instruction ID: 605843d46d9a79c29713b3bc61d8e280d1ad4e5c13bdc5b50d7a6c6dcd825ee8
Opcode Fuzzy Hash: 81378f2af0811eeb7f04898ebd31de8b15f56f487cc7d9f9e4b7e3e7059bb688
Instruction Fuzzy Hash: C71157A2F0EA42E0FBA14F24E01437D9691EF863E1F940734CA6C463C4DE2CE885D302

Function 00007FF8BFBA2780 Relevance: 7.7, APIs: 5, Instructions: 200synchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32 ref: 00007FF8BFBA2829

Memory Dump Source

Source File: 0000000B.00000002.2227771240.00007FF8BFBA1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8BFBA0000, based on PE: true

Associated: 0000000B.00000002.2227749170.00007FF8BFBA0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2227797863.00007FF8BFBA8000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2227819325.00007FF8BFBAC000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfba0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: ObjectSingleWait
String ID:
API String ID: 24740636-0
Opcode ID: 128c7c0c7c4041ad80a73ece8c7e6e0e6db133071bd0854d49eb70ad7e1cdf79
Instruction ID: daeef98b1e4a0dea13996cca45b89344141df54beb5133216d947f545b4ab9b9
Opcode Fuzzy Hash: 128c7c0c7c4041ad80a73ece8c7e6e0e6db133071bd0854d49eb70ad7e1cdf79
Instruction Fuzzy Hash: 93914232A08A8786EB728BADD40037A73A0FF957E4F555231DB5D86AD5EF3CE8418740

Function 00007FF8A7C978B0 Relevance: 7.7, APIs: 5, Instructions: 180synchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32 ref: 00007FF8A7C97957

Part of subcall function 00007FF8A7C98840: WaitForMultipleObjects.KERNEL32 ref: 00007FF8A7C988B4

ResetEvent.KERNEL32 ref: 00007FF8A7C97917
WaitForSingleObject.KERNEL32 ref: 00007FF8A7C97998

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: Wait$ObjectSingle$EventMultipleObjectsReset
String ID:
API String ID: 654736092-0
Opcode ID: 34fbc9e2f4b500ec35d71564d19f70a292e06c702ea4cefd25497b8e02179aaa
Instruction ID: 51e07a7627df7b721f9dd2961a3c4eb8db7bf081996088d0dc3cf7f1be81db99
Opcode Fuzzy Hash: 34fbc9e2f4b500ec35d71564d19f70a292e06c702ea4cefd25497b8e02179aaa
Instruction Fuzzy Hash: 9B512721F0BD23E1FBE15A26954237F4291FF90BD8F591532DD4E826D1ED2CE981B205

Function 00007FF8A7C98970 Relevance: 7.6, APIs: 5, Instructions: 102threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00007FF8A7C989B0

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: CurrentThread
String ID:
API String ID: 2882836952-0
Opcode ID: 64ab8e10bfe97489d8a8b5c547ce0e4a8904eff289fa1a41a4582324bccb7b1a
Instruction ID: b2ba092241d9b732873f9b36c62dd790b3d2eac24044010d1f74a4708b5d54e8
Opcode Fuzzy Hash: 64ab8e10bfe97489d8a8b5c547ce0e4a8904eff289fa1a41a4582324bccb7b1a
Instruction Fuzzy Hash: 7E31C133B0AA12D6FB969F25994876E22D4EF403E0F468535DE0D87280EE3CED81E341

Function 00007FF8BFB89FA4 Relevance: 7.6, APIs: 5, Instructions: 94COMMON

Download Yara Rule

APIs

DName::DName.LIBVCRUNTIME ref: 00007FF8BFB8A01D
DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8A03F
DName::DName.LIBVCRUNTIME ref: 00007FF8BFB8A052
DName::DName.LIBVCRUNTIME ref: 00007FF8BFB8A089
DName::DName.LIBVCRUNTIME ref: 00007FF8BFB8A094

Memory Dump Source

Source File: 0000000B.00000002.2227563165.00007FF8BFB81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB80000, based on PE: true

Associated: 0000000B.00000002.2227543809.00007FF8BFB80000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227588075.00007FF8BFB91000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227703058.00007FF8BFB96000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227726183.00007FF8BFB97000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb80000_obs-ffmpeg-mux.jbxd

Similarity

API ID: NameName::$Name::operator+
String ID:
API String ID: 826178784-0
Opcode ID: 7682a6ebcb32bf14f43659220100a1b4a5a4a6e3db385e7ce84af32120df353b
Instruction ID: 6eeeef95698b76e79f9e3e1f8c2b1d531238d4ed4f12a5ed150b659d478995c4
Opcode Fuzzy Hash: 7682a6ebcb32bf14f43659220100a1b4a5a4a6e3db385e7ce84af32120df353b
Instruction Fuzzy Hash: A341CE32B08B56A4EB10CBA8D8811BC77B8BB95BC4B548136EB4D53796DF3CE855C300

Function 00007FF8A7C0A167 Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 72stringCOMMON

Download Yara Rule

APIs

strcmp.MSVCRT ref: 00007FF8A7C099A4

Strings

auto, xrefs: 00007FF8A7C0A16A
true, xrefs: 00007FF8A7C0A179
false, xrefs: 00007FF8A7C0A180
%-15s , xrefs: 00007FF8A7C099B0

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: strcmp
String ID: %-15s $auto$false$true
API String ID: 1004003707-1025821387
Opcode ID: fb3527bd10113371e98a9a1ec61775ec9984070070ae132d8b4dc0cee117fe9d
Instruction ID: 5977a4676dc461ac74f357ac18f31479f61afa7560930f4ec31b7c29e2f52a8d
Opcode Fuzzy Hash: fb3527bd10113371e98a9a1ec61775ec9984070070ae132d8b4dc0cee117fe9d
Instruction Fuzzy Hash: EF312931A0A682B6EB618F11A1457FE2364FB807C5F444036DB8D47A95DF3CF992E780

Function 00007FF8A7C97400 Relevance: 7.6, APIs: 5, Instructions: 57COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 00007FF8A7C97418
ReleaseSemaphore.KERNEL32 ref: 00007FF8A7C97446
LeaveCriticalSection.KERNEL32 ref: 00007FF8A7C97453
LeaveCriticalSection.KERNEL32 ref: 00007FF8A7C97473
LeaveCriticalSection.KERNEL32 ref: 00007FF8A7C97498

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: CriticalSection$Leave$EnterReleaseSemaphore
String ID:
API String ID: 2813224205-0
Opcode ID: f1a7a2740e80d1d3259fae1787131c9bb634157a3b26bf56fc66d50a79331669
Instruction ID: 2cdb3774f0888883a9988f1f358a0daaf70b5c3764e24fe1ed196637b9d49f10
Opcode Fuzzy Hash: f1a7a2740e80d1d3259fae1787131c9bb634157a3b26bf56fc66d50a79331669
Instruction Fuzzy Hash: 1901F533F0652692EB469F26BC812699280FF99BE6F84963ACD1D42750ED3C98C29700

Function 00007FF8BFB639E6 Relevance: 7.6, APIs: 5, Instructions: 57COMMON

Download Yara Rule

APIs

av_channel_layout_subset.AVUTIL-58 ref: 00007FF8BFB63A11
av_channel_layout_subset.AVUTIL-58 ref: 00007FF8BFB63A2C
av_channel_layout_subset.AVUTIL-58 ref: 00007FF8BFB63A47
av_channel_layout_subset.AVUTIL-58 ref: 00007FF8BFB63A62
av_channel_layout_subset.AVUTIL-58 ref: 00007FF8BFB63A81

Memory Dump Source

Source File: 0000000B.00000002.2227411362.00007FF8BFB51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BFB50000, based on PE: true

Associated: 0000000B.00000002.2227392651.00007FF8BFB50000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227439652.00007FF8BFB69000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227461251.00007FF8BFB72000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227482039.00007FF8BFB73000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227501419.00007FF8BFB76000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227522561.00007FF8BFB77000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb50000_obs-ffmpeg-mux.jbxd

Similarity

API ID: av_channel_layout_subset
String ID:
API String ID: 2965862492-0
Opcode ID: ffdd762dd7e7d539b56224ab97a8e7a7bb2a5354903c6b430eecf0b001850afc
Instruction ID: 0fc35d34a2f8b9f48963bf41a44535d5327b8b2e9fb9a6270dcf069bb7a782aa
Opcode Fuzzy Hash: ffdd762dd7e7d539b56224ab97a8e7a7bb2a5354903c6b430eecf0b001850afc
Instruction Fuzzy Hash: 7F115806F5B302A0FE595AA8844A37DB3D26F847C0F5CA438CB0F0A7C5EE2EE914C650

Function 00007FF8BFBA5BA0 Relevance: 7.5, APIs: 5, Instructions: 31COMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32 ref: 00007FF8BFBA5BAC
OpenProcess.KERNEL32 ref: 00007FF8BFBA5BC0
GetLastError.KERNEL32 ref: 00007FF8BFBA5BCB
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8BFBA5BE1
CloseHandle.KERNEL32 ref: 00007FF8BFBA5BF7

Memory Dump Source

Source File: 0000000B.00000002.2227771240.00007FF8BFBA1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8BFBA0000, based on PE: true

Associated: 0000000B.00000002.2227749170.00007FF8BFBA0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2227797863.00007FF8BFBA8000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2227819325.00007FF8BFBAC000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfba0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: Process$CloseCurrentErrorHandleLastOpen_errno
String ID:
API String ID: 202612177-0
Opcode ID: 59d5a97e427603bb888d026b8b2610f650cbaf0f5f7bb9ca25a91e49a38cba3c
Instruction ID: bfc40cacb0e7fc4d1df833ae8ef0ff06eeae33e000e00eff2a1c73e454a41cd7
Opcode Fuzzy Hash: 59d5a97e427603bb888d026b8b2610f650cbaf0f5f7bb9ca25a91e49a38cba3c
Instruction Fuzzy Hash: FBF01264F0560747FB295BE998943352391AF48792F845438CB2E86BD0DE6CEDE98710

Function 00007FF8A7BF4910 Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 306stringCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 00007FF8A7BF494B
_aligned_free.MSVCRT ref: 00007FF8A7BF4E0E

Strings

d, xrefs: 00007FF8A7BF49CB
Invalid chars '%s' at the end of expression '%s', xrefs: 00007FF8A7BF4A7D

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _aligned_freestrlen
String ID: Invalid chars '%s' at the end of expression '%s'$d
API String ID: 1887580107-3215087449
Opcode ID: 5a1976bc1fae1619cc5837e51ad9f9ceb58bf78b7d192d9c0debe48df1a25819
Instruction ID: 455e391a3b678c1f6062cbe6af7e303c85811717a754a12f3eaaa2af03e41094
Opcode Fuzzy Hash: 5a1976bc1fae1619cc5837e51ad9f9ceb58bf78b7d192d9c0debe48df1a25819
Instruction Fuzzy Hash: 62E1067660AA4691DF50DF1AE4902AE67B0FBC5BC0F105032EB8E47BA6DF6DD842D740

Function 00007FF8BFB53C60 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 204COMMON

Download Yara Rule

APIs

abort.MSVCRT ref: 00007FF8BFB53EFB

Strings

src/libswresample/audioconvert.c, xrefs: 00007FF8BFB53ED0
Assertion %s failed at %s:%d, xrefs: 00007FF8BFB53EE7
ctx->channels == out->ch_count, xrefs: 00007FF8BFB53ED7

Memory Dump Source

Source File: 0000000B.00000002.2227411362.00007FF8BFB51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BFB50000, based on PE: true

Associated: 0000000B.00000002.2227392651.00007FF8BFB50000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227439652.00007FF8BFB69000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227461251.00007FF8BFB72000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227482039.00007FF8BFB73000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227501419.00007FF8BFB76000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227522561.00007FF8BFB77000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb50000_obs-ffmpeg-mux.jbxd

Similarity

API ID: abort
String ID: Assertion %s failed at %s:%d$ctx->channels == out->ch_count$src/libswresample/audioconvert.c
API String ID: 4206212132-1145592257
Opcode ID: 866e3859ebfbb8229919b961fbf36017d54387b83d359a5ec9b00af1929c4d7d
Instruction ID: fbeae8640aec95ce604382149e00a276e9fb86dc1260319f59b7ed5ced6edcbc
Opcode Fuzzy Hash: 866e3859ebfbb8229919b961fbf36017d54387b83d359a5ec9b00af1929c4d7d
Instruction Fuzzy Hash: F661E273B1825686EA64CA8AD464B7973A6FF58BC4F498135CF0D07B90EE3CF4518700

Function 00007FF8BFB5AFA0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 193COMMON

Download Yara Rule

Strings

Failed to compensate for timestamp delta of %f, xrefs: 00007FF8BFB5B250
compensating audio timestamp drift:%f compensation:%d in:%d, xrefs: 00007FF8BFB5B181

Memory Dump Source

Source File: 0000000B.00000002.2227411362.00007FF8BFB51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BFB50000, based on PE: true

Associated: 0000000B.00000002.2227392651.00007FF8BFB50000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227439652.00007FF8BFB69000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227461251.00007FF8BFB72000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227482039.00007FF8BFB73000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227501419.00007FF8BFB76000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227522561.00007FF8BFB77000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb50000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID: Failed to compensate for timestamp delta of %f$compensating audio timestamp drift:%f compensation:%d in:%d
API String ID: 0-3137371971
Opcode ID: 9453577323ccaac385d38161161e3fdd902f05c07b8afe89a999298048375f23
Instruction ID: 7d518fcee4d4e356ebf2a54387758688e1dcb75ea60347aa2558be36df8dac44
Opcode Fuzzy Hash: 9453577323ccaac385d38161161e3fdd902f05c07b8afe89a999298048375f23
Instruction Fuzzy Hash: F1713922E1979A81EA528F7A5411379A364AF99FC8F0DC332DF0D67394EF3CB5818210

Function 00007FF8BFB84044 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 163COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF8BFB86710: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF8BFB8239E), ref: 00007FF8BFB8671E

abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8BFB841C3

Strings

csm, xrefs: 00007FF8BFB841FD
, xrefs: 00007FF8BFB84114
csm, xrefs: 00007FF8BFB84093

Memory Dump Source

Source File: 0000000B.00000002.2227563165.00007FF8BFB81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB80000, based on PE: true

Associated: 0000000B.00000002.2227543809.00007FF8BFB80000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227588075.00007FF8BFB91000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227703058.00007FF8BFB96000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227726183.00007FF8BFB97000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb80000_obs-ffmpeg-mux.jbxd

Similarity

API ID: abort
String ID: $csm$csm
API String ID: 4206212132-1512788406
Opcode ID: a1e41bd14f4dc8a012b9b6851bae8dba3a2639313cd67671a1d4b299b7556132
Instruction ID: faade396d2b35e33dd69e20979e8f05f9c4a2f9f4108ca993e3d704a9d3d2502
Opcode Fuzzy Hash: a1e41bd14f4dc8a012b9b6851bae8dba3a2639313cd67671a1d4b299b7556132
Instruction Fuzzy Hash: 1B719D32A08691C6DB689FA994507B97BA1FB95BC8F148136DF8C07A8ACB3CD491C741

Function 00007FF8BFB83E1C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 144COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF8BFB86710: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF8BFB8239E), ref: 00007FF8BFB8671E

abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8BFB83F13
__FrameHandler3::FrameUnwindToEmptyState.LIBVCRUNTIME ref: 00007FF8BFB83F23

Strings

csm, xrefs: 00007FF8BFB83E66
csm, xrefs: 00007FF8BFB83F75

Memory Dump Source

Source File: 0000000B.00000002.2227563165.00007FF8BFB81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB80000, based on PE: true

Associated: 0000000B.00000002.2227543809.00007FF8BFB80000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227588075.00007FF8BFB91000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227703058.00007FF8BFB96000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227726183.00007FF8BFB97000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb80000_obs-ffmpeg-mux.jbxd

Similarity

API ID: Frameabort$EmptyHandler3::StateUnwind
String ID: csm$csm
API String ID: 4108983575-3733052814
Opcode ID: 723d316c6bb1492db26d318ced58129fbbb71e04f86aecbd325fb3d3c805e488
Instruction ID: 026dec830c188771ae41d1273138dbca89e8d0415f1fd6593ccf698e119f80a3
Opcode Fuzzy Hash: 723d316c6bb1492db26d318ced58129fbbb71e04f86aecbd325fb3d3c805e488
Instruction Fuzzy Hash: 25516C33908682C6EB748F9AA44426977A0FB94BD5F184136DB9D47BD6CF3CE461C740

Function 00007FF8A7C215C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 122COMMON

Download Yara Rule

APIs

abort.MSVCRT ref: 00007FF8A7C21747

Strings

src/libavutil/slicethread.c, xrefs: 00007FF8A7C2171C
nb_jobs > 0, xrefs: 00007FF8A7C21723
Assertion %s failed at %s:%d, xrefs: 00007FF8A7C21733

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: abort
String ID: Assertion %s failed at %s:%d$nb_jobs > 0$src/libavutil/slicethread.c
API String ID: 4206212132-1031856425
Opcode ID: 6ee0518d565bae88eeec7544e1c0ff8f03f36ef7bb88ca07a7aea4a2878acd5c
Instruction ID: 533094313a4d15c9a42a8f1989e2883cb9bbdd8e5a8c04054a37729a3c196c64
Opcode Fuzzy Hash: 6ee0518d565bae88eeec7544e1c0ff8f03f36ef7bb88ca07a7aea4a2878acd5c
Instruction Fuzzy Hash: 5041AD36A06A02A7EB64DF1AE40066EB7A1FB84BD8F588135DE4D03654DF3DE542D780

Function 00007FF8A7BE5FB0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 98stringCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 00007FF8A7BE5FC9
strspn.MSVCRT ref: 00007FF8A7BE6030
strspn.MSVCRT ref: 00007FF8A7BE60B6

Strings

, xrefs: 00007FF8A7BE5FEA, 00007FF8A7BE60A3

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: strspn$strlen
String ID:
API String ID: 697951671-596783616
Opcode ID: c2f3e75c8f79a9c271b989593eea45416c26161b9ab45691b9c7843e23effee5
Instruction ID: d1301a8d56fb1a5fe3d3b172f6073908e622d88fb24a1a74b5b73145d63f3c92
Opcode Fuzzy Hash: c2f3e75c8f79a9c271b989593eea45416c26161b9ab45691b9c7843e23effee5
Instruction Fuzzy Hash: C13190B1A0E2A264EB568F11566027D5AA2EF05BCCF484071DE5D5B3C7EE2DE443A300

Function 00007FF8A7C08990 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 94stringCOMMON

Download Yara Rule

APIs

strtol.MSVCRT ref: 00007FF8A7C08A4A

Strings

Value %d for parameter '%s' out of %s format range [%d - %d], xrefs: 00007FF8A7C08ADA
Unable to parse option value "%s" as %s, xrefs: 00007FF8A7C08A79
none, xrefs: 00007FF8A7C089B2

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: strtol
String ID: Unable to parse option value "%s" as %s$Value %d for parameter '%s' out of %s format range [%d - %d]$none
API String ID: 76114499-2908652078
Opcode ID: 3dc9da589c42dd02856a593b1258d03a0b292f87372d4db75a7a8f83acead3ae
Instruction ID: 1b52b3dc465e3ea912593d4ee65ce572fb23baca4fbe04d7f6950f006c93c3f3
Opcode Fuzzy Hash: 3dc9da589c42dd02856a593b1258d03a0b292f87372d4db75a7a8f83acead3ae
Instruction Fuzzy Hash: AC312A22B0EA82A5E7618F31680067E6291EB857E4F10C331EE5D53FD4DF3CE5929B80

Function 00007FF8BFB8A714 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 74COMMON

Download Yara Rule

APIs

DName::DName.LIBVCRUNTIME ref: 00007FF8BFB8A778

Strings

%lf, xrefs: 00007FF8BFB8A7BE

Memory Dump Source

Source File: 0000000B.00000002.2227563165.00007FF8BFB81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB80000, based on PE: true

Associated: 0000000B.00000002.2227543809.00007FF8BFB80000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227588075.00007FF8BFB91000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227703058.00007FF8BFB96000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227726183.00007FF8BFB97000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb80000_obs-ffmpeg-mux.jbxd

Similarity

API ID: NameName::
String ID: %lf
API String ID: 1333004437-2891890143
Opcode ID: f37b8968dc856f8c22d72c120ca4476383f363961e161f929d9d255907aecf6d
Instruction ID: d2aa59a95ba348ae2eb96ea084b58970d97aa0de1da66ed5d38dfff3fa423e91
Opcode Fuzzy Hash: f37b8968dc856f8c22d72c120ca4476383f363961e161f929d9d255907aecf6d
Instruction Fuzzy Hash: 2131A43690CA8595EB20CFA8E85127AB765FBC9BC4F448235EB9E47646DF3CE501C740

Function 00007FF8A7BFD880 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 31stringCOMMON

Download Yara Rule

APIs

strtol.MSVCRT ref: 00007FF8A7BFD8AF

Strings

Using CUDA primary device context, xrefs: 00007FF8A7BFD8E0
primary_ctx, xrefs: 00007FF8A7BFD889
Disabling use of CUDA primary device context, xrefs: 00007FF8A7BFD8B8

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: strtol
String ID: Disabling use of CUDA primary device context$Using CUDA primary device context$primary_ctx
API String ID: 76114499-1919470267
Opcode ID: 3c091e27e2dbc98c8e65e12db3f15324b02cb9e40d48561a3b36329f0690444e
Instruction ID: e2ef5e22fe581f9dc831c5e48f09e4c7d6a458590105100341a434b140034c93
Opcode Fuzzy Hash: 3c091e27e2dbc98c8e65e12db3f15324b02cb9e40d48561a3b36329f0690444e
Instruction Fuzzy Hash: 6EF0BEA5F0B602B0FB54AF66A4296BD1211EF86BD1FC06432DC0D4A7E2DD3CE042E300

Function 00007FF8BFB82400 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 28COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF8BFB86710: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF8BFB8239E), ref: 00007FF8BFB8671E

terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8BFB8243E

Strings

MOC, xrefs: 00007FF8BFB82418
csm, xrefs: 00007FF8BFB82420
RCC, xrefs: 00007FF8BFB82410

Memory Dump Source

Source File: 0000000B.00000002.2227563165.00007FF8BFB81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB80000, based on PE: true

Associated: 0000000B.00000002.2227543809.00007FF8BFB80000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227588075.00007FF8BFB91000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227703058.00007FF8BFB96000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227726183.00007FF8BFB97000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb80000_obs-ffmpeg-mux.jbxd

Similarity

API ID: abortterminate
String ID: MOC$RCC$csm
API String ID: 661698970-2671469338
Opcode ID: b838753ef247b2fc749e3877e0128dea9035de62b0ba29f15289213c97603889
Instruction ID: a0774adaa420c87953666972b9ea45e83bc8bcc30b06e39ebe77d05732468535
Opcode Fuzzy Hash: b838753ef247b2fc749e3877e0128dea9035de62b0ba29f15289213c97603889
Instruction Fuzzy Hash: BBF0FF3A91864685EB505FA9E2810693765FBC8B84F099476DB5807653CF3CD890C651

Function 00007FF8A7BE9960 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 27COMMON

Download Yara Rule

APIs

abort.MSVCRT ref: 00007FF8A7BE99A4

Strings

buf, xrefs: 00007FF8A7BE9980
Assertion %s failed at %s:%d, xrefs: 00007FF8A7BE9990
src/libavutil/buffer.c, xrefs: 00007FF8A7BE9979

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: abort
String ID: Assertion %s failed at %s:%d$buf$src/libavutil/buffer.c
API String ID: 4206212132-2693306993
Opcode ID: 6a1729c8ae82779914f64dfb9c10cf82327e2bfa5a8fbcb130779104fee64848
Instruction ID: d497058eebae1f2f5431c43941f42f43539e3ed895b1b0d0a0793a37101191d7
Opcode Fuzzy Hash: 6a1729c8ae82779914f64dfb9c10cf82327e2bfa5a8fbcb130779104fee64848
Instruction Fuzzy Hash: CCE06D76A0AA06E1EB159F65E4000AD27A1FF88784F948136DA4C433B0DF3CE106D704

Function 00007FF8BFB8E9E0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 22COMMON

Download Yara Rule

APIs

__C_specific_handler.LIBVCRUNTIME ref: 00007FF8BFB8E9F0

Part of subcall function 00007FF8BFB8EC30: _IsNonwritableInCurrentImage.LIBCMT ref: 00007FF8BFB8ECF0
Part of subcall function 00007FF8BFB8EC30: RtlUnwindEx.KERNEL32(?,?,?,?,?,?,?,00007FF8BFB8E9F5), ref: 00007FF8BFB8ED3F

Part of subcall function 00007FF8BFB86710: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF8BFB8239E), ref: 00007FF8BFB8671E

terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8BFB8EA1A

Strings

csm, xrefs: 00007FF8BFB8E9FB
f, xrefs: 00007FF8BFB8E9F5

Memory Dump Source

Source File: 0000000B.00000002.2227563165.00007FF8BFB81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB80000, based on PE: true

Associated: 0000000B.00000002.2227543809.00007FF8BFB80000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227588075.00007FF8BFB91000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227703058.00007FF8BFB96000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227726183.00007FF8BFB97000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb80000_obs-ffmpeg-mux.jbxd

Similarity

API ID: C_specific_handlerCurrentImageNonwritableUnwindabortterminate
String ID: csm$f
API String ID: 2451123448-629598281
Opcode ID: c9fb23446a5b638453e0304dd207887769bfaeb8010eb75ee95ffcfd07f137de
Instruction ID: ffdc250335e1efb96b3420e1bb4df510b76b3db3ecb31a25136871b0e8f01f6d
Opcode Fuzzy Hash: c9fb23446a5b638453e0304dd207887769bfaeb8010eb75ee95ffcfd07f137de
Instruction Fuzzy Hash: 28E06D36D1828281EB206BE9B18113D27A5BF95BD4F148039DB4807687CE3CE8A0C641

Function 00007FF8A7C07500 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 14COMMON

Download Yara Rule

APIs

abort.MSVCRT ref: 00007FF8A7C0752F

Strings

src/libavutil/mem.c, xrefs: 00007FF8A7C07504
val || !min_size, xrefs: 00007FF8A7C0750F
Assertion %s failed at %s:%d, xrefs: 00007FF8A7C07516

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: abort
String ID: Assertion %s failed at %s:%d$src/libavutil/mem.c$val || !min_size
API String ID: 4206212132-3343232236
Opcode ID: 9f2d832eee8a386a6791954090d46eb0d2479cb7aefd3148675639f8814a35ca
Instruction ID: b0f14920ce32e1f8a7e0921cfd564ff54e0811e513030dc512ab483dc7234c61
Opcode Fuzzy Hash: 9f2d832eee8a386a6791954090d46eb0d2479cb7aefd3148675639f8814a35ca
Instruction Fuzzy Hash: C0E0466190AA42B1E710AF50A8002FD3B71FB88384F808636E54E26A60CF3CA206D724

Function 00007FF8A7BF55A0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 12COMMON

Download Yara Rule

APIs

abort.MSVCRT ref: 00007FF8A7BF55CF

Strings

src/libavutil/fifo.c, xrefs: 00007FF8A7BF55A4
Assertion %s failed at %s:%d, xrefs: 00007FF8A7BF55B6
cur_size >= size, xrefs: 00007FF8A7BF55AF

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: abort
String ID: Assertion %s failed at %s:%d$cur_size >= size$src/libavutil/fifo.c
API String ID: 4206212132-2007657860
Opcode ID: 88a5e5efd281f7ab3c7b4b2a72e72c85cd5da5ff7f8b021ecd333fd393f9dcb8
Instruction ID: 78415e82ad248282eba9cf7ba3e6c9a5fa55ad77aca51bf1bcdaae3a9a9ca19e
Opcode Fuzzy Hash: 88a5e5efd281f7ab3c7b4b2a72e72c85cd5da5ff7f8b021ecd333fd393f9dcb8
Instruction Fuzzy Hash: 01D0123290A956E5E314EF50A4122FD67A2FB48384F804576D54D13262CF3CD105D784

Function 00007FF8BFB89CC0 Relevance: 6.2, APIs: 4, Instructions: 193COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF8BFB8C3C8: DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8C459
Part of subcall function 00007FF8BFB8C3C8: DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8C492
Part of subcall function 00007FF8BFB8C3C8: DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8C7BB

DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB89E19
DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB89E78
DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB89EAA
DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB89EBA

Memory Dump Source

Source File: 0000000B.00000002.2227563165.00007FF8BFB81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB80000, based on PE: true

Associated: 0000000B.00000002.2227543809.00007FF8BFB80000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227588075.00007FF8BFB91000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227703058.00007FF8BFB96000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227726183.00007FF8BFB97000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb80000_obs-ffmpeg-mux.jbxd

Similarity

API ID: Name::operator+
String ID:
API String ID: 2943138195-0
Opcode ID: f50f9f5b0f4c072e52125a456639a7d4e2bd829a5a5137cb56b4f6bb80237050
Instruction ID: 0f940d71045aad1eb60dda49bd35a46817eb2b419a99c94bcdf52cedb3b94dd1
Opcode Fuzzy Hash: f50f9f5b0f4c072e52125a456639a7d4e2bd829a5a5137cb56b4f6bb80237050
Instruction Fuzzy Hash: 73915E62E0875699FB118BE8D8413BC3BB1BB94B88F548039DF4E5769ADF7CA845C340

Function 00007FF8BFB8A44C Relevance: 6.1, APIs: 4, Instructions: 134COMMON

Download Yara Rule

APIs

DName::DName.LIBVCRUNTIME ref: 00007FF8BFB8A4F1
DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8A501
DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8A51E
DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8A553

Memory Dump Source

Source File: 0000000B.00000002.2227563165.00007FF8BFB81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB80000, based on PE: true

Associated: 0000000B.00000002.2227543809.00007FF8BFB80000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227588075.00007FF8BFB91000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227703058.00007FF8BFB96000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227726183.00007FF8BFB97000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb80000_obs-ffmpeg-mux.jbxd

Similarity

API ID: Name::operator+$NameName::
String ID:
API String ID: 168861036-0
Opcode ID: fdc850366a52cc8509fdc883a27d076c67a20e363f2b2ed3a2a440fa302089d7
Instruction ID: bc6dc597271701b998f807160e2c15e3beb9fd51ba989bd6daae0876db1a0b44
Opcode Fuzzy Hash: fdc850366a52cc8509fdc883a27d076c67a20e363f2b2ed3a2a440fa302089d7
Instruction Fuzzy Hash: 48517972E18A56A8E710CFA8E8413BC77A5BB85B88F548135DB0E1779ADF3DE481C340

Function 00007FF8BFBA3BE0 Relevance: 6.1, APIs: 4, Instructions: 126synchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32 ref: 00007FF8BFBA3C3E
ResetEvent.KERNEL32 ref: 00007FF8BFBA3C8E
WaitForSingleObject.KERNEL32 ref: 00007FF8BFBA3D0F

Memory Dump Source

Source File: 0000000B.00000002.2227771240.00007FF8BFBA1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8BFBA0000, based on PE: true

Associated: 0000000B.00000002.2227749170.00007FF8BFBA0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2227797863.00007FF8BFBA8000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2227819325.00007FF8BFBAC000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfba0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: ObjectSingleWait$EventReset
String ID:
API String ID: 466820088-0
Opcode ID: 23d1a419ce0311e38330c9e7fff77312c1ba9e2a20c5924deb88d3609af00be2
Instruction ID: 42864604935c4123fecfc7ea0ce021d9d9ac74849b2da8ac78a119f5f2f991ad
Opcode Fuzzy Hash: 23d1a419ce0311e38330c9e7fff77312c1ba9e2a20c5924deb88d3609af00be2
Instruction Fuzzy Hash: FE416D33B08682C2EB55DF69E4402AE73A1EB84BC4F484035EB9D47A99EF3DD955CB40

Function 00007FF8A7BE1010 Relevance: 6.1, APIs: 4, Instructions: 124sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32 ref: 00007FF8A7BE105D
_amsg_exit.MSVCRT ref: 00007FF8A7BE1086

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: Sleep_amsg_exit
String ID:
API String ID: 1015461914-0
Opcode ID: 3224bf86eb5cef696b33d2aba6a83138660028b8981cd15249a10f7ce29e597b
Instruction ID: 518153e9bc186585ea2ac767f8c681087bd4cd639590003dcc9ea6d97d75025f
Opcode Fuzzy Hash: 3224bf86eb5cef696b33d2aba6a83138660028b8981cd15249a10f7ce29e597b
Instruction Fuzzy Hash: 974190B2F0B54AA5F7529F16E96027D22A1EF847C4F644036CE1C573A1EE3CE882B301

Function 00007FF8BFB51010 Relevance: 6.1, APIs: 4, Instructions: 124sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32 ref: 00007FF8BFB5105D
_amsg_exit.MSVCRT ref: 00007FF8BFB51086

Memory Dump Source

Source File: 0000000B.00000002.2227411362.00007FF8BFB51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BFB50000, based on PE: true

Associated: 0000000B.00000002.2227392651.00007FF8BFB50000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227439652.00007FF8BFB69000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227461251.00007FF8BFB72000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227482039.00007FF8BFB73000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227501419.00007FF8BFB76000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227522561.00007FF8BFB77000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb50000_obs-ffmpeg-mux.jbxd

Similarity

API ID: Sleep_amsg_exit
String ID:
API String ID: 1015461914-0
Opcode ID: b553eb0038be5d07e6e415a4f5416fb2498995f0916b4543aad5407793640784
Instruction ID: 2320c2dd9df4a83468906a467fc3053bfd429c3e31bdbaa98591c38f243dd764
Opcode Fuzzy Hash: b553eb0038be5d07e6e415a4f5416fb2498995f0916b4543aad5407793640784
Instruction Fuzzy Hash: B0416932F0968295FA528B9EE97127963A5EF887D4F884032DF0C47394DE3CF8819341

Function 00007FF8A7BE66B0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 104stringCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 00007FF8A7BE66D8
strchr.MSVCRT ref: 00007FF8A7BE670F
strlen.MSVCRT ref: 00007FF8A7BE67FB

Strings

ALL, xrefs: 00007FF8A7BE66F8

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: strlen$strchr
String ID: ALL
API String ID: 3013107155-2914988887
Opcode ID: fcefe4586e90ed2a4975fb323870bf9105dc7dc9ba43fdb0f7cef785815bcb23
Instruction ID: 28003633ccd26b2ed30e52333e67425bb23a58e4168a2ebded8f6c1bb61b4155
Opcode Fuzzy Hash: fcefe4586e90ed2a4975fb323870bf9105dc7dc9ba43fdb0f7cef785815bcb23
Instruction Fuzzy Hash: A83125B6B0B06160FF66CD316A34B7D49929B467D8F494830CE1917BC5EA7CAC87A300

Function 00007FF8BFBA1CF0 Relevance: 6.1, APIs: 4, Instructions: 102threadCOMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8BFBA1D5C
_beginthreadex.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8BFBA1DDB
ResumeThread.KERNEL32 ref: 00007FF8BFBA1E0A

Part of subcall function 00007FF8BFBA56D0: CloseHandle.KERNEL32 ref: 00007FF8BFBA5775
Part of subcall function 00007FF8BFBA56D0: CloseHandle.KERNEL32 ref: 00007FF8BFBA5785

free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8BFBA1E42

Memory Dump Source

Source File: 0000000B.00000002.2227771240.00007FF8BFBA1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8BFBA0000, based on PE: true

Associated: 0000000B.00000002.2227749170.00007FF8BFBA0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2227797863.00007FF8BFBA8000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2227819325.00007FF8BFBAC000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfba0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: CloseHandle$ResumeThread_beginthreadexfreemalloc
String ID:
API String ID: 1141387253-0
Opcode ID: 66f779a04675420d10c3e0e1a40261c3780ffcd5451449fc6e1faf9f36e06287
Instruction ID: adb5b4b273f7d4821030ea0aadc3fb8010b88b015c409e41575a7ee180dfe3de
Opcode Fuzzy Hash: 66f779a04675420d10c3e0e1a40261c3780ffcd5451449fc6e1faf9f36e06287
Instruction Fuzzy Hash: E441E232A08B8586E7A18F59E4006AAB3A0FF98BD4F549130EF8D03B54EF3CD951CB40

Function 00007FF8BFBA1AE0 Relevance: 6.1, APIs: 4, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2227771240.00007FF8BFBA1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8BFBA0000, based on PE: true

Associated: 0000000B.00000002.2227749170.00007FF8BFBA0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2227797863.00007FF8BFBA8000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2227819325.00007FF8BFBAC000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfba0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a5ed3023e85355d8c7d662a5ea9ebd51d1dc57e461f8a813a7e81e918f6af5b3
Instruction ID: c5bf6fddf33dbb7d7064e7e14b991c7c636a037742b4ff62255f36f921a75317
Opcode Fuzzy Hash: a5ed3023e85355d8c7d662a5ea9ebd51d1dc57e461f8a813a7e81e918f6af5b3
Instruction Fuzzy Hash: 10416B76A08B0686EB51DF99A84013973A5FF88BD0B989435CF4D437A4EF3CE856CB00

Function 00007FF8BFBA1790 Relevance: 6.1, APIs: 4, Instructions: 96threadsynchronizationinjectionCOMMON

Download Yara Rule

APIs

SuspendThread.KERNEL32 ref: 00007FF8BFBA1845
WaitForSingleObject.KERNEL32 ref: 00007FF8BFBA1850
ResumeThread.KERNEL32 ref: 00007FF8BFBA188E

Memory Dump Source

Source File: 0000000B.00000002.2227771240.00007FF8BFBA1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8BFBA0000, based on PE: true

Associated: 0000000B.00000002.2227749170.00007FF8BFBA0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2227797863.00007FF8BFBA8000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2227819325.00007FF8BFBAC000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfba0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: Thread$ObjectResumeSingleSuspendWait
String ID:
API String ID: 879609812-0
Opcode ID: e0952a9e7b9d2dd58eff9cf88d52fd7236f715f562f819b9b31cf785f32f6f21
Instruction ID: 207e47eccf29379d47344cedd6975a44dd94930060bf8835a640f5d4e3620f72
Opcode Fuzzy Hash: e0952a9e7b9d2dd58eff9cf88d52fd7236f715f562f819b9b31cf785f32f6f21
Instruction Fuzzy Hash: 43418032A0858582FB618F69E0413BD73A1FF94B98F549131DB4D47699DF3CE989CB40

Function 00007FF8A7C96900 Relevance: 6.1, APIs: 4, Instructions: 92COMMON

Download Yara Rule

APIs

IsDBCSLeadByteEx.KERNEL32 ref: 00007FF8A7C9695A
MultiByteToWideChar.KERNEL32 ref: 00007FF8A7C9699A

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: Byte$CharLeadMultiWide
String ID:
API String ID: 2561704868-0
Opcode ID: 1a996603528365f6f637cd234a293156ba757802906f7287cb03bbb997d6b298
Instruction ID: e17681d39c7f85a3fdb1ffaff0833d93b4b0a8574c4d3bff5a87b552f1fa15b7
Opcode Fuzzy Hash: 1a996603528365f6f637cd234a293156ba757802906f7287cb03bbb997d6b298
Instruction Fuzzy Hash: 1B3104B2A0DA81C6E3A08F24F42036D76A0FB857D4F548231EAE8A77C4DF3DD5809B00

Function 00007FF8BFB8C87C Relevance: 6.1, APIs: 4, Instructions: 85COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF8BFB8C3C8: DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8C459
Part of subcall function 00007FF8BFB8C3C8: DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8C492
Part of subcall function 00007FF8BFB8C3C8: DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8C7BB

DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8C8F7
DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8C906
DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8C982
DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB8C991

Memory Dump Source

Source File: 0000000B.00000002.2227563165.00007FF8BFB81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB80000, based on PE: true

Associated: 0000000B.00000002.2227543809.00007FF8BFB80000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227588075.00007FF8BFB91000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227703058.00007FF8BFB96000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227726183.00007FF8BFB97000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb80000_obs-ffmpeg-mux.jbxd

Similarity

API ID: Name::operator+
String ID:
API String ID: 2943138195-0
Opcode ID: 010c9cc7b649f2daabbc83b7255f351f4a32df461fe661a6f710ba75eaae01a6
Instruction ID: d06f21f864826966cc72f150ea8c4e5e341a0fac5771a52dd55e028f12252c3f
Opcode Fuzzy Hash: 010c9cc7b649f2daabbc83b7255f351f4a32df461fe661a6f710ba75eaae01a6
Instruction Fuzzy Hash: 184128B2A08B9589FB02CFA8D8813AC77B0FB94B88F548029DB4D5779ADF7C9541C710

Function 00007FF8A7C9BF60 Relevance: 6.1, APIs: 4, Instructions: 84timeCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32 ref: 00007FF8A7C9BF93
GetSystemTimeAsFileTime.KERNEL32 ref: 00007FF8A7C9BFF9
_errno.MSVCRT ref: 00007FF8A7C9C056
_errno.MSVCRT ref: 00007FF8A7C9C083

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: Time$FileSystem_errno
String ID:
API String ID: 3586254970-0
Opcode ID: 49a1365162b2beb6e2a3ccfb8f5b0d34ed3bda1431d8c2c1350c42e5770df44f
Instruction ID: 8a36f4524a78bebce3a2e485db3e74859eb3d84b896300895fbe153ad5f2fb56
Opcode Fuzzy Hash: 49a1365162b2beb6e2a3ccfb8f5b0d34ed3bda1431d8c2c1350c42e5770df44f
Instruction Fuzzy Hash: 5B31C223B0AA4A97EFA58F35EE4017D6691EB94BD4F589231DD1D477E4EE3CE4009200

Function 00007FF8BFBA2670 Relevance: 6.1, APIs: 4, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2227771240.00007FF8BFBA1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8BFBA0000, based on PE: true

Associated: 0000000B.00000002.2227749170.00007FF8BFBA0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2227797863.00007FF8BFBA8000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2227819325.00007FF8BFBAC000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfba0000_obs-ffmpeg-mux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 199528771ef270659c4c603ab843dedc8cd56cbcb61e71196821b80f414cc4d2
Instruction ID: 128e7d96f72da1ad62b91e2aa13d58dfe5c2f80784d5155ed96248d618aa8cd5
Opcode Fuzzy Hash: 199528771ef270659c4c603ab843dedc8cd56cbcb61e71196821b80f414cc4d2
Instruction Fuzzy Hash: 31313836A09B41CAEB69CF99E940228B7B4FB48FD4B699039DB4D03B54DF38E950C740

Function 00007FF8A7C081C0 Relevance: 6.1, APIs: 4, Instructions: 69COMMON

Download Yara Rule

APIs

_aligned_free.MSVCRT ref: 00007FF8A7C0822F
_aligned_malloc.MSVCRT ref: 00007FF8A7C08249
memset.MSVCRT ref: 00007FF8A7C0825C

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _aligned_free_aligned_mallocmemset
String ID:
API String ID: 881591362-0
Opcode ID: cb9fa4dfdc566d95d76ac6a2519e6b12bbd1fac9c9e4a918d491552342bc60f3
Instruction ID: 8c238d329de5e6f8f65174c0511142bbe3d7b9f85992c7f2eeb58729dd8fbe88
Opcode Fuzzy Hash: cb9fa4dfdc566d95d76ac6a2519e6b12bbd1fac9c9e4a918d491552342bc60f3
Instruction Fuzzy Hash: CD218BA2B0AB4195FB525F65FA4036C73E1EB58BD4F488130CE5D23B95EE7C9586A300

Function 00007FF8A7C9B1F0 Relevance: 6.1, APIs: 4, Instructions: 69synchronizationCOMMON

Download Yara Rule

APIs

GetHandleInformation.KERNEL32 ref: 00007FF8A7C9B221

Part of subcall function 00007FF8A7C99840: TlsGetValue.KERNEL32 ref: 00007FF8A7C9985D

WaitForSingleObject.KERNEL32 ref: 00007FF8A7C9B27E
CloseHandle.KERNEL32(?,?,?,-00000028,?,00007FF8A7C217F6), ref: 00007FF8A7C9B290
CloseHandle.KERNEL32(?,?,?,-00000028,?,00007FF8A7C217F6), ref: 00007FF8A7C9B29C

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: Handle$Close$InformationObjectSingleValueWait
String ID:
API String ID: 3336430066-0
Opcode ID: 549c524895db14aa5244f77738d71316e65da89358fac4c80a16bd5f07bf5018
Instruction ID: 7e980a150239bb34452773316254b3da70088bc522f59bbc26bc76cca17e4601
Opcode Fuzzy Hash: 549c524895db14aa5244f77738d71316e65da89358fac4c80a16bd5f07bf5018
Instruction Fuzzy Hash: C9210A22B1AE82A1FB919F51D4496FE6394EF84BE0F484A35DE2D462D2DE2CD841E344

Function 00007FF8A7C12150 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 69stringCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 00007FF8A7C12184

Part of subcall function 00007FF8A7BE5DA0: strlen.MSVCRT ref: 00007FF8A7BE5DF3

strlen.MSVCRT ref: 00007FF8A7C121AC
strcmp.MSVCRT ref: 00007FF8A7C121FC

Part of subcall function 00007FF8A7BE66B0: strlen.MSVCRT ref: 00007FF8A7BE66D8
Part of subcall function 00007FF8A7BE66B0: strchr.MSVCRT ref: 00007FF8A7BE670F

Strings

yuv420p, xrefs: 00007FF8A7C121DA

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: strlen$strchrstrcmp
String ID: yuv420p
API String ID: 3490844034-503634524
Opcode ID: 633ea0c1e1550fd14e7121fbcdf51e94ec169c277e73b1c36fc1efad037321a4
Instruction ID: 4c71baffa9ed4eb5e31037745083341499aa6ceaecf438c4f2b82f96bb9ea063
Opcode Fuzzy Hash: 633ea0c1e1550fd14e7121fbcdf51e94ec169c277e73b1c36fc1efad037321a4
Instruction Fuzzy Hash: 3421F195F1E58270FF358E20A41137D6790EF42BE4F844272DA1E066D1EF6CE685E305

Function 00007FF8BFBA5E70 Relevance: 6.1, APIs: 4, Instructions: 61COMMON

Download Yara Rule

APIs

_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00007FF8BFBA1B64,?,?,?,?,?,00000002,00000000,00007FF8BFBA4983), ref: 00007FF8BFBA5F1E

Memory Dump Source

Source File: 0000000B.00000002.2227771240.00007FF8BFBA1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8BFBA0000, based on PE: true

Associated: 0000000B.00000002.2227749170.00007FF8BFBA0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2227797863.00007FF8BFBA8000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2227819325.00007FF8BFBAC000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfba0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _errno
String ID:
API String ID: 2918714741-0
Opcode ID: 96d3de31802f6f9abf018a6055aabe2c4eb702216a45d5bc26d38f291c6951f2
Instruction ID: dcaffe2a5763d4336a5dffa5c7d49316443f909f5c2fecc951f66587484f3919
Opcode Fuzzy Hash: 96d3de31802f6f9abf018a6055aabe2c4eb702216a45d5bc26d38f291c6951f2
Instruction Fuzzy Hash: 90217F32A18B4282F764DFA9E44092A77A1FB847D0F549131EB5D43BD4EF3DE9158B00

Function 00007FF8A7BF05F0 Relevance: 6.1, APIs: 4, Instructions: 57COMMON

Download Yara Rule

APIs

_aligned_free.MSVCRT ref: 00007FF8A7BF0678
_aligned_free.MSVCRT ref: 00007FF8A7BF0682
_aligned_free.MSVCRT ref: 00007FF8A7BF068C
_aligned_free.MSVCRT ref: 00007FF8A7BF0697

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _aligned_free
String ID:
API String ID: 2229574080-0
Opcode ID: d8a117b9735c8cceecb487bba0c084549c0ddfc89fe5e4f491a561c101f37a0f
Instruction ID: 918c8528e8e282531c652f5b9e1c03c67f5c12eac8c674df3ed8dd041568ffa3
Opcode Fuzzy Hash: d8a117b9735c8cceecb487bba0c084549c0ddfc89fe5e4f491a561c101f37a0f
Instruction Fuzzy Hash: 6711C422B0762262EF5AAF09944DA6E129AEF88BD1F010539DE4D46392DF7CDC42D3C0

Function 00007FF8BFBA58A0 Relevance: 6.1, APIs: 4, Instructions: 55COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8BFBA58C5

Part of subcall function 00007FF8BFBA3E30: TlsSetValue.KERNEL32 ref: 00007FF8BFBA3F19

_endthreadex.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8BFBA5929
_endthreadex.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8BFBA594E

Memory Dump Source

Source File: 0000000B.00000002.2227771240.00007FF8BFBA1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8BFBA0000, based on PE: true

Associated: 0000000B.00000002.2227749170.00007FF8BFBA0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2227797863.00007FF8BFBA8000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2227819325.00007FF8BFBAC000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfba0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _endthreadex$Valuefree
String ID:
API String ID: 1763976194-0
Opcode ID: ad5126445cb35a49f1ec9a11fd8a50259baa29f677a2b30741e53d48839e9ca9
Instruction ID: 47fe2fb70e0e800a139bacb710e58f88cb4ca6981b3823c4b7be705bb9268eb6
Opcode Fuzzy Hash: ad5126445cb35a49f1ec9a11fd8a50259baa29f677a2b30741e53d48839e9ca9
Instruction Fuzzy Hash: F8214F32704B0182DB109F6DE89016D7360FB88BA4B241235DF6E477A5DF3DD999C700

Function 00007FF8BFBA5CF0 Relevance: 6.1, APIs: 4, Instructions: 52sleepCOMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(?,?,?,00007FF8BFBA1BA8,?,?,?,?,?,00000002,00000000,00007FF8BFBA4983), ref: 00007FF8BFBA5D3C

Part of subcall function 00007FF8BFBA2F10: SetEvent.KERNEL32(?,?,?,?,?,?,?,?,00000018,00007FF8BFBA25B8), ref: 00007FF8BFBA2FFF

_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00007FF8BFBA1BA8,?,?,?,?,?,00000002,00000000,00007FF8BFBA4983), ref: 00007FF8BFBA5D54
Sleep.KERNEL32(?,?,?,00007FF8BFBA1BA8,?,?,?,?,?,00000002,00000000,00007FF8BFBA4983), ref: 00007FF8BFBA5D92
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF8BFBA1BA8,?,?,?,?,?,00000002,00000000,00007FF8BFBA4983), ref: 00007FF8BFBA5DA9

Memory Dump Source

Source File: 0000000B.00000002.2227771240.00007FF8BFBA1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8BFBA0000, based on PE: true

Associated: 0000000B.00000002.2227749170.00007FF8BFBA0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2227797863.00007FF8BFBA8000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000B.00000002.2227819325.00007FF8BFBAC000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfba0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: CloseEventHandleSleep_errnofree
String ID:
API String ID: 1909294951-0
Opcode ID: fb46983425866d5872816068a530570fbf95f67e655fb18db1a897369a563da2
Instruction ID: d21a5c8f228c48364a8c8cd8348019edf7b7281a8ac5ca6738877d04efaca657
Opcode Fuzzy Hash: fb46983425866d5872816068a530570fbf95f67e655fb18db1a897369a563da2
Instruction Fuzzy Hash: B3115C31A08A4382EA249FA9E454A7E73A0EF44790F545431DBAE46EE1DF3CE945CB00

Function 00007FF8BFB84710 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 116COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF8BFB86710: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF8BFB8239E), ref: 00007FF8BFB8671E

_CreateFrameInfo.LIBVCRUNTIME ref: 00007FF8BFB847E6
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8BFB84844

Strings

csm, xrefs: 00007FF8BFB848EA

Memory Dump Source

Source File: 0000000B.00000002.2227563165.00007FF8BFB81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB80000, based on PE: true

Associated: 0000000B.00000002.2227543809.00007FF8BFB80000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227588075.00007FF8BFB91000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227703058.00007FF8BFB96000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227726183.00007FF8BFB97000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb80000_obs-ffmpeg-mux.jbxd

Similarity

API ID: abort$CreateFrameInfo
String ID: csm
API String ID: 2697087660-1018135373
Opcode ID: f6943bea1c78c8542bb5a279c29cdd6a6ec40214996e776607272464948ef889
Instruction ID: 7bc1cc7452f4d0ac5b83cb7f27a53b20af2dd90039f4fd886a53c17caf4633ad
Opcode Fuzzy Hash: f6943bea1c78c8542bb5a279c29cdd6a6ec40214996e776607272464948ef889
Instruction Fuzzy Hash: 83514A36A1978186E620AF69E44026E77A5FBC9BD0F140539EF8D07B56CF3CE461CB40

Function 00007FF8BFB89BAC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 68COMMON

Download Yara Rule

APIs

DName::operator+.LIBVCRUNTIME ref: 00007FF8BFB89CAA

Strings

void , xrefs: 00007FF8BFB89C34
void, xrefs: 00007FF8BFB89C0C

Memory Dump Source

Source File: 0000000B.00000002.2227563165.00007FF8BFB81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB80000, based on PE: true

Associated: 0000000B.00000002.2227543809.00007FF8BFB80000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227588075.00007FF8BFB91000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227703058.00007FF8BFB96000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227726183.00007FF8BFB97000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb80000_obs-ffmpeg-mux.jbxd

Similarity

API ID: Name::operator+
String ID: void$void
API String ID: 2943138195-3746155364
Opcode ID: ff67bb32e799e4a453516f5f2b265aba841f0c9d9f12838b8a28f15594d75a10
Instruction ID: b0e7cd1ab735b557ffa57511cdee4b5ddc9ad0fff4eb27122e2218c427f3eeb7
Opcode Fuzzy Hash: ff67bb32e799e4a453516f5f2b265aba841f0c9d9f12838b8a28f15594d75a10
Instruction Fuzzy Hash: 38310862E18B5998FB11DBA8D8410FC37B4BB88788F44413AEF4E62B5ADF389144C750

Function 00007FF8A7C8D8E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON

Download Yara Rule

APIs

_errno.MSVCRT ref: 00007FF8A7C8D960
_errno.MSVCRT ref: 00007FF8A7C8D9C0

Strings

log, xrefs: 00007FF8A7C8D97C, 00007FF8A7C8D9DC

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _errno
String ID: log
API String ID: 2918714741-2403297477
Opcode ID: fa12abfb3e14b30e677fb45da5cfe9a9bbeb6b1c1569a3c707cd0e3862981db9
Instruction ID: b96d686de30370feafab82f175e796105f87366443859c2d8ab9d9fc7b5ac706
Opcode Fuzzy Hash: fa12abfb3e14b30e677fb45da5cfe9a9bbeb6b1c1569a3c707cd0e3862981db9
Instruction Fuzzy Hash: 8C212422D1EE86D2F7029F24A41037F6765FFD5384F10A334E68D15599DF2DE091AB00

Function 00007FF8A7C8D4E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON

Download Yara Rule

APIs

_errno.MSVCRT ref: 00007FF8A7C8D55C

Strings

cos, xrefs: 00007FF8A7C8D56A, 00007FF8A7C8D5BC

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _errno
String ID: cos
API String ID: 2918714741-2662988677
Opcode ID: 903857df638d29162f1127ec14efd8d82056fcd9a594b0710213474096d9e04a
Instruction ID: 9a33d20b95d1818bbc3beb8c7f7ec42331bb80aa2455d1229e101f220481392a
Opcode Fuzzy Hash: 903857df638d29162f1127ec14efd8d82056fcd9a594b0710213474096d9e04a
Instruction Fuzzy Hash: A6210E62D1EF8982FB025F38A40027E6760EFD5348F24A335FA991559ADF3DE0D19704

Function 00007FF8A7C8E120 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON

Download Yara Rule

APIs

_errno.MSVCRT ref: 00007FF8A7C8E19C

Strings

sin, xrefs: 00007FF8A7C8E1AA, 00007FF8A7C8E1FC

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _errno
String ID: sin
API String ID: 2918714741-3083047850
Opcode ID: 1712686245d460706722795bac48a202a04de283def8482a719af71ef36c7ef1
Instruction ID: 4b9051529025ea4a7aada5c8046de229e65e96325f0df4c10c8f43f2e7761ee8
Opcode Fuzzy Hash: 1712686245d460706722795bac48a202a04de283def8482a719af71ef36c7ef1
Instruction Fuzzy Hash: BD210162D0EB8692FB025F34A41027F6720FFD1384F14A334FA9A2559ADF2DE5D1AB04

Function 00007FF8BFB62EC0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON

Download Yara Rule

APIs

_errno.MSVCRT ref: 00007FF8BFB62F3C

Strings

cos, xrefs: 00007FF8BFB62F4A, 00007FF8BFB62F9C

Memory Dump Source

Source File: 0000000B.00000002.2227411362.00007FF8BFB51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BFB50000, based on PE: true

Associated: 0000000B.00000002.2227392651.00007FF8BFB50000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227439652.00007FF8BFB69000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227461251.00007FF8BFB72000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227482039.00007FF8BFB73000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227501419.00007FF8BFB76000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227522561.00007FF8BFB77000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb50000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _errno
String ID: cos
API String ID: 2918714741-2662988677
Opcode ID: 3dedc7b003d8cb5d8982c9379cb08930f2b1518781c78ce34f340fed2c860ab8
Instruction ID: 7e227b67f3c167654f82b1fef40e5344e609ae8ff1b8edc2889cbfd83c9fd78a
Opcode Fuzzy Hash: 3dedc7b003d8cb5d8982c9379cb08930f2b1518781c78ce34f340fed2c860ab8
Instruction Fuzzy Hash: FC21F522D0DA8652FB025F78A44117BB321FFD5344F189235FB8D1569ADF6DE0D08604

Function 00007FF8A7BEFFF0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 59stringCOMMON

Download Yara Rule

APIs

strftime.MSVCRT ref: 00007FF8A7BF0061

Strings

.%06dZ, xrefs: 00007FF8A7BF0092
%Y-%m-%dT%H:%M:%S, xrefs: 00007FF8A7BF0057

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: strftime
String ID: %Y-%m-%dT%H:%M:%S$.%06dZ
API String ID: 1100141660-930656424
Opcode ID: 6197a247b2b8d8ceb3bdce396f44f74d54b797a4093b4ad4865344da7c3ecd53
Instruction ID: 6bb5afa4c074605e61cfb095c2f6b01e3d8c0c22afe46b473aeba7362cf2b7cf
Opcode Fuzzy Hash: 6197a247b2b8d8ceb3bdce396f44f74d54b797a4093b4ad4865344da7c3ecd53
Instruction Fuzzy Hash: 031125A270A64264EB608F227C009EA5611EB49BF4F885332ED7D5B7D5EE3CE042E240

Function 00007FF8BFB8604F Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF8BFB863F0: RtlPcToFileHeader.KERNEL32 ref: 00007FF8BFB86434
Part of subcall function 00007FF8BFB863F0: RaiseException.KERNEL32 ref: 00007FF8BFB8647A

RtlPcToFileHeader.KERNEL32 ref: 00007FF8BFB860BF

Strings

Bad dynamic_cast!, xrefs: 00007FF8BFB86072
Access violation - no RTTI data!, xrefs: 00007FF8BFB8604F

Memory Dump Source

Source File: 0000000B.00000002.2227563165.00007FF8BFB81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB80000, based on PE: true

Associated: 0000000B.00000002.2227543809.00007FF8BFB80000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227588075.00007FF8BFB91000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227703058.00007FF8BFB96000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227726183.00007FF8BFB97000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb80000_obs-ffmpeg-mux.jbxd

Similarity

API ID: FileHeader$ExceptionRaise
String ID: Access violation - no RTTI data!$Bad dynamic_cast!
API String ID: 3685223789-3176238549
Opcode ID: d06b4d24d7aa4607bffac334420f89fbd77c373aef9fdd9199db5b082a62258c
Instruction ID: 29dc32ae02688151da9f3e6a561be090f9ab8d7562356f82436813cc840d8be2
Opcode Fuzzy Hash: d06b4d24d7aa4607bffac334420f89fbd77c373aef9fdd9199db5b082a62258c
Instruction Fuzzy Hash: 73017161A29A4691EF409B9CE8915786361FFD07D4F40A431E74E076A7EF6CD905C700

Function 00007FF8BFB63940 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON

Download Yara Rule

APIs

av_channel_layout_describe.AVUTIL-58 ref: 00007FF8BFB63999
av_log.AVUTIL-58 ref: 00007FF8BFB639B0

Strings

Treating %s as mono, xrefs: 00007FF8BFB639A9

Memory Dump Source

Source File: 0000000B.00000002.2227411362.00007FF8BFB51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BFB50000, based on PE: true

Associated: 0000000B.00000002.2227392651.00007FF8BFB50000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227439652.00007FF8BFB69000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227461251.00007FF8BFB72000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227482039.00007FF8BFB73000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227501419.00007FF8BFB76000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000B.00000002.2227522561.00007FF8BFB77000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb50000_obs-ffmpeg-mux.jbxd

Similarity

API ID: av_channel_layout_describeav_log
String ID: Treating %s as mono
API String ID: 2946648090-2429896034
Opcode ID: 25249c404e77cebffcfa5134640f119eef46f531f346a7abaed1bc42c180491e
Instruction ID: 0301a9c1b45cf4b6ca23f2d46893d14ceee507ddc4e2c5b2ef116dfc78e0445b
Opcode Fuzzy Hash: 25249c404e77cebffcfa5134640f119eef46f531f346a7abaed1bc42c180491e
Instruction Fuzzy Hash: 3101F46270864560FB51C646F80876BB244B7467C8F848031DE888B381DE3ED08EC700

Function 00007FF8BFB863F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMON

Download Yara Rule

APIs

RtlPcToFileHeader.KERNEL32 ref: 00007FF8BFB86434
RaiseException.KERNEL32 ref: 00007FF8BFB8647A

Strings

csm, xrefs: 00007FF8BFB86467

Memory Dump Source

Source File: 0000000B.00000002.2227563165.00007FF8BFB81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB80000, based on PE: true

Associated: 0000000B.00000002.2227543809.00007FF8BFB80000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227588075.00007FF8BFB91000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227703058.00007FF8BFB96000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227726183.00007FF8BFB97000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb80000_obs-ffmpeg-mux.jbxd

Similarity

API ID: ExceptionFileHeaderRaise
String ID: csm
API String ID: 2573137834-1018135373
Opcode ID: 04e89f2c23f7d49b97199698fdfbf86ccf7878464e1c577e170b006b6ea557c8
Instruction ID: 9607bbd2befaff7524da891084c84affe2e732df437acba98c10ac629ad90ad7
Opcode Fuzzy Hash: 04e89f2c23f7d49b97199698fdfbf86ccf7878464e1c577e170b006b6ea557c8
Instruction Fuzzy Hash: AC111F32618B8182EB518F59F44026977A5FB88BD4F588235DF8D07759DF3DD951C700

Function 00007FF8A7C07870 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41COMMON

Download Yara Rule

APIs

_aligned_malloc.MSVCRT ref: 00007FF8A7C07898

Strings

Microsoft Primitive Provider, xrefs: 00007FF8A7C07872

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: _aligned_malloc
String ID: Microsoft Primitive Provider
API String ID: 175129771-4132848957
Opcode ID: 61d24a781ba67f0d1d7f4682cf0f95fd41d5d8f035c987dadc3b785e5cf7c726
Instruction ID: f46a854dad08aa1adb94040fcb688bcc8dc3f82a8f2c054e60a2545710a5b1cc
Opcode Fuzzy Hash: 61d24a781ba67f0d1d7f4682cf0f95fd41d5d8f035c987dadc3b785e5cf7c726
Instruction Fuzzy Hash: 16F0BE51F0B52620FF999B833801AB842919F48BD6D484A35DE1C6B781EC3CA882E784

Function 00007FF8A7BEDDB0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 20COMMON

Download Yara Rule

APIs

abort.MSVCRT ref: 00007FF8A7BEDEE3

Strings

src/libavutil/crc.c, xrefs: 00007FF8A7BEDEB8
Assertion %s failed at %s:%d, xrefs: 00007FF8A7BEDECF

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: abort
String ID: Assertion %s failed at %s:%d$src/libavutil/crc.c
API String ID: 4206212132-3600904276
Opcode ID: bba2b5a7149953d7c06390e03a8456bfcd7d5d25b4af83ad1be5f4adfa0ba47c
Instruction ID: 28ccd97c38ca1f84622a83a1db37ac4524a4eb83abc2a1ea1a56d606e57e05e4
Opcode Fuzzy Hash: bba2b5a7149953d7c06390e03a8456bfcd7d5d25b4af83ad1be5f4adfa0ba47c
Instruction Fuzzy Hash: 18E06DB1A0AA46F1EB14AF60F4452FD77A6EF48381F80863AD54C06362DE3CE205D744

Function 00007FF8A7C97F10 Relevance: 5.1, APIs: 4, Instructions: 84COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 00007FF8A7C97F57
LeaveCriticalSection.KERNEL32 ref: 00007FF8A7C97F81

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID:
API String ID: 3168844106-0
Opcode ID: dbaf99fa4423a1f3adf368dfeb11cd1e5322a0253855be351de1d8e7fc337a2b
Instruction ID: a9a539bc5dec55f8fca5e35e51b0d6f68ca2e3087ca4d3504ad4c03cc53c201f
Opcode Fuzzy Hash: dbaf99fa4423a1f3adf368dfeb11cd1e5322a0253855be351de1d8e7fc337a2b
Instruction Fuzzy Hash: D9315E73A06A42D6E7C5CF31D44076E6390FB40BACF589236DE294A388DB38D955D750

Function 00007FF8A7C97DD0 Relevance: 5.1, APIs: 4, Instructions: 81COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 00007FF8A7C97E17
LeaveCriticalSection.KERNEL32 ref: 00007FF8A7C97E3E

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID:
API String ID: 3168844106-0
Opcode ID: 3daa023327df31125aad0ab46ab992fec0b38e9f634fe2131313756e927dbfc2
Instruction ID: 5a2a29f482f8fd933f2132e4eec83bf6824628686040a76fd4a8f9a14c1fa1b4
Opcode Fuzzy Hash: 3daa023327df31125aad0ab46ab992fec0b38e9f634fe2131313756e927dbfc2
Instruction Fuzzy Hash: F7317373A0AA02DEEB95CF35D40426D33A1FB44B98F588635DD2D4A788EF38D845DB50

Function 00007FF8BFB8672C Relevance: 5.1, APIs: 4, Instructions: 53COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,00007FF8BFB865B9,?,?,?,?,00007FF8BFB8FB22,?,?,?,?,?), ref: 00007FF8BFB8674B
SetLastError.KERNEL32(?,?,?,00007FF8BFB865B9,?,?,?,?,00007FF8BFB8FB22,?,?,?,?,?), ref: 00007FF8BFB867D4

Memory Dump Source

Source File: 0000000B.00000002.2227563165.00007FF8BFB81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8BFB80000, based on PE: true

Associated: 0000000B.00000002.2227543809.00007FF8BFB80000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227588075.00007FF8BFB91000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227703058.00007FF8BFB96000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000B.00000002.2227726183.00007FF8BFB97000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8bfb80000_obs-ffmpeg-mux.jbxd

Similarity

API ID: ErrorLast
String ID:
API String ID: 1452528299-0
Opcode ID: c7aaac8a80d8b30c274ca3e3b7c59e83a4e0092024cc1b5b0b7c72c8c7be0031
Instruction ID: cdae89b67f277437b1621790ef23fdbcaa88c32460ce514c05cfa10dd52901b7
Opcode Fuzzy Hash: c7aaac8a80d8b30c274ca3e3b7c59e83a4e0092024cc1b5b0b7c72c8c7be0031
Instruction Fuzzy Hash: AA11E228E0D65682FA5497A9A8641352392AF89BE0F148A3CDF6E077D6DE3CFC51C740

Function 00007FF8A7C97B90 Relevance: 5.1, APIs: 4, Instructions: 52COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,?,?,00007FF8A7C97EA7,?,?,?,?,?,?,?,?,00007FF8A7C21502), ref: 00007FF8A7C97BB6
LeaveCriticalSection.KERNEL32(?,?,00007FF8A7C97EA7,?,?,?,?,?,?,?,?,00007FF8A7C21502), ref: 00007FF8A7C97BDB
EnterCriticalSection.KERNEL32(?,?,00007FF8A7C97EA7,?,?,?,?,?,?,?,?,00007FF8A7C21502), ref: 00007FF8A7C97C0C
LeaveCriticalSection.KERNEL32(?,?,00007FF8A7C97EA7,?,?,?,?,?,?,?,?,00007FF8A7C21502), ref: 00007FF8A7C97C16

Memory Dump Source

Source File: 0000000B.00000002.2227139951.00007FF8A7BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8A7BE0000, based on PE: true

Associated: 0000000B.00000002.2227117686.00007FF8A7BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227212989.00007FF8A7CA5000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227232435.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227295708.00007FF8A7DE3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227317046.00007FF8A7DE8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DE9000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227337015.00007FF8A7DEC000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.2227370845.00007FF8A7DED000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8a7be0000_obs-ffmpeg-mux.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID:
API String ID: 3168844106-0
Opcode ID: 3a1490edba09e3a7becc86b2e09e5672a663190b4e9fac5deeb906d35fe4d6c1
Instruction ID: fc19383e10360a1c55f5a2383730138c014b812af5248aab092162ea22075edf
Opcode Fuzzy Hash: 3a1490edba09e3a7becc86b2e09e5672a663190b4e9fac5deeb906d35fe4d6c1
Instruction Fuzzy Hash: 1001DF22B0AA65A9E765AF23AC00A2E6750FF88FE9F856031DD0D07300CD3CE441A340

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may move onto systems, possibly those on disconnected or air-gapped networks, by copying malware to removable media and taking advantage of Autorun features when the media is inserted into a system and executes. In the case of Lateral Movement, this may occur through modification of executable files stored on removable media or by copying malware and renaming it to look like a legitimate file to trick users into executing it on a separate system. In the case of Initial Access, this may occur through manual manipulation of the media, modification of systems used to initially format the media, or modification to the media's firmware itself.
Tactics:	Initial Access, Lateral Movement
Data Sources:	Drive: Drive Creation, File: File Access, File: File Creation, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may create or modify Windows services to repeatedly execute malicious payloads as part of persistence. When Windows boots up, it starts programs or applications called services that perform background system functions.Windows service configuration information, including the file path to the service's executable or recovery programs/commands, is stored in the Windows Registry.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Driver: Driver Load, File: File Metadata, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Creation, Service: Service Creation, Service: Service Modification, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata, File: File Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to gather information about attached peripheral devices and components connected to a computer system.Peripheral devices could include auxiliary resources that support a variety of functionalities such as keyboards, printers, cameras, smart card readers, or removable storage. The information may be used to enhance their awareness of the system and network environment or may be used for further actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report setup.msi

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

PCAP (Network Traffic)

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Config.Msi\3bb6c0.rbs

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rqmmtlpl.sik.ps1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xztmqe03.qoc.psm1

C:\Users\user\AppData\Local\Temp\msiE6D6.txt

C:\Users\user\AppData\Local\Temp\pssE6E9.ps1

C:\Users\user\AppData\Local\Temp\scrE6D7.ps1

C:\Users\user\AppData\Roaming\Microsoft\Installer\{33A90EB2-6231-4158-A54E-0AB7E99B8DF2}\icon_24.exe

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\BCUninstaller.exe

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\UnRar.exe

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-console-l1-1-0.dll

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-console-l1-2-0.dll

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-datetime-l1-1-0.dll

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-debug-l1-1-0.dll

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-errorhandling-l1-1-0.dll

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-file-l1-1-0.dll

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-file-l1-2-0.dll

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-file-l2-1-0.dll

C:\Users\user\AppData\Roaming\Trindo Coorp Sols\Weisx App\api-ms-win-core-handle-l1-1-0.dll

Windows Analysis Report
setup.msi

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre