Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Setup.msi

Overview

General Information

Sample name:Setup.msi
Analysis ID:1589444
MD5:369f5b71c3c82b0236de3582fd05e537
SHA1:7796a692f3ff9882d8839adf91b0716a8205c67e
SHA256:669cde998d0245ceaad815e30c1ab30d8ad94011e1179b9cbb76b68cd6480429
Tags:LegionLoadermsiRobotDropperstaticmaxepress-comuser-aachum
Infos:

Detection

Score:68
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Suricata IDS alerts for network traffic
AI detected suspicious sample
Bypasses PowerShell execution policy
Potentially malicious time measurement code found
Sigma detected: Script Interpreter Execution From Suspicious Folder
Sigma detected: Suspicious Script Execution From Temp Folder
Binary contains a suspicious time stamp
Checks for available system drives (often done to infect USB drives)
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Deletes files inside the Windows folder
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Launches processes in debugging mode, may be used to hinder debugging
May sleep (evasive loops) to hinder dynamic analysis
PE file contains more sections than normal
PE file contains sections with non-standard names
PE file does not import any functions
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Change PowerShell Policies to an Insecure Level
Sigma detected: Msiexec Initiated Connection
Sigma detected: Suspicious MsiExec Embedding Parent
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara detected AdvancedInstaller

Classification

Process Tree

  • System is w10x64
  • msiexec.exe (PID: 7500 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\Setup.msi" MD5: E5DA170027542E25EDE42FC54C929077)
  • msiexec.exe (PID: 7532 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 7636 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding B9833FF3F976071D408CB51D5EFABA56 MD5: 9D09DC1EDA745A5F87553048E57620CF)
      • powershell.exe (PID: 7832 cmdline: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss512C.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi511A.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr511B.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr511C.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue." MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
        • conhost.exe (PID: 7840 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 8108 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\suriqk.bat" "C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exe"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 8124 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • obs-ffmpeg-mux.exe (PID: 7244 cmdline: "C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exe" MD5: D3CAC4D7B35BACAE314F48C374452D71)
        • conhost.exe (PID: 7224 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • createdump.exe (PID: 8116 cmdline: "C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\createdump.exe" MD5: 71F796B486C7FAF25B9B16233A7CE0CD)
      • conhost.exe (PID: 8132 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_AdvancedInstallerYara detected AdvancedInstallerJoe Security

    Sigma Signatures

    System Summary

    barindex
    Sigma detected: Script Interpreter Execution From Suspicious Folder
    Source: Process startedAuthor: Florian Roth (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss512C.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi511A.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr511B.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr511C.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", CommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss512C.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi511A.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr511B.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr511C.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\syswow64\MsiExec.exe -Embedding B9833FF3F976071D408CB51D5EFABA56, ParentImage: C:\Windows\SysWOW64\msiexec.exe, ParentProcessId: 7636, ParentProcessName: msiexec.exe, ProcessCommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss512C.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi511A.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr511B.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr511C.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", ProcessId: 7832, ProcessName: powershell.exe
    Sigma detected: Suspicious Script Execution From Temp Folder
    Source: Process startedAuthor: Florian Roth (Nextron Systems), Max Altgelt (Nextron Systems), Tim Shelton: Data: Command: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss512C.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi511A.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr511B.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr511C.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", CommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss512C.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi511A.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr511B.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr511C.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\syswow64\MsiExec.exe -Embedding B9833FF3F976071D408CB51D5EFABA56, ParentImage: C:\Windows\SysWOW64\msiexec.exe, ParentProcessId: 7636, ParentProcessName: msiexec.exe, ProcessCommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss512C.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi511A.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr511B.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr511C.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", ProcessId: 7832, ProcessName: powershell.exe
    Sigma detected: Change PowerShell Policies to an Insecure Level
    Source: Process startedAuthor: frack113: Data: Command: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss512C.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi511A.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr511B.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr511C.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", CommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss512C.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi511A.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr511B.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr511C.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\syswow64\MsiExec.exe -Embedding B9833FF3F976071D408CB51D5EFABA56, ParentImage: C:\Windows\SysWOW64\msiexec.exe, ParentProcessId: 7636, ParentProcessName: msiexec.exe, ProcessCommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss512C.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi511A.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr511B.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr511C.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", ProcessId: 7832, ProcessName: powershell.exe
    Sigma detected: Msiexec Initiated Connection
    Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 104.21.34.147, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Windows\SysWOW64\msiexec.exe, Initiated: true, ProcessId: 7636, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49730
    Sigma detected: Suspicious MsiExec Embedding Parent
    Source: Process startedAuthor: frack113: Data: Command: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss512C.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi511A.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr511B.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr511C.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", CommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss512C.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi511A.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr511B.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr511C.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\syswow64\MsiExec.exe -Embedding B9833FF3F976071D408CB51D5EFABA56, ParentImage: C:\Windows\SysWOW64\msiexec.exe, ParentProcessId: 7636, ParentProcessName: msiexec.exe, ProcessCommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss512C.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi511A.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr511B.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr511C.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", ProcessId: 7832, ProcessName: powershell.exe
    Sigma detected: Non Interactive PowerShell Process Spawned
    Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss512C.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi511A.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr511B.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr511C.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", CommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss512C.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi511A.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr511B.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr511C.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\syswow64\MsiExec.exe -Embedding B9833FF3F976071D408CB51D5EFABA56, ParentImage: C:\Windows\SysWOW64\msiexec.exe, ParentProcessId: 7636, ParentProcessName: msiexec.exe, ProcessCommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss512C.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi511A.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr511B.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr511C.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", ProcessId: 7832, ProcessName: powershell.exe

    Suricata Signatures

    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2025-01-12T15:26:26.583291+010028292021A Network Trojan was detected192.168.2.449730104.21.34.147443TCP

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    AI detected suspicious sample
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 88.6% probability
    Source: C:\Windows\System32\msiexec.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DC285C62-6022-4429-B008-80582989EC47}Jump to behavior
    Source: unknownHTTPS traffic detected: 104.21.34.147:443 -> 192.168.2.4:49730 version: TLS 1.2
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\DataUploader.pdb source: Setup.msi, 6a2337.msi.1.dr
    Source: Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\debug\createdump\createdump.pdb source: createdump.exe, 00000007.00000000.1893352050.00007FF7075C8000.00000002.00000001.01000000.00000006.sdmp, createdump.exe, 00000007.00000002.1901361201.00007FF7075C8000.00000002.00000001.01000000.00000006.sdmp
    Source: Binary string: C:\ReleaseAI\win\Release\bin\x86\embeddeduiproxy.pdb= source: Setup.msi, 6a2337.msi.1.dr
    Source: Binary string: C:\ReleaseAI\win\Release\WinUiBootstrapperEui\WinUiBootstrapperEui.pdb)) source: Setup.msi, 6a2337.msi.1.dr
    Source: Binary string: ucrtbase.pdb source: Setup.msi, 6a2337.msi.1.dr
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\PowerShellScriptLauncher.pdbk source: Setup.msi, MSI50A6.tmp.1.dr, 6a2337.msi.1.dr
    Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: api-ms-win-core-sysinfo-l1-1-0.dll.1.dr
    Source: Binary string: Microsoft.Web.WebView2.Core.pdbGCTL source: Setup.msi, 6a2337.msi.1.dr
    Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: api-ms-win-core-processenvironment-l1-1-0.dll.1.dr
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\DataUploader.pdbj source: Setup.msi, 6a2337.msi.1.dr
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\SoftwareDetector.pdbm source: Setup.msi, 6a2337.msi.1.dr
    Source: Binary string: E:\BA\201\s\140_release\vcrt_fwd_x86_release\Release\vcamp140_app.pdb source: Setup.msi, 6a2337.msi.1.dr
    Source: Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: Setup.msi, 6a2337.msi.1.dr
    Source: Binary string: E:\BA\201\s\140_release\vcrt_fwd_x86_release\Release\vccorlib140_app.pdb source: Setup.msi, 6a2337.msi.1.dr
    Source: Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdbGCTL source: Setup.msi, 6a2337.msi.1.dr
    Source: Binary string: C:\ReleaseAI\win\Release\WinUiBootstrapperEui\WinUiBootstrapperEui.pdb source: Setup.msi, 6a2337.msi.1.dr
    Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: api-ms-win-core-localization-l1-2-0.dll.1.dr
    Source: Binary string: C:\ReleaseAI\win\Release\stubs\x86\ExternalUi.pdb source: Setup.msi, 6a2337.msi.1.dr
    Source: Binary string: D:\a\_work\1\s\140_release\vcrt_fwd_x86_release\Release\msvcp140_app.pdb source: Setup.msi, 6a2337.msi.1.dr
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\PowerShellScriptLauncher.pdb source: Setup.msi, MSI50A6.tmp.1.dr, 6a2337.msi.1.dr
    Source: Binary string: E:\BA\201\s\140_release\vcrt_fwd_x86_release\Release\vcomp140_app.pdb source: Setup.msi, 6a2337.msi.1.dr
    Source: Binary string: D:\a\1\s\Win32\Release\Microsoft.Toolkit.Win32.UI.XamlApplication\Microsoft.Toolkit.Win32.UI.XamlHost.pdb!! source: Setup.msi, 6a2337.msi.1.dr
    Source: Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: obs-ffmpeg-mux.exe, 0000000A.00000002.1908610418.00007FFE13231000.00000002.00000001.01000000.0000000D.sdmp
    Source: Binary string: C:\a\_work\1\s\BuildOutput\Release\x86\Microsoft.UI.Xaml\Microsoft.UI.Xaml.pdb source: Setup.msi, 6a2337.msi.1.dr
    Source: Binary string: D:\a\_work\1\s\140_release\vcrt_fwd_x86_release\Release\vcruntime140_app.pdb source: Setup.msi, 6a2337.msi.1.dr
    Source: Binary string: obs-ffmpeg-mux.pdb source: obs-ffmpeg-mux.exe, 0000000A.00000002.1903107554.00007FF63DD95000.00000004.00000001.01000000.00000007.sdmp, obs-ffmpeg-mux.exe, 0000000A.00000000.1899791544.00007FF63DD95000.00000002.00000001.01000000.00000007.sdmp
    Source: Binary string: D:\a\1\s\Win32\Release\Microsoft.Toolkit.Win32.UI.XamlApplication\Microsoft.Toolkit.Win32.UI.XamlHost.pdb source: Setup.msi, 6a2337.msi.1.dr
    Source: Binary string: C:\ReleaseAI\win\Release\bin\x86\embeddeduiproxy.pdb source: Setup.msi, 6a2337.msi.1.dr
    Source: Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\debug\createdump\createdump.pdb;;;GCTL source: createdump.exe, 00000007.00000000.1893352050.00007FF7075C8000.00000002.00000001.01000000.00000006.sdmp, createdump.exe, 00000007.00000002.1901361201.00007FF7075C8000.00000002.00000001.01000000.00000006.sdmp
    Source: Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: Setup.msi, 6a2337.msi.1.dr
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\SoftwareDetector.pdb source: Setup.msi, 6a2337.msi.1.dr
    Source: Binary string: Microsoft.Web.WebView2.Core.pdb source: Setup.msi, 6a2337.msi.1.dr
    Source: Binary string: ucrtbase.pdbUGP source: Setup.msi, 6a2337.msi.1.dr
    Source: Binary string: w32-pthreads.pdb source: obs-ffmpeg-mux.exe, 0000000A.00000002.1908817635.00007FFE1A468000.00000002.00000001.01000000.0000000B.sdmp
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\AICustAct.pdb source: Setup.msi, 6a2337.msi.1.dr
    Source: Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdbGCTL source: Setup.msi, 6a2337.msi.1.dr
    Source: C:\Windows\System32\msiexec.exeFile opened: z:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: x:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: v:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: t:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: r:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: p:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: n:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: l:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: j:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: h:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: f:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: b:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: y:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: w:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: u:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: s:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: q:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: o:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: m:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: k:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: i:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: g:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: e:Jump to behavior
    Source: C:\Windows\System32\cmd.exeFile opened: c:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: a:Jump to behavior
    Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeCode function: 4x nop then push rbx10_2_00007FFDFB9446C0

    Networking

    barindex
    Suricata IDS alerts for network traffic
    Source: Network trafficSuricata IDS: 2829202 - Severity 1 - ETPRO MALWARE MSIL/Zbrain PUP/Stealer Installer UA : 192.168.2.4:49730 -> 104.21.34.147:443
    Source: Joe Sandbox ViewIP Address: 104.21.34.147 104.21.34.147
    Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
    Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: global trafficDNS traffic detected: DNS query: staticmaxepress.com
    Source: unknownHTTP traffic detected: POST /updater2.php HTTP/1.1Content-Type: application/x-www-form-urlencoded; charset=utf-8User-Agent: AdvancedInstallerHost: staticmaxepress.comContent-Length: 71Cache-Control: no-cache
    Source: Setup.msi, 6a2337.msi.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
    Source: Setup.msi, 6a2337.msi.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
    Source: Setup.msi, 6a2337.msi.1.drString found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA.crt0
    Source: powershell.exe, 00000003.00000002.1847271342.0000000002F16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.micro
    Source: powershell.exe, 00000003.00000002.1851435967.00000000074EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.microsoft
    Source: Setup.msi, 6a2337.msi.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
    Source: Setup.msi, 6a2337.msi.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
    Source: Setup.msi, 6a2337.msi.1.drString found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA.crl0E
    Source: Setup.msi, 6a2337.msi.1.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
    Source: Setup.msi, 6a2337.msi.1.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
    Source: Setup.msi, 6a2337.msi.1.drString found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA.crl0K
    Source: Setup.msi, 6a2337.msi.1.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
    Source: obs-ffmpeg-mux.exe, obs-ffmpeg-mux.exe, 0000000A.00000002.1904551730.00007FFDF7D5B000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: http://dashif.org/guidelines/trickmode
    Source: powershell.exe, 00000003.00000002.1850006530.0000000005E2D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
    Source: Setup.msi, 6a2337.msi.1.drString found in binary or memory: http://ocsp.digicert.com0C
    Source: Setup.msi, 6a2337.msi.1.drString found in binary or memory: http://ocsp.digicert.com0K
    Source: Setup.msi, 6a2337.msi.1.drString found in binary or memory: http://ocsp.digicert.com0N
    Source: Setup.msi, 6a2337.msi.1.drString found in binary or memory: http://ocsp.digicert.com0O
    Source: powershell.exe, 00000003.00000002.1847944159.0000000004F16000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
    Source: Setup.msi, 6a2337.msi.1.drString found in binary or memory: http://schemas.micj
    Source: powershell.exe, 00000003.00000002.1847944159.0000000004DC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
    Source: obs-ffmpeg-mux.exe, 0000000A.00000002.1904551730.00007FFDF7D5B000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: http://standards.iso.org/ittf/PubliclyAvailableStandards/MPEG-DASH_schema_files/DASH-MPD.xsd
    Source: powershell.exe, 00000003.00000002.1847944159.0000000004F16000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
    Source: Setup.msi, 6a2337.msi.1.drString found in binary or memory: http://www.digicert.com/CPS0
    Source: obs-ffmpeg-mux.exe, 0000000A.00000002.1906958855.00007FFDF9F30000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.videolan.org/x264.html
    Source: powershell.exe, 00000003.00000002.1847944159.0000000004DC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore6lB
    Source: Setup.msi, 6a2337.msi.1.drString found in binary or memory: https://aka.ms/winui2/webview2download/Reload():
    Source: powershell.exe, 00000003.00000002.1850006530.0000000005E2D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
    Source: powershell.exe, 00000003.00000002.1850006530.0000000005E2D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
    Source: powershell.exe, 00000003.00000002.1850006530.0000000005E2D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
    Source: powershell.exe, 00000003.00000002.1847944159.0000000004F16000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
    Source: powershell.exe, 00000003.00000002.1847944159.0000000005483000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://go.micro
    Source: powershell.exe, 00000003.00000002.1850006530.0000000005E2D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
    Source: Setup.msi, 6a2337.msi.1.drString found in binary or memory: https://staticmaxepress.com/updater2.phpx
    Source: obs-ffmpeg-mux.exe, obs-ffmpeg-mux.exe, 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://streams.videolan.org/upload/
    Source: Setup.msi, 6a2337.msi.1.drString found in binary or memory: https://www.digicert.com/CPS0
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
    Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
    Source: unknownHTTPS traffic detected: 104.21.34.147:443 -> 192.168.2.4:49730 version: TLS 1.2
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\6a2334.msiJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2B90.tmpJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2C2E.tmpJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2C7D.tmpJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2CAD.tmpJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2D3A.tmpJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2D6A.tmpJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2DAA.tmpJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI4B74.tmpJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{DC285C62-6022-4429-B008-80582989EC47}Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI50A5.tmpJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI50A6.tmpJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\6a2337.msiJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\6a2337.msiJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSI2B90.tmpJump to behavior
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeCode function: 10_2_00007FF63DD92A1010_2_00007FF63DD92A10
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeCode function: 10_2_00007FF63DD92EE010_2_00007FF63DD92EE0
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeCode function: 10_2_00007FFDFB8E2BF010_2_00007FFDFB8E2BF0
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeCode function: 10_2_00007FFDFB90CBE010_2_00007FFDFB90CBE0
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeCode function: 10_2_00007FFDFB8F3C0010_2_00007FFDFB8F3C00
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeCode function: 10_2_00007FFDFB8C1C3010_2_00007FFDFB8C1C30
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeCode function: 10_2_00007FFDFB922B8010_2_00007FFDFB922B80
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeCode function: 10_2_00007FFDFB902B6010_2_00007FFDFB902B60
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeCode function: 10_2_00007FFDFB8C3B8710_2_00007FFDFB8C3B87
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeCode function: 10_2_00007FFDFB905B0010_2_00007FFDFB905B00
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeCode function: 10_2_00007FFDFB8F2B4010_2_00007FFDFB8F2B40
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeCode function: 10_2_00007FFDFB8CBA7010_2_00007FFDFB8CBA70
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeCode function: 10_2_00007FFDFB96DAA010_2_00007FFDFB96DAA0
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeCode function: 10_2_00007FFDFB8C9A5010_2_00007FFDFB8C9A50
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeCode function: 10_2_00007FFDFB8C199010_2_00007FFDFB8C1990
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeCode function: 10_2_00007FFDFB8E598010_2_00007FFDFB8E5980
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeCode function: 10_2_00007FFDFB8F09B010_2_00007FFDFB8F09B0
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeCode function: 10_2_00007FFDFB8CD9B010_2_00007FFDFB8CD9B0
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeCode function: 10_2_00007FFDFB8CE9A010_2_00007FFDFB8CE9A0
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeCode function: 10_2_00007FFDFB8C99C010_2_00007FFDFB8C99C0
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeCode function: 10_2_00007FFDFB8F492010_2_00007FFDFB8F4920
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeCode function: 10_2_00007FFDFB8F28B010_2_00007FFDFB8F28B0
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeCode function: 10_2_00007FFDFB8CB8D010_2_00007FFDFB8CB8D0
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeCode function: 10_2_00007FFDFB8CD8D010_2_00007FFDFB8CD8D0
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeCode function: 10_2_00007FFDFB8CD03010_2_00007FFDFB8CD030
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeCode function: 10_2_00007FFDFB8CB03010_2_00007FFDFB8CB030
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeCode function: 10_2_00007FFDFB8CDEF010_2_00007FFDFB8CDEF0
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeCode function: 10_2_00007FFDFB8E2F2010_2_00007FFDFB8E2F20
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeCode function: 10_2_00007FFDFB8C6E7010_2_00007FFDFB8C6E70
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeCode function: 10_2_00007FFDFB8DFDF010_2_00007FFDFB8DFDF0
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeCode function: 10_2_00007FFDFB901E1010_2_00007FFDFB901E10
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeCode function: 10_2_00007FFDFB8CBE2010_2_00007FFDFB8CBE20
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeCode function: 10_2_00007FFDFB8F2D9010_2_00007FFDFB8F2D90
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeCode function: 10_2_00007FFDFB8CCCE010_2_00007FFDFB8CCCE0
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeCode function: 10_2_00007FFDFB8E2D2010_2_00007FFDFB8E2D20
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeCode function: 10_2_00007FFDFB8C9D5010_2_00007FFDFB8C9D50
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeCode function: 10_2_00007FFDFB8E4C8010_2_00007FFDFB8E4C80
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeCode function: 10_2_00007FFDFB902CC010_2_00007FFDFB902CC0
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeCode function: 10_2_00007FFDFB8E33E010_2_00007FFDFB8E33E0
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeCode function: 10_2_00007FFDFB8CB38010_2_00007FFDFB8CB380
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeCode function: 10_2_00007FFDFB8C13A010_2_00007FFDFB8C13A0
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeCode function: 10_2_00007FFDFB8CC2F010_2_00007FFDFB8CC2F0
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeCode function: 10_2_00007FFDFB90433010_2_00007FFDFB904330
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeCode function: 10_2_00007FFDFB90535010_2_00007FFDFB905350
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeCode function: 10_2_00007FFDFB90635010_2_00007FFDFB906350
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeCode function: 10_2_00007FFDFB8C726010_2_00007FFDFB8C7260
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeCode function: 10_2_00007FFDFB8EF2C010_2_00007FFDFB8EF2C0
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeCode function: 10_2_00007FFDFB8CD21010_2_00007FFDFB8CD210
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeCode function: 10_2_00007FFDFB8F116010_2_00007FFDFB8F1160
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeCode function: 10_2_00007FFDFB8CA1B010_2_00007FFDFB8CA1B0
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeCode function: 10_2_00007FFDFB8CC1A010_2_00007FFDFB8CC1A0
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeCode function: 10_2_00007FFDFB8CB15010_2_00007FFDFB8CB150
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeCode function: 10_2_00007FFDFB8F30A010_2_00007FFDFB8F30A0
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeCode function: 10_2_00007FFDFB8E87F010_2_00007FFDFB8E87F0
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeCode function: 10_2_00007FFDFB94484010_2_00007FFDFB944840
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeCode function: 10_2_00007FFDFB8E682010_2_00007FFDFB8E6820
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeCode function: 10_2_00007FFDFB8CE82010_2_00007FFDFB8CE820
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeCode function: 10_2_00007FFDFB8CB79010_2_00007FFDFB8CB790
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeCode function: 10_2_00007FFDFB8CD70010_2_00007FFDFB8CD700
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeCode function: 10_2_00007FFDFB8C173010_2_00007FFDFB8C1730
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeCode function: 10_2_00007FFDFB8CB6A010_2_00007FFDFB8CB6A0
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeCode function: 10_2_00007FFDFB97064010_2_00007FFDFB970640
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeCode function: 10_2_00007FFDFB8EC65010_2_00007FFDFB8EC650
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeCode function: 10_2_00007FFDFB90356010_2_00007FFDFB903560
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeCode function: 10_2_00007FFDFB8E358010_2_00007FFDFB8E3580
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeCode function: 10_2_00007FFDFB8CD5C010_2_00007FFDFB8CD5C0
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeCode function: 10_2_00007FFDFB8CB5C010_2_00007FFDFB8CB5C0
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeCode function: 10_2_00007FFDFB8CA52010_2_00007FFDFB8CA520
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeCode function: 10_2_00007FFDFB8CB46010_2_00007FFDFB8CB460
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeCode function: 10_2_00007FFDFB9044D010_2_00007FFDFB9044D0
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeCode function: 10_2_00007FFDFB8E24D010_2_00007FFDFB8E24D0
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeCode function: 10_2_00007FFDFB8CE4C010_2_00007FFDFB8CE4C0
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeCode function: 10_2_00007FFE1322750810_2_00007FFE13227508
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeCode function: 10_2_00007FFE13254B4A10_2_00007FFE13254B4A
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeCode function: 10_2_00007FFE13253AA710_2_00007FFE13253AA7
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeCode function: 10_2_00007FFE13248DB010_2_00007FFE13248DB0
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeCode function: 10_2_00007FFE132468B010_2_00007FFE132468B0
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeCode function: String function: 00007FFDFB8E56C0 appears 288 times
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeCode function: String function: 00007FFE13252038 appears 32 times
    Source: avcodec-60.dll.1.drStatic PE information: Number of sections : 13 > 10
    Source: avutil-58.dll.1.drStatic PE information: Number of sections : 12 > 10
    Source: swresample-4.dll.1.drStatic PE information: Number of sections : 12 > 10
    Source: swscale-7.dll.1.drStatic PE information: Number of sections : 12 > 10
    Source: zlib.dll.1.drStatic PE information: Number of sections : 12 > 10
    Source: avformat-60.dll.1.drStatic PE information: Number of sections : 12 > 10
    Source: api-ms-win-core-handle-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-string-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-synch-l1-2-0.dll.1.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-sysinfo-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-memory-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-debug-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-environment-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-processthreads-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-heap-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-console-l1-2-0.dll.1.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-console-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-file-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-file-l2-1-0.dll.1.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-file-l1-2-0.dll.1.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-profile-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-libraryloader-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-localization-l1-2-0.dll.1.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-datetime-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-processthreads-l1-1-1.dll.1.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-namedpipe-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-filesystem-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-util-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-errorhandling-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-processenvironment-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-interlocked-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-rtlsupport-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-synch-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-conio-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-timezone-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-convert-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
    Source: Setup.msiBinary or memory string: OriginalFilenameAICustAct.dllF vs Setup.msi
    Source: Setup.msiBinary or memory string: OriginalFilenameSoftwareDetector.dllF vs Setup.msi
    Source: Setup.msiBinary or memory string: OriginalFilenameDataUploader.dllF vs Setup.msi
    Source: Setup.msiBinary or memory string: OriginalFilenamePowerShellScriptLauncher.dllF vs Setup.msi
    Source: Setup.msiBinary or memory string: OriginalFilenameucrtbase.dllj% vs Setup.msi
    Source: Setup.msiBinary or memory string: OriginalFilenamevcruntime140.dllT vs Setup.msi
    Source: Setup.msiBinary or memory string: OriginalFilenamemsvcp140.dllT vs Setup.msi
    Source: Setup.msiBinary or memory string: OriginalFilenameMicrosoft.Web.WebView2.Core.dll vs Setup.msi
    Source: Setup.msiBinary or memory string: OriginalFilenameMicrosoft.UI.Xaml.dllD vs Setup.msi
    Source: Setup.msiBinary or memory string: OriginalFilenameembeddeduiproxy.dllF vs Setup.msi
    Source: classification engineClassification label: mal68.evad.winMSI@17/88@1/1
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\CML58F9.tmpJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8124:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7840:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8132:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7224:120:WilError_03
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\TEMP\~DFAD248EFFE87007DC.TMPJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\suriqk.bat" "C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exe""
    Source: C:\Windows\SysWOW64\msiexec.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TenantRestrictions\PayloadJump to behavior
    Source: obs-ffmpeg-mux.exeString found in binary or memory: #EXT-X-START value isinvalid, it will be ignored
    Source: obs-ffmpeg-mux.exeString found in binary or memory: #EXT-X-START:
    Source: obs-ffmpeg-mux.exeString found in binary or memory: prefer to use #EXT-X-START if it's in playlist instead of live_start_index
    Source: obs-ffmpeg-mux.exeString found in binary or memory: start/stop audio
    Source: obs-ffmpeg-mux.exeString found in binary or memory: start/stop audio
    Source: unknownProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\Setup.msi"
    Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding B9833FF3F976071D408CB51D5EFABA56
    Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss512C.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi511A.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr511B.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr511C.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\suriqk.bat" "C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exe""
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\createdump.exe "C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\createdump.exe"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\createdump.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exe "C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exe"
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding B9833FF3F976071D408CB51D5EFABA56Jump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\suriqk.bat" "C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exe""Jump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\createdump.exe "C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\createdump.exe"Jump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss512C.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi511A.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr511B.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr511C.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."Jump to behavior
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exe "C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exe" Jump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: srpapi.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: textinputframework.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: coremessaging.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: propsys.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: textshaping.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: rstrtmgr.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: ncrypt.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: ntasn1.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.ui.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windowmanagementapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: textinputframework.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: inputhost.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ntmarta.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: twinapi.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: twinapi.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: propsys.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.ui.immersive.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: secur32.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: atlthunk.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: textshaping.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wininet.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iertutil.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: winhttp.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: winnsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: schannel.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mskeyprotect.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ntasn1.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: dpapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: rsaenh.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: gpapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ncrypt.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ncryptsslp.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dllJump to behavior
    Source: C:\Windows\System32\cmd.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\createdump.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\createdump.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\createdump.exeSection loaded: dbgcore.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\createdump.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeSection loaded: obs.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeSection loaded: avcodec-60.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeSection loaded: avutil-58.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeSection loaded: avformat-60.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeSection loaded: w32-pthreads.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeSection loaded: vcruntime140.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeSection loaded: avutil-58.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeSection loaded: swresample-4.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeSection loaded: secur32.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeSection loaded: vcruntime140.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeSection loaded: sspicli.dllJump to behavior
    Source: Window RecorderWindow detected: More than 3 window changes detected
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DC285C62-6022-4429-B008-80582989EC47}Jump to behavior
    Source: Setup.msiStatic file information: File size 60682240 > 1048576
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\DataUploader.pdb source: Setup.msi, 6a2337.msi.1.dr
    Source: Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\debug\createdump\createdump.pdb source: createdump.exe, 00000007.00000000.1893352050.00007FF7075C8000.00000002.00000001.01000000.00000006.sdmp, createdump.exe, 00000007.00000002.1901361201.00007FF7075C8000.00000002.00000001.01000000.00000006.sdmp
    Source: Binary string: C:\ReleaseAI\win\Release\bin\x86\embeddeduiproxy.pdb= source: Setup.msi, 6a2337.msi.1.dr
    Source: Binary string: C:\ReleaseAI\win\Release\WinUiBootstrapperEui\WinUiBootstrapperEui.pdb)) source: Setup.msi, 6a2337.msi.1.dr
    Source: Binary string: ucrtbase.pdb source: Setup.msi, 6a2337.msi.1.dr
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\PowerShellScriptLauncher.pdbk source: Setup.msi, MSI50A6.tmp.1.dr, 6a2337.msi.1.dr
    Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: api-ms-win-core-sysinfo-l1-1-0.dll.1.dr
    Source: Binary string: Microsoft.Web.WebView2.Core.pdbGCTL source: Setup.msi, 6a2337.msi.1.dr
    Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: api-ms-win-core-processenvironment-l1-1-0.dll.1.dr
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\DataUploader.pdbj source: Setup.msi, 6a2337.msi.1.dr
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\SoftwareDetector.pdbm source: Setup.msi, 6a2337.msi.1.dr
    Source: Binary string: E:\BA\201\s\140_release\vcrt_fwd_x86_release\Release\vcamp140_app.pdb source: Setup.msi, 6a2337.msi.1.dr
    Source: Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: Setup.msi, 6a2337.msi.1.dr
    Source: Binary string: E:\BA\201\s\140_release\vcrt_fwd_x86_release\Release\vccorlib140_app.pdb source: Setup.msi, 6a2337.msi.1.dr
    Source: Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdbGCTL source: Setup.msi, 6a2337.msi.1.dr
    Source: Binary string: C:\ReleaseAI\win\Release\WinUiBootstrapperEui\WinUiBootstrapperEui.pdb source: Setup.msi, 6a2337.msi.1.dr
    Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: api-ms-win-core-localization-l1-2-0.dll.1.dr
    Source: Binary string: C:\ReleaseAI\win\Release\stubs\x86\ExternalUi.pdb source: Setup.msi, 6a2337.msi.1.dr
    Source: Binary string: D:\a\_work\1\s\140_release\vcrt_fwd_x86_release\Release\msvcp140_app.pdb source: Setup.msi, 6a2337.msi.1.dr
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\PowerShellScriptLauncher.pdb source: Setup.msi, MSI50A6.tmp.1.dr, 6a2337.msi.1.dr
    Source: Binary string: E:\BA\201\s\140_release\vcrt_fwd_x86_release\Release\vcomp140_app.pdb source: Setup.msi, 6a2337.msi.1.dr
    Source: Binary string: D:\a\1\s\Win32\Release\Microsoft.Toolkit.Win32.UI.XamlApplication\Microsoft.Toolkit.Win32.UI.XamlHost.pdb!! source: Setup.msi, 6a2337.msi.1.dr
    Source: Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: obs-ffmpeg-mux.exe, 0000000A.00000002.1908610418.00007FFE13231000.00000002.00000001.01000000.0000000D.sdmp
    Source: Binary string: C:\a\_work\1\s\BuildOutput\Release\x86\Microsoft.UI.Xaml\Microsoft.UI.Xaml.pdb source: Setup.msi, 6a2337.msi.1.dr
    Source: Binary string: D:\a\_work\1\s\140_release\vcrt_fwd_x86_release\Release\vcruntime140_app.pdb source: Setup.msi, 6a2337.msi.1.dr
    Source: Binary string: obs-ffmpeg-mux.pdb source: obs-ffmpeg-mux.exe, 0000000A.00000002.1903107554.00007FF63DD95000.00000004.00000001.01000000.00000007.sdmp, obs-ffmpeg-mux.exe, 0000000A.00000000.1899791544.00007FF63DD95000.00000002.00000001.01000000.00000007.sdmp
    Source: Binary string: D:\a\1\s\Win32\Release\Microsoft.Toolkit.Win32.UI.XamlApplication\Microsoft.Toolkit.Win32.UI.XamlHost.pdb source: Setup.msi, 6a2337.msi.1.dr
    Source: Binary string: C:\ReleaseAI\win\Release\bin\x86\embeddeduiproxy.pdb source: Setup.msi, 6a2337.msi.1.dr
    Source: Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\debug\createdump\createdump.pdb;;;GCTL source: createdump.exe, 00000007.00000000.1893352050.00007FF7075C8000.00000002.00000001.01000000.00000006.sdmp, createdump.exe, 00000007.00000002.1901361201.00007FF7075C8000.00000002.00000001.01000000.00000006.sdmp
    Source: Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: Setup.msi, 6a2337.msi.1.dr
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\SoftwareDetector.pdb source: Setup.msi, 6a2337.msi.1.dr
    Source: Binary string: Microsoft.Web.WebView2.Core.pdb source: Setup.msi, 6a2337.msi.1.dr
    Source: Binary string: ucrtbase.pdbUGP source: Setup.msi, 6a2337.msi.1.dr
    Source: Binary string: w32-pthreads.pdb source: obs-ffmpeg-mux.exe, 0000000A.00000002.1908817635.00007FFE1A468000.00000002.00000001.01000000.0000000B.sdmp
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\AICustAct.pdb source: Setup.msi, 6a2337.msi.1.dr
    Source: Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdbGCTL source: Setup.msi, 6a2337.msi.1.dr
    Source: api-ms-win-core-synch-l1-2-0.dll.1.drStatic PE information: 0x8A188CB0 [Tue Jun 2 13:31:28 2043 UTC]
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeCode function: 10_2_00007FFDFB8DED32 LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,10_2_00007FFDFB8DED32
    Source: vcruntime140.dll.1.drStatic PE information: section name: _RDATA
    Source: BCUninstaller.exe.1.drStatic PE information: section name: _RDATA
    Source: createdump.exe.1.drStatic PE information: section name: _RDATA
    Source: UnRar.exe.1.drStatic PE information: section name: _RDATA
    Source: avformat-60.dll.1.drStatic PE information: section name: .xdata
    Source: avutil-58.dll.1.drStatic PE information: section name: .xdata
    Source: swresample-4.dll.1.drStatic PE information: section name: .xdata
    Source: swscale-7.dll.1.drStatic PE information: section name: .xdata
    Source: zlib.dll.1.drStatic PE information: section name: .xdata
    Source: avcodec-60.dll.1.drStatic PE information: section name: .rodata
    Source: avcodec-60.dll.1.drStatic PE information: section name: .xdata
    Source: MSI50A6.tmp.1.drStatic PE information: section name: .fptable
    Source: MSI2B90.tmp.1.drStatic PE information: section name: .fptable
    Source: MSI2C2E.tmp.1.drStatic PE information: section name: .fptable
    Source: MSI2C7D.tmp.1.drStatic PE information: section name: .fptable
    Source: MSI2CAD.tmp.1.drStatic PE information: section name: .fptable
    Source: MSI2D3A.tmp.1.drStatic PE information: section name: .fptable
    Source: MSI2D6A.tmp.1.drStatic PE information: section name: .fptable
    Source: MSI2DAA.tmp.1.drStatic PE information: section name: .fptable
    Source: MSI4B74.tmp.1.drStatic PE information: section name: .fptable
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_04B9BD82 push esp; ret 3_2_04B9BD93
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\swscale-7.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI4B74.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\utest.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\createdump.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-file-l2-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\UnRar.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\w32-pthreads.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2C7D.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-string-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-console-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\swresample-4.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2D3A.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\avcodec-60.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\avformat-60.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2D6A.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-util-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-console-l1-2-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\zlib.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-file-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI50A6.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2CAD.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2DAA.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\vcruntime140_1.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\BCUninstaller.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2B90.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\avutil-58.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2C2E.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\msvcp140.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-file-l1-2-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\vcruntime140.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI4B74.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2D3A.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2B90.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2C2E.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI50A6.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2CAD.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2D6A.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2C7D.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2DAA.tmpJump to dropped file
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeCode function: 10_2_00007FFDFB8DB840 FreeLibrary,free,calloc,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,GetModuleHandleW,GetProcAddress,GetProcAddress,LoadLibraryExW,_aligned_free,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,_errno,GetModuleHandleW,GetProcAddress,GetProcAddress,LoadLibraryExA,FreeLibrary,free,wcslen,GetModuleFileNameW,_aligned_free,_aligned_free,_aligned_free,wcscpy,LoadLibraryExW,LoadLibraryExW,_aligned_free,_aligned_free,_aligned_free,_aligned_free,_aligned_free,_aligned_free,_aligned_free,GetSystemDirectoryW,GetSystemDirectoryW,GetSystemDirectoryW,wcscpy,LoadLibraryExW,_aligned_free,_aligned_free,_aligned_free,_aligned_free,10_2_00007FFDFB8DB840
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\cmd.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\cmd.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\System32\cmd.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\System32\cmd.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeCode function: 10_2_00007FFDFB8F2D90 rdtsc 10_2_00007FFDFB8F2D90
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3706Jump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1217Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\swscale-7.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-console-l1-2-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI4B74.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\utest.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\zlib.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-file-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-file-l2-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI50A6.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI2CAD.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\UnRar.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI2DAA.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-string-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI2C7D.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-console-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\vcruntime140_1.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI2D3A.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\BCUninstaller.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI2B90.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI2C2E.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI2D6A.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-util-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\msvcp140.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-file-l1-2-0.dllJump to dropped file
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\createdump.exeAPI coverage: 8.2 %
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7908Thread sleep count: 3706 > 30Jump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7916Thread sleep count: 1217 > 30Jump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7944Thread sleep time: -922337203685477s >= -30000sJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7932Thread sleep time: -922337203685477s >= -30000sJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
    Source: 6a2337.msi.1.drBinary or memory string: HKEY_USERSRegOpenKeyTransactedW::NetUserGetInfo() failed with error: \@invalid string_view positionVMware, Inc.VMware Virtual PlatformVMware7,1VMware20,1innotek GmbHVirtualBoxMicrosoft CorporationVirtual MachineVRTUALACRSYSA M IGetting system informationManufacturer [Model [BIOS [\\?\UNC\\\?\shim_clone%d.%d.%d.%dDllGetVersion[%!]%!ProgramFilesFolderCommonFilesFolderDesktopFolderAllUsersDesktopFolderAppDataFolderFavoritesFolderStartMenuFolderProgramMenuFolderStartupFolderFontsFolderLocalAppDataFolderCommonAppDataFolderProgramFiles64FolderProgramFilesProgramW6432SystemFolderSystem32FolderWindowsFolderWindowsVolumeTempFolderSETUPEXEDIRshfolder.dllSHGetFolderPathWProgramFilesAPPDATAPROGRAMFILES&+
    Source: obs-ffmpeg-mux.exe, 0000000A.00000002.1906958855.00007FFDF9B1A000.00000002.00000001.01000000.00000008.sdmpBinary or memory string: vmncVMware Screen Codec / VMware Video @
    Source: obs-ffmpeg-mux.exe, 0000000A.00000002.1906958855.00007FFDF9A0D000.00000002.00000001.01000000.00000008.sdmpBinary or memory string: VMware Screen Codec / VMware Video
    Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformationJump to behavior

    Anti Debugging

    barindex
    Potentially malicious time measurement code found
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeCode function: 10_2_00007FFDFB8F2D90 Start: 00007FFDFB8F300F End: 00007FFDFB8F2E8510_2_00007FFDFB8F2D90
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeCode function: 10_2_00007FFDFB8F2D90 rdtsc 10_2_00007FFDFB8F2D90
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\createdump.exeCode function: 7_2_00007FF7075C2ECC IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,7_2_00007FF7075C2ECC
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeCode function: 10_2_00007FFDFB8DED32 LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,10_2_00007FFDFB8DED32
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\suriqk.bat" "C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exe""Jump to behavior
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\createdump.exeCode function: 7_2_00007FF7075C3074 SetUnhandledExceptionFilter,7_2_00007FF7075C3074
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\createdump.exeCode function: 7_2_00007FF7075C2ECC IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,7_2_00007FF7075C2ECC
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\createdump.exeCode function: 7_2_00007FF7075C2984 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,7_2_00007FF7075C2984
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeCode function: 10_2_00007FF63DD93E04 SetUnhandledExceptionFilter,10_2_00007FF63DD93E04
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeCode function: 10_2_00007FF63DD93C5C IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,10_2_00007FF63DD93C5C
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeCode function: 10_2_00007FF63DD93774 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,10_2_00007FF63DD93774
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeCode function: 10_2_00007FFE1323004C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,10_2_00007FFE1323004C
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeCode function: 10_2_00007FFE1A466CBC IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,10_2_00007FFE1A466CBC
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeCode function: 10_2_00007FFE1A466710 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,10_2_00007FFE1A466710

    HIPS / PFW / Operating System Protection Evasion

    barindex
    Bypasses PowerShell execution policy
    Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss512C.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi511A.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr511B.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr511C.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."
    Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss512C.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi511A.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr511B.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr511C.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."Jump to behavior
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exe "C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exe" Jump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -noprofile -noninteractive -executionpolicy bypass -file "c:\users\user\appdata\local\temp\pss512c.ps1" -propfile "c:\users\user\appdata\local\temp\msi511a.txt" -scriptfile "c:\users\user\appdata\local\temp\scr511b.ps1" -scriptargsfile "c:\users\user\appdata\local\temp\scr511c.txt" -propsep " :<->: " -linesep " <<:>> " -testprefix "_testvalue."
    Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -noprofile -noninteractive -executionpolicy bypass -file "c:\users\user\appdata\local\temp\pss512c.ps1" -propfile "c:\users\user\appdata\local\temp\msi511a.txt" -scriptfile "c:\users\user\appdata\local\temp\scr511b.ps1" -scriptargsfile "c:\users\user\appdata\local\temp\scr511c.txt" -propsep " :<->: " -linesep " <<:>> " -testprefix "_testvalue."Jump to behavior
    Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformationJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\createdump.exeCode function: 7_2_00007FF7075C2DA0 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,7_2_00007FF7075C2DA0
    Source: C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exeCode function: 10_2_00007FFDFB969720 GetTimeZoneInformation,GetSystemTimeAsFileTime,10_2_00007FFDFB969720

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity Information1
    Scripting    		1
    Replication Through Removable Media    		12
    Command and Scripting Interpreter    		1
    Windows Service    		1
    Windows Service    		21
    Masquerading    		OS Credential Dumping2
    System Time Discovery    		Remote Services1
    Archive Collected Data    		11
    Encrypted Channel    		Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault Accounts1
    Native API    		1
    Scripting    		11
    Process Injection    		1
    Disable or Modify Tools    		LSASS Memory21
    Security Software Discovery    		Remote Desktop ProtocolData from Removable Media2
    Non-Application Layer Protocol    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain Accounts1
    PowerShell    		1
    DLL Side-Loading    		1
    DLL Side-Loading    		21
    Virtualization/Sandbox Evasion    		Security Account Manager1
    Process Discovery    		SMB/Windows Admin SharesData from Network Shared Drive3
    Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
    Process Injection    		NTDS21
    Virtualization/Sandbox Evasion    		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
    Deobfuscate/Decode Files or Information    		LSA Secrets1
    Application Window Discovery    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts3
    Obfuscated Files or Information    		Cached Domain Credentials11
    Peripheral Device Discovery    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
    Timestomp    		DCSync13
    System Information Discovery    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
    DLL Side-Loading    		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
    File Deletion    		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1589444 Sample: Setup.msi Startdate: 12/01/2025 Architecture: WINDOWS Score: 68 49 staticmaxepress.com 2->49 55 Suricata IDS alerts for network traffic 2->55 57 AI detected suspicious sample 2->57 59 Potentially malicious time measurement code found 2->59 61 2 other signatures 2->61 9 msiexec.exe 138 104 2->9         started        12 msiexec.exe 2 2->12         started        signatures3 process4 file5 35 C:\Users\user\AppData\...\obs-ffmpeg-mux.exe, PE32+ 9->35 dropped 37 C:\Windows\Installer\MSI50A6.tmp, PE32 9->37 dropped 39 C:\Windows\Installer\MSI4B74.tmp, PE32 9->39 dropped 41 51 other files (none is malicious) 9->41 dropped 14 msiexec.exe 14 9->14         started        19 cmd.exe 1 9->19         started        21 createdump.exe 1 9->21         started        process6 dnsIp7 51 staticmaxepress.com 104.21.34.147, 443, 49730 CLOUDFLARENETUS United States 14->51 43 C:\Users\user\AppData\Local\...\scr511B.ps1, Unicode 14->43 dropped 45 C:\Users\user\AppData\Local\...\pss512C.ps1, Unicode 14->45 dropped 47 C:\Users\user\AppData\Local\...\msi511A.txt, Unicode 14->47 dropped 53 Bypasses PowerShell execution policy 14->53 23 powershell.exe 17 14->23         started        25 obs-ffmpeg-mux.exe 1 19->25         started        27 conhost.exe 19->27         started        29 conhost.exe 21->29         started        file8 signatures9 process10 process11 31 conhost.exe 23->31         started        33 conhost.exe 25->33         started       

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    Setup.msi7%VirustotalBrowse
    Setup.msi5%ReversingLabs

    Dropped Files

    SourceDetectionScannerLabelLink
    C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\BCUninstaller.exe0%ReversingLabs
    C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\UnRar.exe0%ReversingLabs
    C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-console-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-console-l1-2-0.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-datetime-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-debug-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-errorhandling-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-file-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-file-l1-2-0.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-file-l2-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-handle-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-heap-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-interlocked-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-libraryloader-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-localization-l1-2-0.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-memory-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-namedpipe-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-processenvironment-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-processthreads-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-processthreads-l1-1-1.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-profile-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-rtlsupport-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-string-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-synch-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-synch-l1-2-0.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-sysinfo-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-timezone-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-util-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-crt-conio-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-crt-convert-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-crt-environment-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-crt-filesystem-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\avcodec-60.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\avformat-60.dll3%ReversingLabs
    C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\avutil-58.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\createdump.exe0%ReversingLabs
    C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\msvcp140.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exe0%ReversingLabs
    C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\swresample-4.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\swscale-7.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\utest.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\vcruntime140.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\vcruntime140_1.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\w32-pthreads.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\zlib.dll0%ReversingLabs
    C:\Windows\Installer\MSI2B90.tmp0%ReversingLabs
    C:\Windows\Installer\MSI2C2E.tmp0%ReversingLabs
    C:\Windows\Installer\MSI2C7D.tmp0%ReversingLabs
    C:\Windows\Installer\MSI2CAD.tmp0%ReversingLabs
    C:\Windows\Installer\MSI2D3A.tmp0%ReversingLabs
    C:\Windows\Installer\MSI2D6A.tmp0%ReversingLabs
    C:\Windows\Installer\MSI2DAA.tmp0%ReversingLabs
    C:\Windows\Installer\MSI4B74.tmp0%ReversingLabs
    C:\Windows\Installer\MSI50A6.tmp0%ReversingLabs

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    SourceDetectionScannerLabelLink
    https://staticmaxepress.com/updater2.php0%Avira URL Cloudsafe
    https://staticmaxepress.com/updater2.phpx0%Avira URL Cloudsafe

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    staticmaxepress.com
    		104.21.34.147
    		truetrue
      		unknown

      Contacted URLs

      NameMaliciousAntivirus DetectionReputation
      https://staticmaxepress.com/updater2.phptrue
      • Avira URL Cloud: safe
      		unknown

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      http://nuget.org/NuGet.exepowershell.exe, 00000003.00000002.1850006530.0000000005E2D000.00000004.00000800.00020000.00000000.sdmpfalse
        		high
        http://crl.micropowershell.exe, 00000003.00000002.1847271342.0000000002F16000.00000004.00000020.00020000.00000000.sdmpfalse
          		high
          http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000003.00000002.1847944159.0000000004F16000.00000004.00000800.00020000.00000000.sdmpfalse
            		high
            https://streams.videolan.org/upload/obs-ffmpeg-mux.exe, obs-ffmpeg-mux.exe, 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpfalse
              		high
              https://aka.ms/pscore6lBpowershell.exe, 00000003.00000002.1847944159.0000000004DC1000.00000004.00000800.00020000.00000000.sdmpfalse
                		high
                http://crl.microsoftpowershell.exe, 00000003.00000002.1851435967.00000000074EA000.00000004.00000020.00020000.00000000.sdmpfalse
                  		high
                  http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000003.00000002.1847944159.0000000004F16000.00000004.00000800.00020000.00000000.sdmpfalse
                    		high
                    https://go.micropowershell.exe, 00000003.00000002.1847944159.0000000005483000.00000004.00000800.00020000.00000000.sdmpfalse
                      		high
                      http://www.videolan.org/x264.htmlobs-ffmpeg-mux.exe, 0000000A.00000002.1906958855.00007FFDF9F30000.00000002.00000001.01000000.00000008.sdmpfalse
                        		high
                        https://contoso.com/powershell.exe, 00000003.00000002.1850006530.0000000005E2D000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          https://nuget.org/nuget.exepowershell.exe, 00000003.00000002.1850006530.0000000005E2D000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            https://contoso.com/Licensepowershell.exe, 00000003.00000002.1850006530.0000000005E2D000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              http://dashif.org/guidelines/trickmodeobs-ffmpeg-mux.exe, obs-ffmpeg-mux.exe, 0000000A.00000002.1904551730.00007FFDF7D5B000.00000002.00000001.01000000.0000000A.sdmpfalse
                                		high
                                https://contoso.com/Iconpowershell.exe, 00000003.00000002.1850006530.0000000005E2D000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://schemas.micjSetup.msi, 6a2337.msi.1.drfalse
                                    		high
                                    http://standards.iso.org/ittf/PubliclyAvailableStandards/MPEG-DASH_schema_files/DASH-MPD.xsdobs-ffmpeg-mux.exe, 0000000A.00000002.1904551730.00007FFDF7D5B000.00000002.00000001.01000000.0000000A.sdmpfalse
                                      		high
                                      https://aka.ms/winui2/webview2download/Reload():Setup.msi, 6a2337.msi.1.drfalse
                                        		high
                                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000003.00000002.1847944159.0000000004DC1000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          https://github.com/Pester/Pesterpowershell.exe, 00000003.00000002.1847944159.0000000004F16000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            https://staticmaxepress.com/updater2.phpxSetup.msi, 6a2337.msi.1.drfalse
                                            • Avira URL Cloud: safe
                                            		unknown

                                            World Map of Contacted IPs

                                            • No. of IPs < 25%
                                            • 25% < No. of IPs < 50%
                                            • 50% < No. of IPs < 75%
                                            • 75% < No. of IPs

                                            Public IPs

                                            IPDomainCountryFlagASNASN NameMalicious
                                            104.21.34.147
                                            		staticmaxepress.comUnited States
                                            		13335CLOUDFLARENETUStrue

                                            General Information

                                            Joe Sandbox version:42.0.0 Malachite
                                            Analysis ID:1589444
                                            Start date and time:2025-01-12 15:25:19 +01:00
                                            Joe Sandbox product:CloudBasic
                                            Overall analysis duration:0h 7m 44s
                                            Hypervisor based Inspection enabled:false
                                            Report type:full
                                            Cookbook file name:default.jbs
                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                            Number of analysed new started processes analysed:15
                                            Number of new started drivers analysed:0
                                            Number of existing processes analysed:0
                                            Number of existing drivers analysed:0
                                            Number of injected processes analysed:0
                                            Technologies:
                                            • HCA enabled
                                            • EGA enabled
                                            • AMSI enabled
                                            Analysis Mode:default
                                            Analysis stop reason:Timeout
                                            Sample name:Setup.msi
                                            Detection:MAL
                                            Classification:mal68.evad.winMSI@17/88@1/1
                                            EGA Information:
                                            • Successful, ratio: 33.3%
                                            HCA Information:
                                            • Successful, ratio: 100%
                                            • Number of executed functions: 14
                                            • Number of non-executed functions: 274
                                            Cookbook Comments:
                                            • Found application associated with file extension: .msi

                                            Warnings

                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                            • Excluded IPs from analysis (whitelisted): 20.12.23.50, 13.107.246.45
                                            • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                            • Execution Graph export aborted for target obs-ffmpeg-mux.exe, PID 7244 because there are no executed function
                                            • Execution Graph export aborted for target powershell.exe, PID 7832 because it is empty
                                            • Not all processes where analyzed, report is missing behavior information
                                            • Report size exceeded maximum capacity and may have missing disassembly code.

                                            Simulations

                                            Behavior and APIs

                                            TimeTypeDescription
                                            09:26:27API Interceptor5x Sleep call for process: powershell.exe modified

                                            Joe Sandbox View / Context

                                            IPs

                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                            104.21.34.147https://www.google.fr/url?q=38pQvvq6xRyj7Y00xDjnlx9kIHOSozurMOiaAkImPuQJnOIWtJjqJLi6stjtDz3yh&rct=tTPSrMOiaAkImPuQJnOIWtJjqJLi6stjtFX08pQvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp%2Fcasaderestauraciononline.com%2Fholy%2Findexsyn1.html%23cmltYS5hbWV1ckBjYXRhbGluYW1hcmtldGluZy5mcg==Get hashmaliciousHTMLPhisherBrowse
                                              https://www.google.fr/url?q=38pQvvq6xRyj7Y00xDjnlx9kIHOSozurMOiaAkImPuQJnOIWtJjqJLi6stjtDz3yh&rct=tTPSrMOiaAkImPuQJnOIWtJjqJLi6stjtFX08pQvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp%2F%63%61%73%61%64%65%72%65%73%74%61%75%72%61%63%69%6F%6E%6F%6E%6C%69%6E%65%2E%63%6F%6D%2F%68%6F%6C%79%2F%69%6E%64%65%78%73%79%6E%31%2E%68%74%6D%6C%23c2FyYWhsQGNkYXRhLmNvbQ==Get hashmaliciousUnknownBrowse
                                                https://futurehvacindia.com/HmF/zJqRTbTA3E8NkEdNG3XSYYpT2CPHqoF9DTsq4XxUrAiFitNdJPZxAsKByKFHL2Bbj7EGed34VRP3gvaoT2ErdEZV8ZcoXh7qUKmkmsJiezE9HjtrHmhzSvnLEPpvK6Khe5ctQxfCrvAgAVcoyVijtRGet hashmaliciousHTMLPhisherBrowse
                                                  https://staemcomrnunitly.ru/Get hashmaliciousUnknownBrowse
                                                    https://staemcomrnunitly.ru/Get hashmaliciousUnknownBrowse

                                                      Domains

                                                      No context

                                                      ASNs

                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      CLOUDFLARENETUSSet-up.exeGet hashmaliciousLummaCBrowse
                                                      • 172.67.139.144
                                                      PDF-523.msiGet hashmaliciousAteraAgentBrowse
                                                      • 104.18.18.106
                                                      E6wUHnV51P.exeGet hashmaliciousDCRatBrowse
                                                      • 104.21.12.142
                                                      gem2.exeGet hashmaliciousUnknownBrowse
                                                      • 104.21.64.1
                                                      gem1.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                      • 104.26.12.205
                                                      176.113.115.170.ps1Get hashmaliciousLummaCBrowse
                                                      • 172.67.160.193
                                                      https://accountsupporthub.es/generate/Login/Get hashmaliciousUnknownBrowse
                                                      • 104.21.90.106
                                                      Solara.exeGet hashmaliciousPython Stealer, Exela Stealer, XmrigBrowse
                                                      • 162.159.134.233
                                                      resembleC2.exeGet hashmaliciousBlank Grabber, Umbral StealerBrowse
                                                      • 162.159.135.232
                                                      Bootstrapper.exeGet hashmaliciousLummaCBrowse
                                                      • 172.67.219.181

                                                      JA3 Fingerprints

                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      37f463bf4616ecd445d4a1937da06e19gem2.exeGet hashmaliciousUnknownBrowse
                                                      • 104.21.34.147
                                                      gem1.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                      • 104.21.34.147
                                                      1387457-38765948.15.exeGet hashmaliciousNitolBrowse
                                                      • 104.21.34.147
                                                      1387457-38765948.15.exeGet hashmaliciousUnknownBrowse
                                                      • 104.21.34.147
                                                      build.exeGet hashmaliciousVidarBrowse
                                                      • 104.21.34.147
                                                      zmpZMfK1b4.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                      • 104.21.34.147
                                                      ix8kxoBHDb.exeGet hashmaliciousRemcos, GuLoaderBrowse
                                                      • 104.21.34.147
                                                      b0cQukXPAl.exeGet hashmaliciousLummaCBrowse
                                                      • 104.21.34.147
                                                      c7WJL1gt32.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                      • 104.21.34.147
                                                      ZaRP7yvL1J.exeGet hashmaliciousMassLogger RATBrowse
                                                      • 104.21.34.147

                                                      Dropped Files

                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\BCUninstaller.exesetup.msiGet hashmaliciousUnknownBrowse
                                                        u1XWB0BIju.msiGet hashmaliciousUnknownBrowse
                                                          setup.msiGet hashmaliciousUnknownBrowse
                                                            setup.msiGet hashmaliciousUnknownBrowse
                                                              Setup.msiGet hashmaliciousUnknownBrowse
                                                                6a7e35.msiGet hashmaliciousUnknownBrowse
                                                                  setup.msiGet hashmaliciousUnknownBrowse
                                                                    setup.msiGet hashmaliciousUnknownBrowse
                                                                      setup.msiGet hashmaliciousUnknownBrowse
                                                                        setup.msiGet hashmaliciousUnknownBrowse

                                                                          Created / dropped Files

                                                                          C:\Config.Msi\6a2336.rbs

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:data
                                                                          Category:modified
                                                                          Size (bytes):19981
                                                                          Entropy (8bit):5.809367733918046
                                                                          Encrypted:false
                                                                          SSDEEP:384:V4XN7VptOHM14gDauoWdejjdldNoBhWr9/E4NFkAiA1/4zA8LPWk1kGB8N4U+wPf:VgN7VptOHm4gDauoWdejjdldNoBhWr9T
                                                                          MD5:B591A143519572A6BC3C8F03B1A6AC26
                                                                          SHA1:5805B72E6BF4CE31779E32D1E455802FEECE967B
                                                                          SHA-256:C7D1CA64382E9E79F31472AB778D80BB7050DF68F8339DE79E6687BC4C54CB4C
                                                                          SHA-512:BAA326AF713A7901C9E7CE21ABE45AF57095879DDCEB3ED196AC7CA42B743E0896B4E09D0CEC14EC5A23630E7EE773E1BB58133F95D6807EB2E1267329208943
                                                                          Malicious:false
                                                                          Preview:...@IXOS.@.....@OK,Z.@.....@.....@.....@.....@.....@......&.{DC285C62-6022-4429-B008-80582989EC47}..Fira App..Setup.msi.@.....@.....@.....@......icon_35.exe..&.{24FEC9C5-BDA4-4EA9-B041-0F82C468C613}.....@.....@.....@.....@.......@.....@.....@.......@......Fira App......Rollback..Rolling back action:....RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{F39C344E-A83E-4760-8DA8-F27602095B4F}&.{DC285C62-6022-4429-B008-80582989EC47}.@......&.{BC83E781-7DE2-47A8-97C3-2E6CC9BCAD82}&.{DC285C62-6022-4429-B008-80582989EC47}.@......&.{279C32E3-A00A-4513-9A8B-D3984A41A6FB}&.{DC285C62-6022-4429-B008-80582989EC47}.@......&.{B61B35E4-8BE1-4171-B69B-E2423CE9179F}&.{DC285C62-6022-4429-B008-80582989EC47}.@......&.{FDDB96EE-847D-4B25-85B1-65E662CF63A8}&.{DC285C62-6022-4429-B008-80582989EC47}.@......&.{9608D8ED-8EC6-4540-B232-4A823606F862}&.{DC285C62-6022-4429-B008-80582989EC47}.@......&.{17B6E8D6-C004-40DB-BB2D-125D7C1CC21E}&.{DC285C62-6022-4429-B

                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                          Download File
                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):1360
                                                                          Entropy (8bit):5.413197223328133
                                                                          Encrypted:false
                                                                          SSDEEP:24:3UWSKco4KmZjKbm51s4RPT6moUebIKo+mZ9t7J0gt/NK3R82r+SVbR:EWSU4xymI4RfoUeW+mZ9tK8NWR82jVbR
                                                                          MD5:1A8B62C28399515602DCA9C94C2B2490
                                                                          SHA1:384EB5E2AFB32EC137CE02833466A20048E2A689
                                                                          SHA-256:B5A234A10D8D76E65C18EA63D097512F3D53FC5739EF7A8099AC8B22FA7C9F00
                                                                          SHA-512:095BD0CB3027199DDB62FFDA863673CED39884DFE0F9B9BECDF2A1CC6674D27F8AD8D0E965C1F38E4D63140F7E0DCBCA8D443E5A48E543FE0B13DA2FF2ED5CE8
                                                                          Malicious:false
                                                                          Preview:@...e.................................,..............@..........P................1]...E...........(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.Automation<...............i..VdqF...|...........System.Configuration4.................%...K... ...........System.Xml..L.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices8..................1...L..U;V.<}........System.Numerics.4.....................@.[8]'.\........System.Data.H................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fs4uiljm.34x.ps1

                                                                          Download File
                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                          File Type:ASCII text, with no line terminators
                                                                          Category:dropped
                                                                          Size (bytes):60
                                                                          Entropy (8bit):4.038920595031593
                                                                          Encrypted:false
                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                          Malicious:false
                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lw4253d2.siz.psm1

                                                                          Download File
                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                          File Type:ASCII text, with no line terminators
                                                                          Category:dropped
                                                                          Size (bytes):60
                                                                          Entropy (8bit):4.038920595031593
                                                                          Encrypted:false
                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                          Malicious:false
                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                          C:\Users\user\AppData\Local\Temp\msi511A.txt

                                                                          Download File
                                                                          Process:C:\Windows\SysWOW64\msiexec.exe
                                                                          File Type:Unicode text, UTF-16, little-endian text, with no line terminators
                                                                          Category:dropped
                                                                          Size (bytes):100
                                                                          Entropy (8bit):3.0073551160284637
                                                                          Encrypted:false
                                                                          SSDEEP:3:Q0JUINRYplflrOdlVWNlANf5Yplf955:Q0JB0LJOn03ANqLN
                                                                          MD5:7A131AC8F407D08D1649D8B66D73C3B0
                                                                          SHA1:D93E1B78B1289FB51E791E524162D69D19753F22
                                                                          SHA-256:9ACBF0D3EEF230CC2D5A394CA5657AE42F3E369292DA663E2537A278A811FF5B
                                                                          SHA-512:47B6FF38B4DF0845A83F17E0FE889747A478746E1E7F17926A5CCAC1DD39C71D93F05A88E0EC176C1E5D752F85D4BDCFFB5C64125D1BA92ACC91D03D6031848D
                                                                          Malicious:true
                                                                          Preview:..Q.u.i.t.e.S.e.s. .:.<.-.>.:. . .<.<.:.>.>. .E.x.t.e.n.d.E.x.p.i.r.e. .:.<.-.>.:. .0. .<.<.:.>.>. .

                                                                          C:\Users\user\AppData\Local\Temp\pss512C.ps1

                                                                          Download File
                                                                          Process:C:\Windows\SysWOW64\msiexec.exe
                                                                          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                          Category:dropped
                                                                          Size (bytes):6668
                                                                          Entropy (8bit):3.5127462716425657
                                                                          Encrypted:false
                                                                          SSDEEP:96:5Wb5VNkKmeHn/V2BVrIovmgNlGjxcj6BngOcvjb:5WbyZ/gVyvb
                                                                          MD5:30C30EF2CB47E35101D13402B5661179
                                                                          SHA1:25696B2AAB86A9233F19017539E2DD83B2F75D4E
                                                                          SHA-256:53094DF6FA4E57A3265FF04BC1E970C10BCDB3D4094AD6DD610C05B7A8B79E0F
                                                                          SHA-512:882BE2768138BB75FF7DDE7D5CA4C2E024699398BAACD0CE1D4619902402E054297E4F464D8CB3C22B2F35D3DABC408122C207FACAD64EC8014F2C54834CF458
                                                                          Malicious:true
                                                                          Preview:..p.a.r.a.m.(..... . .[.a.l.i.a.s.(.".p.r.o.p.F.i.l.e.".).]. . . . . . .[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.t.r.u.e.).]. .[.s.t.r.i.n.g.]. .$.m.s.i.P.r.o.p.O.u.t.F.i.l.e.P.a.t.h..... .,.[.a.l.i.a.s.(.".p.r.o.p.S.e.p.".).]. . . . . . . .[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.t.r.u.e.).]. .[.s.t.r.i.n.g.]. .$.m.s.i.P.r.o.p.K.V.S.e.p.a.r.a.t.o.r..... .,.[.a.l.i.a.s.(.".l.i.n.e.S.e.p.".).]. . . . . . . .[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.t.r.u.e.).]. .[.s.t.r.i.n.g.]. .$.m.s.i.P.r.o.p.L.i.n.e.S.e.p.a.r.a.t.o.r..... .,.[.a.l.i.a.s.(.".s.c.r.i.p.t.F.i.l.e.".).]. . . . .[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.t.r.u.e.).]. .[.s.t.r.i.n.g.]. .$.u.s.e.r.S.c.r.i.p.t.F.i.l.e.P.a.t.h..... .,.[.a.l.i.a.s.(.".s.c.r.i.p.t.A.r.g.s.F.i.l.e.".).].[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.f.a.l.s.e.).].[.s.t.r.i.n.g.]. .$.u.s.e.r.S.c.r.i.p.t.A.r.g.s.F.i.l.e.P.a.t.h..... .,.[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.t.r.u.e.).]. . . . . . . . . . . . . . . . . . . . . . . . . .

                                                                          C:\Users\user\AppData\Local\Temp\scr511B.ps1

                                                                          Download File
                                                                          Process:C:\Windows\SysWOW64\msiexec.exe
                                                                          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                          Category:dropped
                                                                          Size (bytes):266
                                                                          Entropy (8bit):3.500405439723985
                                                                          Encrypted:false
                                                                          SSDEEP:6:Q1AGYNk79idK3fOlFoulk+KiV64AGIArMTlP1LlG7JidK3falnUOn03AnfGR:Q1F3Kvoq3VFVrMTQNeFUr3ZR
                                                                          MD5:A18EA6E053D5061471852A4151A7D4D0
                                                                          SHA1:AEA460891F599C4484F04A3BC5ACC62E9D5AD9F7
                                                                          SHA-256:C4EF109DD1FEF1A7E4AF385377801EEA0E7936D207EBCEBBE078BAD56FB1F4AB
                                                                          SHA-512:7530E2974622BB6649C895C062C151AC7C496CCC0BDAE4EB53C6F29888FA7B1E184026FBB39DDB5D8741378BEE969DD70B34AC7459F3387D92D21DBCFE28DC9A
                                                                          Malicious:true
                                                                          Preview:..$.s.k.g.i.e.h.g. .=. .A.I._.G.e.t.M.s.i.P.r.o.p.e.r.t.y. .".Q.u.i.t.e.S.e.s.".....$.o.i.g.s.e.i.g.j. .=. .[.u.i.n.t.3.2.].(.$.s.k.g.i.e.h.g. .-.r.e.p.l.a.c.e. .'.t.'.,. .'.'.).....A.I._.S.e.t.M.s.i.P.r.o.p.e.r.t.y. .".E.x.t.e.n.d.E.x.p.i.r.e.". .$.o.i.g.s.e.i.g.j.

                                                                          C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\BCUninstaller.exe

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):310928
                                                                          Entropy (8bit):6.001677789306043
                                                                          Encrypted:false
                                                                          SSDEEP:3072:Zczkitvo4BpYN/6mBPry8TXROLdW5m4mURs9OOGC0kvxVCd7wANmSrvlPSIB0P+4:ZA4NCmBPry/N24OOjVxM7RNrrvEc0a
                                                                          MD5:147B71C906F421AC77F534821F80A0C6
                                                                          SHA1:3381128CA482A62333E20D0293FDA50DC5893323
                                                                          SHA-256:7DCD48CEF4CC4C249F39A373A63BBA97C66F4D8AFDBE3BAB196FD452A58290B2
                                                                          SHA-512:2FCD2127D9005D66431DD8C9BD5BC60A148D6F3DFE4B80B82672AFD0D148F308377A0C38D55CA58002E5380D412CE18BD0061CB3B12F4DAA90E0174144EA20C8
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Joe Sandbox View:
                                                                          • Filename: setup.msi, Detection: malicious, Browse
                                                                          • Filename: u1XWB0BIju.msi, Detection: malicious, Browse
                                                                          • Filename: setup.msi, Detection: malicious, Browse
                                                                          • Filename: setup.msi, Detection: malicious, Browse
                                                                          • Filename: Setup.msi, Detection: malicious, Browse
                                                                          • Filename: 6a7e35.msi, Detection: malicious, Browse
                                                                          • Filename: setup.msi, Detection: malicious, Browse
                                                                          • Filename: setup.msi, Detection: malicious, Browse
                                                                          • Filename: setup.msi, Detection: malicious, Browse
                                                                          • Filename: setup.msi, Detection: malicious, Browse
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......8.}|...|...|....../p....../v....../1...u.a.l....../u...|........./v....../}...Rich|...........PE..d...i..d..........".................`<.........@..........................................`.................................................t$...........S...`..@........(..............T.......................(.......8............................................text............................... ..`.rdata..............................@..@.data........@......................@....pdata..@....`.......&..............@..@_RDATA...............<..............@..@.rsrc....S.......T...>..............@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\UnRar.exe

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):506008
                                                                          Entropy (8bit):6.4284173495366845
                                                                          Encrypted:false
                                                                          SSDEEP:6144:yY8mmN3YWYGAj9JwXScp39ioIKzKVEKfr01//bbh3S62Wt3A3ksFqXqjh6AusDyn:yY8XiWYGAkXh3Qqia/zAot3A6AhezSpK
                                                                          MD5:98CCD44353F7BC5BAD1BC6BA9AE0CD68
                                                                          SHA1:76A4E5BF8D298800C886D29F85EE629E7726052D
                                                                          SHA-256:E51021F6CB20EFBD2169F2A2DA10CE1ABCA58B4F5F30FBF4BAE931E4ECAAC99B
                                                                          SHA-512:D6E8146A1055A59CBA5E2AAF47F6CB184ACDBE28E42EC3DAEBF1961A91CEC5904554D9D433EBF943DD3639C239EF11560FA49F00E1CFF02E11CD8D3506C4125F
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........g.}............|.&.....|.$.J...|.%.....H}*.....H}./....H}./.....~P.....H}./.....~D.........z...F}./....F}(.....F}./....Rich............PE..d.....@f.........."....!.b.....................@.....................................'....`.................................................|...........H........4.......(......8...0I..T....................J..(....G..@............................................text....a.......b.................. ..`.rdata...3.......4...f..............@..@.data...............................@....pdata...4.......6..................@..@_RDATA..\...........................@..@.rsrc...H...........................@..@.reloc..8...........................@..B................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-console-l1-1-0.dll

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):12224
                                                                          Entropy (8bit):6.596101286914553
                                                                          Encrypted:false
                                                                          SSDEEP:192:4nWYhWxWWFYg7VWQ4uWjXUtpwBqnajrmaaGJ:2WYhWvZqlQGJ
                                                                          MD5:919E653868A3D9F0C9865941573025DF
                                                                          SHA1:EFF2D4FF97E2B8D7ED0E456CB53B74199118A2E2
                                                                          SHA-256:2AFBFA1D77969D0F4CEE4547870355498D5C1DA81D241E09556D0BD1D6230F8C
                                                                          SHA-512:6AEC9D7767EB82EBC893EBD97D499DEBFF8DA130817B6BB4BCB5EB5DE1B074898F87DB4F6C48B50052D4F8A027B3A707CAD9D7ED5837A6DD9B53642B8A168932
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...Y.=i.........." .........................................................0......a.....`.........................................`...,............ ...................!..............T............................................................................rdata..P...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-console-l1-2-0.dll

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):12224
                                                                          Entropy (8bit):6.640081558424349
                                                                          Encrypted:false
                                                                          SSDEEP:192:iTWYhWyWWFYg7VWQ4uWq6Cu87ZqnajgnLSyu:sWYhWi1XHllk2yu
                                                                          MD5:7676560D0E9BC1EE9502D2F920D2892F
                                                                          SHA1:4A7A7A99900E41FF8A359CA85949ACD828DDB068
                                                                          SHA-256:00942431C2D3193061C7F4DC340E8446BFDBF792A7489F60349299DFF689C2F9
                                                                          SHA-512:F1E8DB9AD44CD1AA991B9ED0E000C58978EB60B3B7D9908B6EB78E8146E9E12590B0014FC4A97BC490FFE378C0BF59A6E02109BFD8A01C3B6D0D653A5B612D15
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d....y1..........." .........................................................0...........`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-datetime-l1-1-0.dll

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):11712
                                                                          Entropy (8bit):6.6023398138369505
                                                                          Encrypted:false
                                                                          SSDEEP:192:5WYhWYWWFYg7VWQ4SWSS/njxceXqnajLJ35H:5WYhW4gjmAlnJpH
                                                                          MD5:AC51E3459E8FCE2A646A6AD4A2E220B9
                                                                          SHA1:60CF810B7AD8F460D0B8783CE5E5BBCD61C82F1A
                                                                          SHA-256:77577F35D3A61217EA70F21398E178F8749455689DB52A2B35A85F9B54C79638
                                                                          SHA-512:6239240D4F4FA64FC771370FB25A16269F91A59A81A99A6A021B8F57CA93D6BB3B3FCECC8DEDE0EF7914652A2C85D84D774F13A4143536A3F986487A776A2EAE
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d.....Ab.........." .........................................................0......d.....`.........................................`................ ...................!..............T............................................................................rdata..4...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-debug-l1-1-0.dll

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):11720
                                                                          Entropy (8bit):6.614262942006268
                                                                          Encrypted:false
                                                                          SSDEEP:192:4WYhWFsWWFYg7VWQ4eWZzAR/BVrqnajcJH:4WYhWFMJRLlA5
                                                                          MD5:B0E0678DDC403EFFC7CDC69AE6D641FB
                                                                          SHA1:C1A4CE4DED47740D3518CD1FF9E9CE277D959335
                                                                          SHA-256:45E48320ABE6E3C6079F3F6B84636920A367989A88F9BA6847F88C210D972CF1
                                                                          SHA-512:2BADF761A0614D09A60D0ABB6289EBCBFA3BF69425640EB8494571AFD569C8695AE20130AAC0E1025E8739D76A9BFF2EFC9B4358B49EFE162B2773BE9C3E2AD4
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................." .........................................................0............`.........................................`................ ...................!..............T............................................................................rdata..@...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-errorhandling-l1-1-0.dll

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):11720
                                                                          Entropy (8bit):6.654155040985372
                                                                          Encrypted:false
                                                                          SSDEEP:192:imxD3vEWYhWnWWFYg7VWQ4eWMOwNbDXbBqnaj0qJm8:iIEWYhWFpLbBlwqJm
                                                                          MD5:94788729C9E7B9C888F4E323A27AB548
                                                                          SHA1:B0BA0C4CF1D8B2B94532AA1880310F28E87756EC
                                                                          SHA-256:ACCDD7455FB6D02FE298B987AD412E00D0B8E6F5FB10B52826367E7358AE1187
                                                                          SHA-512:AB65495B1D0DD261F2669E04DC18A8DA8F837B9AC622FC69FDE271FF5E6AA958B1544EDD8988F017D3DD83454756812C927A7702B1ED71247E506530A11F21C6
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d....:.[.........." .........................................................0......~.....`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-file-l1-1-0.dll

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):15304
                                                                          Entropy (8bit):6.548897063441128
                                                                          Encrypted:false
                                                                          SSDEEP:192:+AuVYPvVX8rFTsRWYhWyWWFYg7VWQ4eWQBAW+JSdqnajeMoLR9au:TBPvVXLWYhWiBdlaLFAu
                                                                          MD5:580D9EA2308FC2D2D2054A79EA63227C
                                                                          SHA1:04B3F21CBBA6D59A61CD839AE3192EA111856F65
                                                                          SHA-256:7CB0396229C3DA434482A5EF929D3A2C392791712242C9693F06BAA78948EF66
                                                                          SHA-512:97C1D3F4F9ADD03F21C6B3517E1D88D1BF9A8733D7BDCA1AECBA9E238D58FF35780C4D865461CC7CD29E9480B3B3B60864ABB664DCDC6F691383D0B281C33369
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................." .........................................................@............`.........................................`................0...................!..............T............................................................................rdata..(...........................@..@.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-file-l1-2-0.dll

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):11712
                                                                          Entropy (8bit):6.622041192039296
                                                                          Encrypted:false
                                                                          SSDEEP:192:dzWYhW1sWWFYg7VWQ4yWL3sQlmqnajlD4h1N:BWYhW2e6l94h1N
                                                                          MD5:35BC1F1C6FBCCEC7EB8819178EF67664
                                                                          SHA1:BBCAD0148FF008E984A75937AADDF1EF6FDA5E0C
                                                                          SHA-256:7A3C5167731238CF262F749AA46AB3BFB2AE1B22191B76E28E1D7499D28C24B7
                                                                          SHA-512:9AB9B5B12215E57AF5B3C588ED5003D978071DC591ED18C78C4563381A132EDB7B2C508A8B75B4F1ED8823118D23C88EDA453CD4B42B9020463416F8F6832A3D
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................." .........................................................0......./....`.........................................`...L............ ...................!..............T............................................................................rdata..l...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-file-l2-1-0.dll

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):11720
                                                                          Entropy (8bit):6.730719514840594
                                                                          Encrypted:false
                                                                          SSDEEP:192:/VyWYhWjAWWFYg7VWQ4eWiuNwzNbDXbBqnaj0q:/VyWYhW8g+LbBlwq
                                                                          MD5:3BF4406DE02AA148F460E5D709F4F67D
                                                                          SHA1:89B28107C39BB216DA00507FFD8ADB7838D883F6
                                                                          SHA-256:349A79FA1572E3538DFBB942610D8C47D03E8A41B98897BC02EC7E897D05237E
                                                                          SHA-512:5FF6E8AD602D9E31AC88E06A6FBB54303C57D011C388F46D957AEE8CD3B7D7CCED8B6BFA821FF347ADE62F7359ACB1FBA9EE181527F349C03D295BDB74EFBACE
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................" .........................................................0............`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-handle-l1-1-0.dll

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):11720
                                                                          Entropy (8bit):6.626458901834476
                                                                          Encrypted:false
                                                                          SSDEEP:192:P9RWYhWEWWFYg7VWQ4eWncTjxceXqnajLJS:LWYhWk3TjmAlnJS
                                                                          MD5:BBAFA10627AF6DFAE5ED6E4AEAE57B2A
                                                                          SHA1:3094832B393416F212DB9107ADD80A6E93A37947
                                                                          SHA-256:C78A1217F8DCB157D1A66B80348DA48EBDBBEDCEA1D487FC393191C05AAD476D
                                                                          SHA-512:D5FCBA2314FFE7FF6E8B350D65A2CDD99CA95EA36B71B861733BC1ED6B6BB4D85D4B1C4C4DE2769FBF90D4100B343C250347D9ED1425F4A6C3FE6A20AED01F17
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...>G.j.........." .........................................................0............`.........................................`...`............ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-heap-l1-1-0.dll

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):12232
                                                                          Entropy (8bit):6.577869728469469
                                                                          Encrypted:false
                                                                          SSDEEP:192:5t6DjZlTIWYhWsWWFYg7VWQ4eW4MtkR/BVrqnajc:5t6Dll0WYhWMqkRLlA
                                                                          MD5:3A4B6B36470BAD66621542F6D0D153AB
                                                                          SHA1:5005454BA8E13BAC64189C7A8416ECC1E3834DC6
                                                                          SHA-256:2E981EE04F35C0E0B7C58282B70DCC9FC0318F20F900607DAE7A0D40B36E80AF
                                                                          SHA-512:84B00167ABE67F6B58341045012723EF4839C1DFC0D8F7242370C4AD9FABBE4FEEFE73F9C6F7953EAE30422E0E743DC62503A0E8F7449E11C5820F2DFCA89294
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................" .........................................................0......M.....`.........................................`................ ...................!..............T............................................................................rdata..(...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-interlocked-l1-1-0.dll

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):11712
                                                                          Entropy (8bit):6.6496318655699795
                                                                          Encrypted:false
                                                                          SSDEEP:192:nWYhWNWWFYg7VWQ4uWtGDlR/BVrqnajcU8:nWYhWLJDlRLlAU8
                                                                          MD5:A038716D7BBD490378B26642C0C18E94
                                                                          SHA1:29CD67219B65339B637A1716A78221915CEB4370
                                                                          SHA-256:B02324C49DD039FA889B4647331AA9AC65E5ADC0CC06B26F9F086E2654FF9F08
                                                                          SHA-512:43CB12D715DDA4DCDB131D99127417A71A16E4491BC2D5723F63A1C6DFABE578553BC9DC8CF8EFFAE4A6BE3E65422EC82079396E9A4D766BF91681BDBD7837B1
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...*............." .........................................................0......-.....`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-libraryloader-l1-1-0.dll

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):12736
                                                                          Entropy (8bit):6.587452239016064
                                                                          Encrypted:false
                                                                          SSDEEP:192:FvuBL3BBLZWYhWxWWFYg7VWQ4uW4g0jrQYcunYqnajv9Ml:FvuBL3BPWYhWv8jYulhMl
                                                                          MD5:D75144FCB3897425A855A270331E38C9
                                                                          SHA1:132C9ADE61D574AA318E835EB78C4CCCDDEFDEA2
                                                                          SHA-256:08484ED55E43584068C337281E2C577CF984BB504871B3156DE11C7CC1EEC38F
                                                                          SHA-512:295A6699529D6B173F686C9BBB412F38D646C66AAB329EAC4C36713FDD32A3728B9C929F9DCADDE562F625FB80BC79026A52772141AD2080A0C9797305ADFF2E
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d......c.........." .........................................................0......V`....`.........................................`................ ...................!..............T............................................................................rdata..<...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-localization-l1-2-0.dll

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):14280
                                                                          Entropy (8bit):6.658205945107734
                                                                          Encrypted:false
                                                                          SSDEEP:384:NOMw3zdp3bwjGzue9/0jCRrndbwNWYhW6WAulh2:NOMwBprwjGzue9/0jCRrndbw5D
                                                                          MD5:8ACB83D102DABD9A5017A94239A2B0C6
                                                                          SHA1:9B43A40A7B498E02F96107E1524FE2F4112D36AE
                                                                          SHA-256:059CB23FDCF4D80B92E3DA29E9EF4C322EDF6FBA9A1837978FD983E9BDFC7413
                                                                          SHA-512:B7ECF60E20098EA509B76B1CC308A954A6EDE8D836BF709790CE7D4BD1B85B84CF5F3AEDF55AF225D2D21FBD3065D01AA201DAE6C131B8E1E3AA80ED6FC910A4
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................" .........................................................0......._....`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-memory-l1-1-0.dll

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):12224
                                                                          Entropy (8bit):6.621310788423453
                                                                          Encrypted:false
                                                                          SSDEEP:96:qo1aCFEWYhWwp/DEs39DHDs35FrsvYgmr0DD0ADEs3TDL2L4m2grMWaLNpDEs3OC:teWYhWVWWFYg7VWQ4yWwAKZRqnajl6x7
                                                                          MD5:808F1CB8F155E871A33D85510A360E9E
                                                                          SHA1:C6251ABFF887789F1F4FC6B9D85705788379D149
                                                                          SHA-256:DADBD2204B015E81F94C537AC7A36CD39F82D7C366C193062210C7288BAA19E3
                                                                          SHA-512:441F36CA196E1C773FADF17A0F64C2BBDC6AF22B8756A4A576E6B8469B4267E942571A0AE81F4B2230B8DE55702F2E1260E8D0AFD5447F2EA52F467F4CAA9BC6
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...f092.........." .........................................................0............`.........................................`...l............ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-namedpipe-l1-1-0.dll

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):11720
                                                                          Entropy (8bit):6.7263193693903345
                                                                          Encrypted:false
                                                                          SSDEEP:192:cWYhWZSWWFYg7VWQ4eWkcc7ZqnajgnLSp:cWYhW84cllk2p
                                                                          MD5:CFF476BB11CC50C41D8D3BF5183D07EC
                                                                          SHA1:71E0036364FD49E3E535093E665F15E05A3BDE8F
                                                                          SHA-256:B57E70798AF248F91C8C46A3F3B2952EFFAE92CA8EF9640C952467BC6726F363
                                                                          SHA-512:7A87E4EE08169E9390D0DFE607E9A220DC7963F9B4C2CDC2F8C33D706E90DC405FBEE00DDC4943794FB502D9882B21FAAE3486BC66B97348121AE665AE58B01C
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d.....%..........." .........................................................0......[.....`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-processenvironment-l1-1-0.dll

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):12744
                                                                          Entropy (8bit):6.601327134572443
                                                                          Encrypted:false
                                                                          SSDEEP:192:qKWYhWbWWFYg7VWQ4eWYoWjxceXqnajLJe:qKWYhWJ4WjmAlnJe
                                                                          MD5:F43286B695326FC0C20704F0EEBFDEA6
                                                                          SHA1:3E0189D2A1968D7F54E721B1C8949487EF11B871
                                                                          SHA-256:AA415DB99828F30A396CBD4E53C94096DB89756C88A19D8564F0EED0674ADD43
                                                                          SHA-512:6EAD35348477A08F48A9DEB94D26DA5F4E4683E36F0A46117B078311235C8B9B40C17259C2671A90D1A210F73BF94C9C063404280AC5DD5C7F9971470BEAF8B7
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................" .........................................................0.......Z....`.........................................`...H............ ...................!..............T............................................................................rdata..x...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-processthreads-l1-1-0.dll

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):14272
                                                                          Entropy (8bit):6.519411559704781
                                                                          Encrypted:false
                                                                          SSDEEP:192:AWXk1JzX9cKSIvWYhWLWWFYg7VWQ4SWW0uI7oinEqnajxMyqY:AWXk1JzNcKSIvWYhW5+uOEle6
                                                                          MD5:E173F3AB46096482C4361378F6DCB261
                                                                          SHA1:7922932D87D3E32CE708F071C02FB86D33562530
                                                                          SHA-256:C9A686030E073975009F993485D362CC31C7F79B683DEF713E667D13E9605A14
                                                                          SHA-512:3AAFEFD8A9D7B0C869D0C49E0C23086115FD550B7DC5C75A5B8A8620AD37F36A4C24D2BF269043D81A7448C351FF56CB518EC4E151960D4F6BD655C38AFF547F
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...j............." .........................................................0......%C....`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-processthreads-l1-1-1.dll

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):12232
                                                                          Entropy (8bit):6.659079053710614
                                                                          Encrypted:false
                                                                          SSDEEP:192:NtxDfIeA6WYhW7WWFYg7VWQ4eWpB5ABzR/BVrqnajcb:NtxDfIeA6WYhWp28RLlA
                                                                          MD5:9C9B50B204FCB84265810EF1F3C5D70A
                                                                          SHA1:0913AB720BD692ABCDB18A2609DF6A7F85D96DB3
                                                                          SHA-256:25A99BDF8BF4D16077DC30DD9FFEF7BB5A2CEAF9AFCEE7CF52AD408355239D40
                                                                          SHA-512:EA2D22234E587AD9FA255D9F57907CC14327EAD917FDEDE8B0A38516E7C7A08C4172349C8A7479EC55D1976A37E520628006F5C362F6A3EC76EC87978C4469CD
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................" .........................................................0......6y....`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-profile-l1-1-0.dll

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):11200
                                                                          Entropy (8bit):6.7627840671368835
                                                                          Encrypted:false
                                                                          SSDEEP:192:clIHyZ36WYhWulWWFYg7VWQ4yWqeQDbLtsQlmqnajlDC:clIHyZKWYhWKhlbp6l9C
                                                                          MD5:0233F97324AAAA048F705D999244BC71
                                                                          SHA1:5427D57D0354A103D4BB8B655C31E3189192FC6A
                                                                          SHA-256:42F4E84073CF876BBAB9DD42FD87124A4BA10BB0B59D2C3031CB2B2DA7140594
                                                                          SHA-512:8339F3C0D824204B541AECBD5AD0D72B35EAF6717C3F547E0FD945656BCB2D52E9BD645E14893B3F599ED8F2DE6D3BCBEBF3B23ED43203599AF7AFA5A4000311
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d....f............" .........................................................0.......>....`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-rtlsupport-l1-1-0.dll

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):12224
                                                                          Entropy (8bit):6.590253878523919
                                                                          Encrypted:false
                                                                          SSDEEP:192:4GeVvXK9WYhW1WWFYg7VWQ4yWj6k50IsQlmqnajlDl:4GeVy9WYhWzVk6l9l
                                                                          MD5:E1BA66696901CF9B456559861F92786E
                                                                          SHA1:D28266C7EDE971DC875360EB1F5EA8571693603E
                                                                          SHA-256:02D987EBA4A65509A2DF8ED5DD0B1A0578966E624FCF5806614ECE88A817499F
                                                                          SHA-512:08638A0DD0FB6125F4AB56E35D707655F48AE1AA609004329A0E25C13D2E71CB3EDB319726F10B8F6D70A99F1E0848B229A37A9AB5427BFEE69CD890EDFB89D2
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...._............" .........................................................0.......S....`.........................................`................ ...................!..............T............................................................................rdata..<...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-string-l1-1-0.dll

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):11720
                                                                          Entropy (8bit):6.672720452347989
                                                                          Encrypted:false
                                                                          SSDEEP:192:byMvQWYhW5fWWFYg7VWQ4eWio3gDwcunYqnajv9JS:byMvQWYhW/BXwulhw
                                                                          MD5:7A15B909B6B11A3BE6458604B2FF6F5E
                                                                          SHA1:0FEB824D22B6BEEB97BCE58225688CB84AC809C7
                                                                          SHA-256:9447218CC4AB1A2C012629AAAE8D1C8A428A99184B011BCC766792AF5891E234
                                                                          SHA-512:D01DD566FF906AAD2379A46516E6D060855558C3027CE3B991056244A8EDD09CE29EACEC5EE70CEEA326DED7FC2683AE04C87F0E189EBA0E1D38C06685B743C9
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d.....<.........." .........................................................0.......g....`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-synch-l1-1-0.dll

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):13760
                                                                          Entropy (8bit):6.575688560984027
                                                                          Encrypted:false
                                                                          SSDEEP:192:L1dv3V0dfpkXc2MAvVaoKKDWYhWTJWWFYg7VWQ4uWoSUtpwBqnajrmaaGWpmJ:Zdv3V0dfpkXc0vVaeWYhWj/qlQGWpmJ
                                                                          MD5:6C3FCD71A6A1A39EAB3E5C2FD72172CD
                                                                          SHA1:15B55097E54028D1466E46FEBCA1DBB8DBEFEA4F
                                                                          SHA-256:A31A15BED26232A178BA7ECB8C8AA9487C3287BB7909952FC06ED0D2C795DB26
                                                                          SHA-512:EF1C14965E5974754CC6A9B94A4FA5107E89966CB2E584CE71BBBDD2D9DC0C0536CCC9D488C06FA828D3627206E7D9CC8065C45C6FB0C9121962CCBECB063D4F
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d......c.........." .........................................................0............`.........................................`...X............ ...................!..............T............................................................................rdata..|...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-synch-l1-2-0.dll

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):12232
                                                                          Entropy (8bit):6.70261983917014
                                                                          Encrypted:false
                                                                          SSDEEP:192:ztZ3XWYhW3WWFYg7VWQ4eWNnpit7ZqnajgnLSl:ztZ3XWYhWVg+llk2
                                                                          MD5:D175430EFF058838CEE2E334951F6C9C
                                                                          SHA1:7F17FBDCEF12042D215828C1D6675E483A4C62B1
                                                                          SHA-256:1C72AC404781A9986D8EDEB0EE5DD39D2C27CE505683CA3324C0ECCD6193610A
                                                                          SHA-512:6076086082E3E824309BA2C178E95570A34ECE6F2339BE500B8B0A51F0F316B39A4C8D70898C4D50F89F3F43D65C5EBBEC3094A47D91677399802F327287D43B
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................." .........................................................0......G.....`.........................................`...x............ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-sysinfo-l1-1-0.dll

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):12744
                                                                          Entropy (8bit):6.599515320379107
                                                                          Encrypted:false
                                                                          SSDEEP:192:fKIMFFyWYhW6WWFYg7VWQ4eWoVjxceXqnajLJ4:fcyWYhWKRjmAlnJ4
                                                                          MD5:9D43B5E3C7C529425EDF1183511C29E4
                                                                          SHA1:07CE4B878C25B2D9D1C48C462F1623AE3821FCEF
                                                                          SHA-256:19C78EF5BA470C5B295DDDEE9244CBD07D0368C5743B02A16D375BFB494D3328
                                                                          SHA-512:C8A1C581C3E465EFBC3FF06F4636A749B99358CA899E362EA04B3706EAD021C69AE9EA0EFC1115EAE6BBD9CF6723E22518E9BEC21F27DDAAFA3CF18B3A0034A7
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...r............" .........................................................0............`.........................................`...H............ ...................!..............T............................................................................rdata..l...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-timezone-l1-1-0.dll

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):12232
                                                                          Entropy (8bit):6.690164913578267
                                                                          Encrypted:false
                                                                          SSDEEP:192:4EWYhWdWWFYg7VWQ4eWvvJ6jxceXqnajLJn:4EWYhWbwYjmAlnJ
                                                                          MD5:43E1AE2E432EB99AA4427BB68F8826BB
                                                                          SHA1:EEE1747B3ADE5A9B985467512215CAF7E0D4CB9B
                                                                          SHA-256:3D798B9C345A507E142E8DACD7FB6C17528CC1453ABFEF2FFA9710D2FA9E032C
                                                                          SHA-512:40EC0482F668BDE71AEB4520A0709D3E84F093062BFBD05285E2CC09B19B7492CB96CDD6056281C213AB0560F87BD485EE4D2AEEFA0B285D2D005634C1F3AF0B
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d....Y$..........." .........................................................0.......d....`.........................................`...H............ ...................!..............T............................................................................rdata..l...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-core-util-l1-1-0.dll

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):11720
                                                                          Entropy (8bit):6.615761482304143
                                                                          Encrypted:false
                                                                          SSDEEP:192:dZ89WYhWFWWFYg7VWQ4eW5QLyFqnajziMOci:dZ89WYhWDnolniMOP
                                                                          MD5:735636096B86B761DA49EF26A1C7F779
                                                                          SHA1:E51FFBDDBF63DDE1B216DCCC753AD810E91ABC58
                                                                          SHA-256:5EB724C51EECBA9AC7B8A53861A1D029BF2E6C62251D00F61AC7E2A5F813AAA3
                                                                          SHA-512:3D5110F0E5244A58F426FBB72E17444D571141515611E65330ECFEABDCC57AD3A89A1A8B2DC573DA6192212FB65C478D335A86678A883A1A1B68FF88ED624659
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................" .........................................................0......Xc....`.........................................`...<............ ...................!..............T............................................................................rdata..\...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-crt-conio-l1-1-0.dll

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):12744
                                                                          Entropy (8bit):6.627282858694643
                                                                          Encrypted:false
                                                                          SSDEEP:192:R0WYhWRWWFYg7VWQ4eWLeNxUUtpwBqnajrmaaG:R0WYhWPzjqlQG
                                                                          MD5:031DC390780AC08F498E82A5604EF1EB
                                                                          SHA1:CF23D59674286D3DC7A3B10CD8689490F583F15F
                                                                          SHA-256:B119ADAD588EBCA7F9C88628010D47D68BF6E7DC6050B7E4B787559F131F5EDE
                                                                          SHA-512:1468AD9E313E184B5C88FFD79A17C7D458D5603722620B500DBA06E5B831037CD1DD198C8CE2721C3260AB376582F5791958763910E77AA718449B6622D023C7
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d..../}..........." .........................................................0......a.....`.........................................0................ ...................!..............T............................................................................rdata.. ...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-crt-convert-l1-1-0.dll

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):15816
                                                                          Entropy (8bit):6.435326465651674
                                                                          Encrypted:false
                                                                          SSDEEP:192:JM0wd8dc9cydWYhWyWWFYg7VWQ4eW9jTXfH098uXqnajH/VCf:G0wd8xydWYhWi2bXuXlTV2
                                                                          MD5:285DCD72D73559678CFD3ED39F81DDAD
                                                                          SHA1:DF22928E43EA6A9A41C1B2B5BFCAB5BA58D2A83A
                                                                          SHA-256:6C008BE766C44BF968C9E91CDDC5B472110BEFFEE3106A99532E68C605C78D44
                                                                          SHA-512:84EF0A843798FD6BD6246E1D40924BE42550D3EF239DAB6DB4D423B142FA8F691C6F0603687901F1C52898554BF4F48D18D3AEBD47DE935560CDE4906798C39A
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...x............." .........................................................@.......5....`.........................................0................0...................!..............T............................................................................rdata..............................@..@.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-crt-environment-l1-1-0.dll

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):12232
                                                                          Entropy (8bit):6.5874576656353145
                                                                          Encrypted:false
                                                                          SSDEEP:192:6KNMWYhW6WWFYg7VWQ4eWSA5lJSdqnajeMh3:6KNMWYhWKiKdlaW
                                                                          MD5:5CCE7A5ED4C2EBAF9243B324F6618C0E
                                                                          SHA1:FDB5954EE91583A5A4CBB0054FB8B3BF6235EED3
                                                                          SHA-256:AA3E3E99964D7F9B89F288DBE30FF18CBC960EE5ADD533EC1B8326FE63787AA3
                                                                          SHA-512:FC85A3BE23621145B8DC067290BD66416B6B1566001A799975BF99F0F526935E41A2C8861625E7CFB8539CA0621ED9F46343C04B6C41DB812F58412BE9C8A0DE
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...g P..........." .........................................................0............`.........................................0..."............ ...................!..............T............................................................................rdata..R...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\api-ms-win-crt-filesystem-l1-1-0.dll

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):13768
                                                                          Entropy (8bit):6.645869978118917
                                                                          Encrypted:false
                                                                          SSDEEP:192:CGnWlC0i5ClWYhWwWWFYg7VWQ4eWtOUtpwBqnajrmaaGN4P:9nWm5ClWYhWQ8qlQGN6
                                                                          MD5:41FBBB054AF69F0141E8FC7480D7F122
                                                                          SHA1:3613A572B462845D6478A92A94769885DA0843AF
                                                                          SHA-256:974AF1F1A38C02869073B4E7EC4B2A47A6CE8339FA62C549DA6B20668DE6798C
                                                                          SHA-512:97FB0A19227887D55905C2D622FBF5451921567F145BE7855F72909EB3027F48A57D8C4D76E98305121B1B0CC1F5F2667EF6109C59A83EA1B3E266934B2EB33C
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...r..x.........." .........................................................0.......(....`.........................................0................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\avcodec-60.dll

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):37333152
                                                                          Entropy (8bit):6.632921864082428
                                                                          Encrypted:false
                                                                          SSDEEP:393216:LzyCmQCOCLheXbl4MEf+Eidgrpj3xO6FLzq2KHplhrX5:L5WLheXbl4MEf+HgrpjVF6PD5
                                                                          MD5:32F56F3E644C4AC8C258022C93E62765
                                                                          SHA1:06DFF5904EBBF69551DFA9F92E6CC2FFA9679BA1
                                                                          SHA-256:85AF2FB4836145098423E08218AC381110A6519CB559FF6FC7648BA310704315
                                                                          SHA-512:CAE2B9E40FF71DDAF76A346C20028867439B5726A16AE1AD5E38E804253DFCF6ED0741095A619D0999728D953F2C375329E86B8DE4A0FCE55A8CDC13946D5AD8
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d........(........&"...&............P........................................P.......3:...`... ......................................`...........A.....p.......t...X.9.H'.......M..............................(......................P............................text...............................`..`.rodata.0........................... ..`.data...............................@....rdata....X......X.................@..@.pdata..t...........................@..@.xdata..`...........................@..@.bss...................................edata.......`.......|..............@..@.idata...A.......B..................@....CRT....`..........................@....tls...............................@....rsrc...p..........................@....reloc...M.......N..................@..B........................................................................................

                                                                          C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\avformat-60.dll

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):5100112
                                                                          Entropy (8bit):6.374242928276845
                                                                          Encrypted:false
                                                                          SSDEEP:49152:WBUp8DPNkkup6GAx9HEekwEfG/66xcPiw+UgAnBM+sVf9d3PWKOyz/Omlc69kXOV:WB/Z16w8idUgfT0b6LnBSpytGyodUl
                                                                          MD5:01589E66D46ABCD9ACB739DA4B542CE4
                                                                          SHA1:6BF1BD142DF68FA39EF26E2CAE82450FED03ECB6
                                                                          SHA-256:9BB4A5F453DA85ACD26C35969C049592A71A7EF3060BFA4EB698361F2EDB37A3
                                                                          SHA-512:0527AF5C1E7A5017E223B3CC0343ED5D42EC236D53ECA30D6DECCEB2945AF0C1FBF8C7CE367E87BC10FCD54A77F5801A0D4112F783C3B7E829B2F40897AF8379
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 3%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.........D..,....&"...&.R4...D.....P.........................................E.....r}N...`... .......................................D.0-....D.hX...PE.......?.......M.H'...`E..e............................>.(.....................D.`............................text....P4......R4.................`..`.data....3...p4..4...V4.............@....rdata...&....4..(....4.............@..@.pdata........?.......?.............@..@.xdata..8{....A..|...TA.............@..@.bss..........D..........................edata..0-....D.......C.............@..@.idata..hX....D..Z....C.............@....CRT....`....0E......XD.............@....tls.........@E......ZD.............@....rsrc........PE......\D.............@....reloc...e...`E..f...`D.............@..B................................................................................................................................

                                                                          C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\avutil-58.dll

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):1089600
                                                                          Entropy (8bit):6.535744457220272
                                                                          Encrypted:false
                                                                          SSDEEP:24576:NFUq9wHzADwiB0Bm3k6gz0sA+wLDZyoFNRsKYw:TUdMDwIgm3kpzsNpyoFDsKYw
                                                                          MD5:3AAF57892F2D66F4A4F0575C6194F0F8
                                                                          SHA1:D65C9143603940EDE756D7363AB6750F6B45AB4E
                                                                          SHA-256:9E0D0A05B798DA5D6C38D858CE1AD855C6D68BA2F9822FA3DA16E148E97F9926
                                                                          SHA-512:A5F595D9C48B8D5191149D59896694C6DD0E9E1AF782366162D7E3C90C75B2914F6E7AFF384F4B59CA7C5A1ECCCDBF5758E90A6A2B14A8625858A599DCCA429B
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d........f..X.....&"...&.2...b......P......................................... ......?....`... ......................................0 .xC.... ....... .h.......@>...x..H'.... ............................. Z..(..................... .P............................text....1.......2..................`..`.data........P.......6..............@....rdata...,...`.......8..............@..@.pdata..@>.......@...f..............@..@.xdata...K.......L..................@..@.bss......... ...........................edata..xC...0 ..D..................@..@.idata........ ......6..............@....CRT....`..... ......N..............@....tls.......... ......P..............@....rsrc...h..... ......R..............@....reloc........ ......V..............@..B................................................................................................................................

                                                                          C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\createdump.exe

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):57488
                                                                          Entropy (8bit):6.382541157520703
                                                                          Encrypted:false
                                                                          SSDEEP:768:eQ6XULhGj8TzwsoeZwVAsuEIBh8v6H3eQdFyN+yghK3m5rR8vSoQuSd:ECVbTGkiE/c+XA3g2L7S
                                                                          MD5:71F796B486C7FAF25B9B16233A7CE0CD
                                                                          SHA1:21FFC41E62CD5F2EFCC94BAF71BD2659B76D28D3
                                                                          SHA-256:B2ACB555E6D5C6933A53E74581FD68D523A60BCD6BD53E4A12D9401579284FFD
                                                                          SHA-512:A82EA6FC7E7096C10763F2D821081F1B1AFFA391684B8B47B5071640C8A4772F555B953445664C89A7DFDB528C5D91A9ADDB5D73F4F5E7509C6D58697ED68432
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l............uU.....x.....x.....x....{...........ox....ox9....ox....Rich...........................PE..d......d.........."......f...N......p).........@....................................2.....`.....................................................................P........(......d.......T...............................8............................................text....e.......f.................. ..`.rdata...6.......8...j..............@..@.data...............................@....pdata..P...........................@..@_RDATA..............................@..@.rsrc...............................@..@.reloc..d...........................@..B................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\iwhgjds.rar

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:RAR archive data, v5
                                                                          Category:dropped
                                                                          Size (bytes):400302
                                                                          Entropy (8bit):7.999544013178701
                                                                          Encrypted:true
                                                                          SSDEEP:12288:JW6dkkY5GraFBgFjzg9RerVNGZsLOtg2KF:PekYWak/QR2jOtgHF
                                                                          MD5:97B570D42F85CF3F4E4CA393C6040BE8
                                                                          SHA1:F477E9C3669C5D5C9758D35B9873108F399A910B
                                                                          SHA-256:4B692B0602F2976DE5D31EB415285D9575203EE3BC3B1556A47254BE81398BDB
                                                                          SHA-512:D84D8BBBB14185E24BA2DE56F6802EFBA0E1F282D28DD57EBE088DD1BDE4B2F6685000E04B57B96DA6C6131C47422F9A1C5A009E2109003FC67B05F2C359521D
                                                                          Malicious:false
                                                                          Preview:Rar!......bF!......x......b....v .c_1..B...'.....%.+k#......j....A... .'.t."?.*....... $..3....`.OOO.Q...]s..3..S|'....)..J%/D.m/.*6.Ah....~.b..+r....T.ky....E..r.ip...`...\....X.RI....E...^.......G..m..+..{...,%.eC.......x..5=2..J...|.*.."....je..p.H_....x.R...`RK.E0Q..."W8}...E.....[.....[..l..(f].-SS.....x......8....A$.....%m....b|w.E.fs.W..v.m...5.Dd!U..9._h../.Zt#..|..bR.H~`...-9...S.+..~L..a#.8.l.u.\.$.................`...........U#v.,?.0V..N....L.F.Z{......0.V/..+.....K,pZh.6..u'Y...bz....+...c..oW......:...3.E(..L.....#.S...$R....<..J...5:.v .#...Ki.c.LM....J...j...pt.5..eR.....e..'...x.....{.N.......:.^..<.....n>.W..G........X...Q`...].I....{..m@...8Qx..|.....(.A...WnC@.$..5.Tr.7...j....M^.'...&.p.f.......J&...K.j.b8....%.&.i..34!3..s.P..._..4*.(K_....`9b.f.(.^."M4T<......e.-w..C..:.......+B.4....i.vv.2.~.u,.....\...........g9..>..Q<.......V..,...a...NQ.w9X.E.l./.....<h..@#Z.{.i.i.......]Sb....d[.)E.+EC..o....+o"$i.yC}SL..}."

                                                                          C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\msvcp140.dll

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):566704
                                                                          Entropy (8bit):6.494428734965787
                                                                          Encrypted:false
                                                                          SSDEEP:12288:M/Wn7JnU0QUgqtLe1fqSKnqEXG6IOaaal7wC/QaDWxncycIW6zuyLQEKZm+jWodj:yN59IW6zuAQEKZm+jWodEEY1u
                                                                          MD5:6DA7F4530EDB350CF9D967D969CCECF8
                                                                          SHA1:3E2681EA91F60A7A9EF2407399D13C1CA6AA71E9
                                                                          SHA-256:9FEE6F36547D6F6EA7CA0338655555DBA6BB0F798BC60334D29B94D1547DA4DA
                                                                          SHA-512:1F77F900215A4966F7F4E5D23B4AAAD203136CB8561F4E36F03F13659FE1FF4B81CAA75FEF557C890E108F28F0484AD2BAA825559114C0DAA588CF1DE6C1AFAB
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Y...................Z.........O.....O.....O.....O.....O.....O.6....O.....Rich...........................PE..d...%|.a.........." .....<...\.......)...................................................`A.........................................5..h...(...,............p...9...~...'......0.......T...............................8............P...............................text....;.......<.................. ..`.rdata..j....P.......@..............@..@.data...`:...0......................@....pdata...9...p...:...6..............@..@.rsrc................p..............@..@.reloc..0............t..............@..B................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exe

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):35656
                                                                          Entropy (8bit):6.370522595411868
                                                                          Encrypted:false
                                                                          SSDEEP:768:ixmeWkfdHAWcgj7Y7rEabyLcRwEpYinAMx1nyqaJ:pXUdg8jU7r4LcRZ7Hx1nyqa
                                                                          MD5:D3CAC4D7B35BACAE314F48C374452D71
                                                                          SHA1:95D2980786BC36FEC50733B9843FDE9EAB081918
                                                                          SHA-256:4233600651FB45B9E50D2EC8B98B9A76F268893B789A425B4159675B74F802AA
                                                                          SHA-512:21C8D73CC001EF566C1F3C7924324E553A6DCA68764ECB11C115846CA54E74BD1DFED12A65AF28D9B00DDABA04F987088AA30E91B96E050E4FC1A256FFF20880
                                                                          Malicious:true
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........D..D..D..M.3.J......F......W......N......G......F..D..l......A..D.........E...._.E......E..RichD..................PE..d................"....#.2...4......`7.........@..........................................`..................................................b..,....................d..H'......<....Z..p...........................`Y..@............P...............................text....1.......2.................. ..`.rdata..H"...P...$...6..............@..@.data...H............Z..............@....pdata...............\..............@..@.rsrc................`..............@..@.reloc..<............b..............@..B........................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\suriqk.bat

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                          Category:dropped
                                                                          Size (bytes):22
                                                                          Entropy (8bit):3.879664004902594
                                                                          Encrypted:false
                                                                          SSDEEP:3:mKDDlR+7H6U:hOD6U
                                                                          MD5:D9324699E54DC12B3B207C7433E1711C
                                                                          SHA1:864EB0A68C2979DCFF624118C9C0618FF76FA76C
                                                                          SHA-256:EDFACD2D5328E4FFF172E0C21A54CC90BAF97477931B47B0A528BFE363EF7C7E
                                                                          SHA-512:E8CC55B04A744A71157FCCA040B8365473C1165B3446E00C61AD697427221BE11271144F93F853F22906D0FEB61BC49ADFE9CBA0A1F3B3905E7AD6BD57655EB8
                                                                          Malicious:false
                                                                          Preview:@echo off..Start "" %1

                                                                          C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\swresample-4.dll

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):158968
                                                                          Entropy (8bit):6.4238235663554955
                                                                          Encrypted:false
                                                                          SSDEEP:1536:izN/1rbQ+rTccg/Lla75jjVBzYCDNzuDQr5whduOd7EKPuh9Aco6uAGUtQFUzcnX:8N/FQ+rejlaFhdrXORhjD6VGUtQWk
                                                                          MD5:7FB892E2AC9FF6981B6411FF1F932556
                                                                          SHA1:861B6A1E59D4CD0816F4FEC6FD4E31FDE8536C81
                                                                          SHA-256:A45A29AECB118FC1A27ECA103EAD50EDD5343F85365D1E27211FE3903643C623
                                                                          SHA-512:986672FBB14F3D61FFF0924801AAB3E9D6854BB3141B95EE708BF5B80F8552D5E0D57182226BABA0AE8995A6A6F613864AB0E5F26C4DCE4EB88AB82B060BDAC5
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...........O.....&"...&.h..........P.....................................................`... ...................................... .......0..T....`..........X....E..H'...p..................................(...................02...............................text....f.......h..................`..`.data................l..............@....rdata...Q.......R...n..............@..@.pdata..X...........................@..@.xdata..............................@..@.bss.....................................edata....... ......................@..@.idata..T....0......................@....CRT....X....@......................@....tls.........P......................@....rsrc........`......................@....reloc.......p......................@..B................................................................................................................................

                                                                          C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\swscale-7.dll

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):707200
                                                                          Entropy (8bit):6.610520126248797
                                                                          Encrypted:false
                                                                          SSDEEP:12288:hTl8xt5jEuhuoWZz8Rt5brZcXVEZMbYwepVQ0G6ddTD8qevJMLf50555555555mj:hZ8xt5jEuhuoWZz8Rt5brZcXVEZMbYJz
                                                                          MD5:1144E36E0F8F739DB55A7CF9D4E21E1B
                                                                          SHA1:9FA49645C0E3BAE0EDD44726138D7C72EECE06DD
                                                                          SHA-256:65F8E4D76067C11F183C0E1670972D81E878E6208E501475DE514BC4ED8638FD
                                                                          SHA-512:A82290D95247A67C4D06E5B120415318A0524D00B9149DDDD8B32E21BBD0EE4D86BB397778C4F137BF60DDD4167EE2E9C6490B3018031053E9FE3C0D0B3250E7
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...........-.....&"...&............P.....................................................`... ......................................P.......`..........x....P......8...H'......................................(....................c..`............................text...(...........................`..`.data...............................@....rdata...s.......t..................@..@.pdata.......P...0...&..............@..@.xdata...9.......:...V..............@..@.bss.....................................edata.......P......................@..@.idata.......`......................@....CRT....`....p......................@....tls................................@....rsrc...x...........................@....reloc..............................@..B................................................................................................................................

                                                                          C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\una_front\classes.jsa

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):12124160
                                                                          Entropy (8bit):4.1175508751036585
                                                                          Encrypted:false
                                                                          SSDEEP:49152:opbNLHjtBKapOZoWPQ8MQvfyf3t+WpskQS+ZSZmpPwoe5GOSwleJiXACPQDk8p8j:o9NDU1eB1
                                                                          MD5:8A13CBE402E0BBF3DA56315F0EBA7F8E
                                                                          SHA1:EE8B33FA87D7FA04B9B7766BCF2E2C39C4F641EA
                                                                          SHA-256:7B5E6A18A805D030779757B5B9C62721200AD899710FF930FC1C72259383278C
                                                                          SHA-512:46B804321AB1642427572DD141761E559924AF5D015F3F1DD97795FB74B6795408DEAD5EA822D2EB8FBD88E747ECCAD9C3EE8F9884DFDB73E87FAD7B541391DA
                                                                          Malicious:false
                                                                          Preview:.................*.\.....................................+................................Ol.....................................">.............................d..3......................A.......@...... t.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................(#......(............... ................Java HotSpot(TM) 64-Bit Server VM (15.0.1+9-18) for windows-amd64 JRE (15.0.1+9-18), built on Sep 15 2020 14:43:54 by "mach5one" with unknown MS VC++:1925....................................................................................................................................................

                                                                          C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\una_front\java.datatransfer.jmod

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:Java jmod module version 1.0
                                                                          Category:dropped
                                                                          Size (bytes):51389
                                                                          Entropy (8bit):7.916683616123071
                                                                          Encrypted:false
                                                                          SSDEEP:768:GO5DN7hkJDEnwQm0aCDOdC4Lk1eo8eNEyu/73vVjPx5S+3TYWFwSvZt6xdWDvw:GO5h7hkREnyvo8QBuDNjfvD1/3vw
                                                                          MD5:8F4C0388762CD566EAE3261FF8E55D14
                                                                          SHA1:B6C5AA0BBFDDE8058ABFD06637F7BEE055C79F4C
                                                                          SHA-256:AAEFACDD81ADEEC7DBF9C627663306EF6B8CDCDF8B66E0F46590CAA95CE09650
                                                                          SHA-512:1EF4D8A9D5457AF99171B0D70A330B702E275DCC842504579E24FC98CC0B276F8F3432782E212589FC52AA93BBBC00A236FE927BE0D832DD083E8F5EBDEB67C2
                                                                          Malicious:false
                                                                          Preview:JM..PK.........n/Q................classes/module-info.classeP.N.0..../.$...pAM.D.p..!!..X...m.d'.....P7...biw..Y.?._...pM.m..X.q..2.D8o...o.0.J.s...,...".'..>..F..r..M..G.L......!.je.BG....:v.;..a@...Y...3..?.Y....\.m.).CBwn......'.N..+G+^*#.j...R.A..qV.1o...p.....|._.-N$.!.;X....|....G......qi.W{PK...^0.........PK.........n/Q............-...classes/java/awt/datatransfer/Clipboard.class.X.w.W....c...-.Ii...#.P..........@(`.......3.....R...........<....h..W.z......=.=~....l..DN..............;y.@7..#....2.P.._.WR.b.Km..f......9w1T...A.....d..b.r.Ie.Gq,..U+.kcC.be.*.eTe......K3.usU.2...Pe.4T.aYz....>!..q..3.dL.Q..fh/#..P.t.;.f,.."..7..v.(..K7}.2nZ;.Mg..OuzU..c.....!wR.xz....7...tG..d.ED..3...fs.{n\...x...r.!.#X.6.Ke.v........1n.P......#..P...J....)^.dt....k...k...F5...e$.d...=~Do.*t.2....KX....B.#Ha..U2n.j...+fh&....&.zk,.....>...aQ......kj...:.h.Q.uTv.B ......N....*..r'..x..D.4.`k 76fZ....fG..#.....7.4.:w..6....#...x..>lfh.B'.....'l..V.....5..H..

                                                                          C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\una_front\java.instrument.jmod

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:Java jmod module version 1.0
                                                                          Category:dropped
                                                                          Size (bytes):41127
                                                                          Entropy (8bit):7.961466748192397
                                                                          Encrypted:false
                                                                          SSDEEP:768:L0xH2Z5C7/c8GqFsHWShYYptTpmPSB4gTQSq4Yz1jHoAsbjX:wxH66/crqiH3tTVTsSVYz1jIAsfX
                                                                          MD5:D039093C051B1D555C8F9B245B3D7FA0
                                                                          SHA1:C81B0DAEDAB28354DEA0634B9AE9E10EE72C4313
                                                                          SHA-256:4A495FC5D119724F7D40699BB5D2B298B0B87199D09129AEC88BBBDBC279A68D
                                                                          SHA-512:334FD85ACE22C90F8D4F82886EEF1E6583184369A031DCEE6E0B6624291F231D406A2CEC86397C1B94D535B36A5CF7CB632BB9149B8518B794CBFA1D18A2478F
                                                                          Malicious:false
                                                                          Preview:JM..PK.........n/Q................classes/module-info.classU.M..0..../..........LL...*A.$.t.\x..e,U.N.N..7o.....=B+..,.@..:.`.....`....L.,.".B.M......:...._..uBGf.5.M..g..."..8K\..B.".z..|=6.=1.KB..v,.yJ0/......[.r..OU`....Q}...kP.94oh...b..K{...].'PK........#...PK.........n/Q............2...classes/java/lang/instrument/ClassDefinition.class.SMo.@.}.8q.4M.@.h..b;... ..d.RP$.c...#g...#@.....@.G..........7o.......@.-..J.T.eT..'.......tt.=.P9.C_t.J.5... ...Y...z|*.(..TE...e.....(.......v?pg....<...I.1.:....H.U...1.)..p...P.......|...04..Q..2...%..8~.......#..p"...n..<.Uq..=..:.c..1.2...x.o.w..#....^?q.I..:..Y...6...N..c..>2.k.U...L..&V.H...%....y...[.~GJ...B/M......%...t....+.I.E....H..}....m..j_..8C...:.n...(*..z..Z.Q...$....a.}..T.xW.$....52...T.o..mSL_~.L.FM....W.z.I.]....)..e.....A..$..xH...Td...0i..."...0X....PK..X..~........PK.........n/Q............7...classes/java/lang/instrument/ClassFileTransformer.class.S.n.@.=.8.M.n..b^-/..G..

                                                                          C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\una_front\java.logging.jmod

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:Java jmod module version 1.0
                                                                          Category:dropped
                                                                          Size (bytes):113725
                                                                          Entropy (8bit):7.928841651831531
                                                                          Encrypted:false
                                                                          SSDEEP:3072:6jB5A+VPT8IdtpHAUfEzhLpIrxbt2rlnH6:6ZRTPHgU2pItshH6
                                                                          MD5:3A03EF8F05A2D0472AE865D9457DAB32
                                                                          SHA1:7204170A08115A16A50D5A06C3DE7B0ADB6113B1
                                                                          SHA-256:584D15427F5B0AC0CE4BE4CAA2B3FC25030A0CF292F890C6D3F35836BC97FA6D
                                                                          SHA-512:1702C6231DAAB27700160B271C3D6171387F89DA0A97A3725B4B9D404C94713CB09BA175DE8E78A8F0CBD8DD0DD73836A38C59CE8D1BD38B4F57771CF9536E77
                                                                          Malicious:false
                                                                          Preview:JM..PK.........n/Q................classes/module-info.classuQ.N.1.=W......n\1.D.5$&....T...2%....\..~..3(......9.6...o....%..:L...x.=..p..L.......".Gm......*..Z9.R+...}x..$.Y,,..-..z..{.v.K..:9m[.dl....Q#t..F$:5c..h.*.^x".8 \N..A!....O....@.0.Z....p]......0_(.mB...=.J..<.k"4....g<......M$,....:Kz|..^.........8q..{...}.*G....p.S.W...l.M.....PK..R...).......PK.........n/Q................classes/java/util/logging/ConsoleHandler.class}S[o.A...KW..jk.....jy...K.b.R.mH|.......2.K....h...G..,..K...s..r......7....d.u....C...y3..j*..2...1..!wx..2T:.T...b.^..`.D[...0....n.cXy#C..e...=.E.....]..%L..<x.....W........z..u.s..a.e..Zq..-.E@n.!..)....F...\.E...<...[.;W..t.i%.mT".w.x..(.m,...r.....tZ..vPepFI_...D..b..0.U...S;....XP.@..C.#Cq..}aNy_..ZG...q#m<;..g2b.]"..Y.....[7."+..#"wOtb..-..."..@..(.>Y0......C.h...?.~..8A.Mp.....N....Z$ .E...."o.E.uz3;..m.P.z.....7...?.'.q>...2mN.gLv...q1..[}..@~..M.....K..sS.....PK....0w........PK.........n/Q............,...classes/ja

                                                                          C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\una_front\java.management.jmod

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:Java jmod module version 1.0
                                                                          Category:dropped
                                                                          Size (bytes):896846
                                                                          Entropy (8bit):7.923431656723031
                                                                          Encrypted:false
                                                                          SSDEEP:12288:3xz+ej0yUGnip25kAyyrAm0G4hcpbLIWFWb4YNlgWUz4u5cnLXlAVz/Q+9Ec8zCU:3cZpcryy8mp4hpSxWUQuV//yDXX
                                                                          MD5:C6FBB7D49CAA027010C2A817D80CA77C
                                                                          SHA1:4191E275E1154271ABF1E54E85A4FF94F59E7223
                                                                          SHA-256:1C8D9EFAEB087AA474AD8416C3C2E0E415B311D43BCCA3B67CBF729065065F09
                                                                          SHA-512:FDDC31FA97AF16470EA2F93E3EF206FFB217E4ED8A5C379D69C512652987E345CB977DB84EDA233B190181C6E6E65C173062A93DB3E6BB9EE7E71472C9BBFE34
                                                                          Malicious:false
                                                                          Preview:JM..PK.........n/Q................classes/module-info.class.S.N.A.=-.............^PQP4F..|..]{.........S|...(cu/..i.d.z...[....'.M|`.M.GrI.).1.4...8...V.b.EE.Rg...zV.K......Os.W.S?.e.GY.Q`.od..d..Zf....2>.B.29.D.3L7...M&....8.;..2...}..n..n.g...S. ?..._V..Q..9mBo0L..~dD.t.c.ric..2r5qLvr..V....Sm..I}.}.a..Od$2e..M.v.m..w....L..s.C.;...#.f..Ln.......5..9.2....5......P......M.$V.|;...'mw.Vl.2....D..1%.l.a..o...O....!.......h...9V.L.x..?..n]/.6......iVe..{.4.K..s.[....y..|2....3,`.a.....H69.a.;09.5K.C....a_.G.`Jm...ER......9I.D.n...Wp........%..WI...tf..pg5..SN.8y..Y'.:9....U.pq.....}.]X..aE....^t..x.l...^....m.#.......a."r.l.2..Lf).y.^.h..u....PK....N.i.......PK.........n/Q............0...classes/com/sun/jmx/defaults/JmxProperties.class.UMS#U.=.aH.4.4.....J2...h..6v.L2q.......tS.)F........\.....Y..h2...*...{.......w..8Ha.....p.C.c..C;..^+S...F.0..xNt....J5.$.b.og..9l.g....Q..k......"..I....b....-..^.n..<x..4.$pY.(..,\~.F..0...Z<`X[...(p...u^.

                                                                          C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\utest.dll

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):639224
                                                                          Entropy (8bit):6.219852228773659
                                                                          Encrypted:false
                                                                          SSDEEP:12288:FgLcjQQPKZZK8aF4yBj3Fnx4DMDO8jalo:FggjQKuyDnxvOYaC
                                                                          MD5:01DACEA3CBE5F2557D0816FC64FAE363
                                                                          SHA1:566064A9CB1E33DB10681189A45B105CDD504FD4
                                                                          SHA-256:B4C96B1E5EEE34871D9AB43BCEE8096089742032C0669DF3C9234941AAC3D502
                                                                          SHA-512:C22BFE54894C26C0BD8A99848B33E1B9A9859B3C0C893CB6039F9486562C98AA4CEAB0D28C98C1038BD62160E03961A255B6F8627A7B2BB51B86CC7D6CBA9151
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........*...D..D..D.....D.1J...D...@..D...G..D...A..D...E..D..E..D...E..D..E.O.D...A..D...D..D......D.....D...F..D.Rich..D.........PE..d.....-a.........." ...............................................................E..... .....................................................,.......@....p..xK..................`...T.......................(.......................(............................text............................... ..`.rdata..H=.......>..................@..@.data....H... ...@..................@....pdata..xK...p...L...J..............@..@.rsrc...@...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\vcruntime140.dll

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):98224
                                                                          Entropy (8bit):6.452201564717313
                                                                          Encrypted:false
                                                                          SSDEEP:1536:ywqHLG4SsAzAvadZw+1Hcx8uIYNUzUoHA4decbK/zJNuw6z5U:ytrfZ+jPYNzoHA4decbK/FNu51U
                                                                          MD5:F34EB034AA4A9735218686590CBA2E8B
                                                                          SHA1:2BC20ACDCB201676B77A66FA7EC6B53FA2644713
                                                                          SHA-256:9D2B40F0395CC5D1B4D5EA17B84970C29971D448C37104676DB577586D4AD1B1
                                                                          SHA-512:D27D5E65E8206BD7923CF2A3C4384FEC0FC59E8BC29E25F8C03D039F3741C01D1A8C82979D7B88C10B209DB31FBBEC23909E976B3EE593DC33481F0050A445AF
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......*..qn.."n.."n.."...#l.."g.."e.."n.."B.."<..#c.."<..#~.."<..#q.."<..#o.."<.g"o.."<..#o.."Richn.."................PE..d...%|.a.........." .........`......p................................................{....`A.........................................B..4....J...............p..X....X...'..........h,..T............................,..8............................................text............................... ..`.rdata...@.......B..................@..@.data...@....`.......@..............@....pdata..X....p.......D..............@..@_RDATA...............P..............@..@.rsrc................R..............@..@.reloc...............V..............@..B........................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\vcruntime140_1.dll

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):37256
                                                                          Entropy (8bit):6.297533243519742
                                                                          Encrypted:false
                                                                          SSDEEP:384:5hnvMCmWEKhUcSLt5a9k6KrOE5fY/ntz5txWE6Wc+Xf0+uncS7IO5WrCKWU/tQ0g:YCm5KhUcwrHY/ntTxT6ov07b4SwY1zl
                                                                          MD5:135359D350F72AD4BF716B764D39E749
                                                                          SHA1:2E59D9BBCCE356F0FECE56C9C4917A5CACEC63D7
                                                                          SHA-256:34048ABAA070ECC13B318CEA31425F4CA3EDD133D350318AC65259E6058C8B32
                                                                          SHA-512:CF23513D63AB2192C78CAE98BD3FEA67D933212B630BE111FA7E03BE3E92AF38E247EB2D3804437FD0FDA70FDC87916CD24CF1D3911E9F3BFB2CC4AB72B459BA
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......D_.O.>...>...>...N...>..RK...>...F^..>...>..1>..RK...>..RK...>..RK...>..RK...>..RK2..>..RK...>..Rich.>..........................PE..d...)|.a.........." .....:...6......`A....................................................`A.........................................l.......m..x....................n...#......<...(b..T............................b..8............P..X............................text...e9.......:.................. ..`.rdata.. "...P...$...>..............@..@.data... ............b..............@....pdata...............d..............@..@.rsrc................h..............@..@.reloc..<............l..............@..B................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\w32-pthreads.dll

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):53576
                                                                          Entropy (8bit):6.371750593889357
                                                                          Encrypted:false
                                                                          SSDEEP:1536:ij2SSS5nVoSiH/pOfv3Q3cY37Hx1nI6q:GhSSntiH/pOfvAf3
                                                                          MD5:E1EEBD44F9F4B52229D6E54155876056
                                                                          SHA1:052CEA514FC3DA5A23DE6541F97CD4D5E9009E58
                                                                          SHA-256:D96F2242444A334319B4286403D4BFADAF3F9FCCF390F3DD40BE32FB48CA512A
                                                                          SHA-512:235BB9516409A55FE7DDB49B4F3179BDCA406D62FD0EC1345ACDDF032B0F3F111C43FF957D4D09AD683D39449C0FFC4C050B387507FADF5384940BD973DAB159
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........*.<.K.o.K.o.K.o.3.o.K.oK7.n.K.oK7so.K.oK7.n.K.oK7.n.K.oK7.n.K.o'9.n.K.o.K.o.K.o,6.n.K.o,6.n.K.o,6qo.K.o.K.o.K.o,6.n.K.oRich.K.o........PE..d....Q............" ...#.b...J.......f............................................../.....`............................................X...(...........................H'......8.......p...........................P...@...............@............................text...ha.......b.................. ..`.rdata..P,...........f..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..8...........................@..B........................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\zlib.dll

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):144200
                                                                          Entropy (8bit):6.592048391646652
                                                                          Encrypted:false
                                                                          SSDEEP:1536:GjxOs8gLeu4iSssNiTh9Yks32X3KqVy5SmBolzXfqLROJA0o1ZXMvr7Rn6dheIOI:I34iDsG5vm4bfqFKoDmr7h2MHTtwV6K
                                                                          MD5:3A0DBC5701D20AA87BE5680111A47662
                                                                          SHA1:BC581374CA1EBE8565DB182AC75FB37413220F03
                                                                          SHA-256:D53BC4348AD6355C20F75ED16A2F4F641D24881956A7AE8A0B739C0B50CF8091
                                                                          SHA-512:4740945606636C110AB6C365BD1BE6377A2A9AC224DE6A79AA506183472A9AD0641ECC63E5C5219EE8097ADEF6533AB35E2594D6F8A91788347FDA93CDB0440E
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...&............P....................................................`... ......................................0..|....@..8....p..................H'......................................(....................A..p............................text...............................`..`.data...............................@....rdata...W.......X..................@..@.pdata..............................@..@.xdata..............................@..@.bss......... ...........................edata..|....0......................@..@.idata..8....@......................@....CRT....X....P......................@....tls.........`......................@....rsrc........p......................@....reloc..............................@..B................................................................................................................................

                                                                          C:\Users\user\AppData\Roaming\Microsoft\Installer\{DC285C62-6022-4429-B008-80582989EC47}\icon_35.exe

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:MS Windows icon resource - 9 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, -128x-128, 32 bits/pixel
                                                                          Category:dropped
                                                                          Size (bytes):172242
                                                                          Entropy (8bit):3.920583934112822
                                                                          Encrypted:false
                                                                          SSDEEP:768:v+U57GB0uPJGGbN99NvQIUfGQ9zSN75NsnKcKgM90be1ERgygKEmw:GU5IH2II/+VyKkbIEgKEv
                                                                          MD5:38EADA415479858E73B3791D1A2F2A8A
                                                                          SHA1:53972C0D6830BB51F5E324D16675FFCE7AC67A69
                                                                          SHA-256:9E5A10145DD2A9AFB76B584FFCAEB50C1A7D5C87EA9F6ECB2A70CBF6B79F58B0
                                                                          SHA-512:F244025DF4CFCC7316E70E45CE0AEEE448253A92A1EF2BCAA4B2F45FD383BE88C38D24AB2629631EEA6BDDDE98207135EE0C7DF82AC7911B6A15B7C2279FE83B
                                                                          Malicious:false
                                                                          Preview:............ .|(............ .(....)..``.... .....:1..HH.... ..T......@@.... .(B..j...00.... ..%...\.. .... .....:......... .............. .h...j....PNG........IHDR.............\r.f....pHYs..........o.d.. .IDATx...y....7..^f..a.qaQ.M@e...f0....,.'.<.sN.3.&...F..&.%F.g@.MBD......j4n.A`......G3..=.t.R...9s...U_g....w.W...~....(....`..)G#..@OVli....0vL.l.\...(..D*..PT..3|...K:.mn..6BQ....H..j..)'A8...A8..K....sr....g ...@..u.f1.b"..L.p..4....X.....m.0..\ .O.;W..j.4..os&....Y....k.3....W....c0}..a0>..........-b@.@....Y L.0..K.tI+.`..m.....@.@.@..._....re........^.p.\.-..)...`.......i..4"..ee83)....l ..0... ...W.........\.NX.gJ...c..{4S!c....f.0]...s3.>.#.`.0.D.... .+K.........\.r..CR.b`.c.. ..,.2..j.y{.RA4....7..........r.mq|IO.@.l|..!D......2.Lt.Q)...`..K...t/@[.TRI.Q..KFR."h.c....w........aQ...`...\U.W.O...\n.z..).a....J..A.zYYl0..)....._..+..........~.$.....i.}....L.....xR.!.......C.,..x=.V..:.D$. DO.{.r...{Y)1@...]......U.O..Kr..Z.U"...]..G......Y.du<"@.@

                                                                          C:\Windows\Installer\6a2334.msi

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Security: 0, Code page: 1252, Revision Number: {24FEC9C5-BDA4-4EA9-B041-0F82C468C613}, Number of Words: 10, Subject: Fira App, Author: Hypera Cisia Quero, Name of Creating Application: Fira App, Template: x64;2057, Comments: This installer database contains the logic and data required to install Fira App., Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Sat Jan 11 11:50:51 2025, Last Saved Time/Date: Sat Jan 11 11:50:51 2025, Last Printed: Sat Jan 11 11:50:51 2025, Number of Pages: 450
                                                                          Category:dropped
                                                                          Size (bytes):60682240
                                                                          Entropy (8bit):7.215725349756504
                                                                          Encrypted:false
                                                                          SSDEEP:786432:IrBQuVmrjV7eIAteQOTZboh7DaQvJZ+16ZhHNY9jyWSwXO/hdYO:IrBVmrjV7eIvQOTZbcaQvO16Zh4W3Y
                                                                          MD5:369F5B71C3C82B0236DE3582FD05E537
                                                                          SHA1:7796A692F3FF9882D8839ADF91B0716A8205C67E
                                                                          SHA-256:669CDE998D0245CEAAD815E30C1AB30D8AD94011E1179B9CBB76B68CD6480429
                                                                          SHA-512:0D0F5A40D35F1224B4FFF702876091952CB37DE8C2AB7F6F6C12905FBFF12F974AF82AE218E0895A6A8D75375D3808A4E862BD7B3973FABF6B907826B9733703
                                                                          Malicious:false
                                                                          Preview:......................>............................................2..................................................................x...............................................................................................................................................%...&...'...(...)...*...................................................Z"..."..E#..F#..G#..H#..I#..J#..K#..L#..M#..N#..O#..P#..Q#..R#..S#..T#..U#...+...+...,...,...,...,...,...,...,..-0...0../0..00...2...2...2...2...2...2...2...2..............d...........................8...............B................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-...7.../...0...1...2...3...4...5...6.......9...M...:...;...<...=...>...?...@...A...D...C...J...E...F...G...H...I...X...K...L...e...N...O...P...Q...R...S...T...U...V...W...("..""..Z...[...\...]...^..._...`...a...b...c.......~...f...g...h...i...j...k...l...m...n...o...p...q...r.......t...u...v...w...x...y...z...

                                                                          C:\Windows\Installer\6a2337.msi

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Security: 0, Code page: 1252, Revision Number: {24FEC9C5-BDA4-4EA9-B041-0F82C468C613}, Number of Words: 10, Subject: Fira App, Author: Hypera Cisia Quero, Name of Creating Application: Fira App, Template: x64;2057, Comments: This installer database contains the logic and data required to install Fira App., Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Sat Jan 11 11:50:51 2025, Last Saved Time/Date: Sat Jan 11 11:50:51 2025, Last Printed: Sat Jan 11 11:50:51 2025, Number of Pages: 450
                                                                          Category:dropped
                                                                          Size (bytes):60682240
                                                                          Entropy (8bit):7.215725349756504
                                                                          Encrypted:false
                                                                          SSDEEP:786432:IrBQuVmrjV7eIAteQOTZboh7DaQvJZ+16ZhHNY9jyWSwXO/hdYO:IrBVmrjV7eIvQOTZbcaQvO16Zh4W3Y
                                                                          MD5:369F5B71C3C82B0236DE3582FD05E537
                                                                          SHA1:7796A692F3FF9882D8839ADF91B0716A8205C67E
                                                                          SHA-256:669CDE998D0245CEAAD815E30C1AB30D8AD94011E1179B9CBB76B68CD6480429
                                                                          SHA-512:0D0F5A40D35F1224B4FFF702876091952CB37DE8C2AB7F6F6C12905FBFF12F974AF82AE218E0895A6A8D75375D3808A4E862BD7B3973FABF6B907826B9733703
                                                                          Malicious:false
                                                                          Preview:......................>............................................2..................................................................x...............................................................................................................................................%...&...'...(...)...*...................................................Z"..."..E#..F#..G#..H#..I#..J#..K#..L#..M#..N#..O#..P#..Q#..R#..S#..T#..U#...+...+...,...,...,...,...,...,...,..-0...0../0..00...2...2...2...2...2...2...2...2..............d...........................8...............B................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-...7.../...0...1...2...3...4...5...6.......9...M...:...;...<...=...>...?...@...A...D...C...J...E...F...G...H...I...X...K...L...e...N...O...P...Q...R...S...T...U...V...W...("..""..Z...[...\...]...^..._...`...a...b...c.......~...f...g...h...i...j...k...l...m...n...o...p...q...r.......t...u...v...w...x...y...z...

                                                                          C:\Windows\Installer\MSI2B90.tmp

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):1021792
                                                                          Entropy (8bit):6.608727172078022
                                                                          Encrypted:false
                                                                          SSDEEP:24576:2Nmq6KGDx4JYKcP/+h0lhSMXl+GGXo8Wea/xwuX:Ymq6KGk/cHrOGGY8Wea/xwuX
                                                                          MD5:EE09D6A1BB908B42C05FD0BEEB67DFD2
                                                                          SHA1:1EB7C1304B7BCA649C2A5902B18A1EA57CEAA532
                                                                          SHA-256:7BBF611F5E2A16439DC8CD11936F6364F6D5CC0044545C92775DA5646AFC7752
                                                                          SHA-512:2DD2E4E66D2F2277F031C5F3C829A31C3B29196AB27262C6A8F1896A2113A1BE1687C9E8CD9667B89157F099DFB969EF14AE3EA602D4C772E960BC41D39C3D05
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......ia.p-..#-..#-..#].."!..#].."...#=..":..#=.."<..#=.."b..#].."7..#]..",..#].."...#-..#...#e.."T..#e..",..#e..#,..#-.g#,..#e..",..#Rich-..#........................PE..L.....$g.........."!...).....`...... ........ ...........................................@A............................L...,...@....................Z..`=......\....K..p....................L...... K..@............ ...............................text............................... ..`.rdata....... ......................@..@.data....(..........................@....fptable............................@....rsrc...............................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................

                                                                          C:\Windows\Installer\MSI2C2E.tmp

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):1021792
                                                                          Entropy (8bit):6.608727172078022
                                                                          Encrypted:false
                                                                          SSDEEP:24576:2Nmq6KGDx4JYKcP/+h0lhSMXl+GGXo8Wea/xwuX:Ymq6KGk/cHrOGGY8Wea/xwuX
                                                                          MD5:EE09D6A1BB908B42C05FD0BEEB67DFD2
                                                                          SHA1:1EB7C1304B7BCA649C2A5902B18A1EA57CEAA532
                                                                          SHA-256:7BBF611F5E2A16439DC8CD11936F6364F6D5CC0044545C92775DA5646AFC7752
                                                                          SHA-512:2DD2E4E66D2F2277F031C5F3C829A31C3B29196AB27262C6A8F1896A2113A1BE1687C9E8CD9667B89157F099DFB969EF14AE3EA602D4C772E960BC41D39C3D05
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......ia.p-..#-..#-..#].."!..#].."...#=..":..#=.."<..#=.."b..#].."7..#]..",..#].."...#-..#...#e.."T..#e..",..#e..#,..#-.g#,..#e..",..#Rich-..#........................PE..L.....$g.........."!...).....`...... ........ ...........................................@A............................L...,...@....................Z..`=......\....K..p....................L...... K..@............ ...............................text............................... ..`.rdata....... ......................@..@.data....(..........................@....fptable............................@....rsrc...............................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................

                                                                          C:\Windows\Installer\MSI2C7D.tmp

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):1021792
                                                                          Entropy (8bit):6.608727172078022
                                                                          Encrypted:false
                                                                          SSDEEP:24576:2Nmq6KGDx4JYKcP/+h0lhSMXl+GGXo8Wea/xwuX:Ymq6KGk/cHrOGGY8Wea/xwuX
                                                                          MD5:EE09D6A1BB908B42C05FD0BEEB67DFD2
                                                                          SHA1:1EB7C1304B7BCA649C2A5902B18A1EA57CEAA532
                                                                          SHA-256:7BBF611F5E2A16439DC8CD11936F6364F6D5CC0044545C92775DA5646AFC7752
                                                                          SHA-512:2DD2E4E66D2F2277F031C5F3C829A31C3B29196AB27262C6A8F1896A2113A1BE1687C9E8CD9667B89157F099DFB969EF14AE3EA602D4C772E960BC41D39C3D05
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......ia.p-..#-..#-..#].."!..#].."...#=..":..#=.."<..#=.."b..#].."7..#]..",..#].."...#-..#...#e.."T..#e..",..#e..#,..#-.g#,..#e..",..#Rich-..#........................PE..L.....$g.........."!...).....`...... ........ ...........................................@A............................L...,...@....................Z..`=......\....K..p....................L...... K..@............ ...............................text............................... ..`.rdata....... ......................@..@.data....(..........................@....fptable............................@....rsrc...............................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................

                                                                          C:\Windows\Installer\MSI2CAD.tmp

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):1021792
                                                                          Entropy (8bit):6.608727172078022
                                                                          Encrypted:false
                                                                          SSDEEP:24576:2Nmq6KGDx4JYKcP/+h0lhSMXl+GGXo8Wea/xwuX:Ymq6KGk/cHrOGGY8Wea/xwuX
                                                                          MD5:EE09D6A1BB908B42C05FD0BEEB67DFD2
                                                                          SHA1:1EB7C1304B7BCA649C2A5902B18A1EA57CEAA532
                                                                          SHA-256:7BBF611F5E2A16439DC8CD11936F6364F6D5CC0044545C92775DA5646AFC7752
                                                                          SHA-512:2DD2E4E66D2F2277F031C5F3C829A31C3B29196AB27262C6A8F1896A2113A1BE1687C9E8CD9667B89157F099DFB969EF14AE3EA602D4C772E960BC41D39C3D05
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......ia.p-..#-..#-..#].."!..#].."...#=..":..#=.."<..#=.."b..#].."7..#]..",..#].."...#-..#...#e.."T..#e..",..#e..#,..#-.g#,..#e..",..#Rich-..#........................PE..L.....$g.........."!...).....`...... ........ ...........................................@A............................L...,...@....................Z..`=......\....K..p....................L...... K..@............ ...............................text............................... ..`.rdata....... ......................@..@.data....(..........................@....fptable............................@....rsrc...............................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................

                                                                          C:\Windows\Installer\MSI2D3A.tmp

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):1201504
                                                                          Entropy (8bit):6.4557937684843365
                                                                          Encrypted:false
                                                                          SSDEEP:24576:W4FsQxRqkY1ngOktwC2Tec+4VGWSlnH/YrjPWeTIUGVUrHtAkJMsFUh29BKjxw:D2QxNwCsec+4VGWSlnfYvO3UGVUrHtAg
                                                                          MD5:E83D774F643972B8ECCDB3A34DA135C5
                                                                          SHA1:A58ECCFB12D723C3460563C5191D604DEF235D15
                                                                          SHA-256:D0A6F6373CFB902FCD95BC12360A9E949F5597B72C01E0BD328F9B1E2080B5B7
                                                                          SHA-512:CB5FF0E66827E6A1FA27ABDD322987906CFDB3CDB49248EFEE04D51FEE65E93B5D964FF78095866E197448358A9DE9EC7F45D4158C0913CBF0DBD849883A6E90
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............@G..@G..@G.yCF..@G.yEF..@G.|CF..@G.|DF..@G.|EF..@G.yDF..@G.yAF..@G..AG..@G.}IF..@G.}@F..@G.}.G..@G...G..@G.}BF..@GRich..@G........PE..L...'.$g.........."!...).~..........Pq.......................................`......0.....@A........................ ...t...............................`=.......l......p........................... ...@...............L............................text...J}.......~.................. ..`.rdata...;.......<..................@..@.data...............................@....fptable............................@....rsrc...............................@..@.reloc...l.......n..................@..B........................................................................................................................................................................................................................................................

                                                                          C:\Windows\Installer\MSI2D6A.tmp

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):1021792
                                                                          Entropy (8bit):6.608727172078022
                                                                          Encrypted:false
                                                                          SSDEEP:24576:2Nmq6KGDx4JYKcP/+h0lhSMXl+GGXo8Wea/xwuX:Ymq6KGk/cHrOGGY8Wea/xwuX
                                                                          MD5:EE09D6A1BB908B42C05FD0BEEB67DFD2
                                                                          SHA1:1EB7C1304B7BCA649C2A5902B18A1EA57CEAA532
                                                                          SHA-256:7BBF611F5E2A16439DC8CD11936F6364F6D5CC0044545C92775DA5646AFC7752
                                                                          SHA-512:2DD2E4E66D2F2277F031C5F3C829A31C3B29196AB27262C6A8F1896A2113A1BE1687C9E8CD9667B89157F099DFB969EF14AE3EA602D4C772E960BC41D39C3D05
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......ia.p-..#-..#-..#].."!..#].."...#=..":..#=.."<..#=.."b..#].."7..#]..",..#].."...#-..#...#e.."T..#e..",..#e..#,..#-.g#,..#e..",..#Rich-..#........................PE..L.....$g.........."!...).....`...... ........ ...........................................@A............................L...,...@....................Z..`=......\....K..p....................L...... K..@............ ...............................text............................... ..`.rdata....... ......................@..@.data....(..........................@....fptable............................@....rsrc...............................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................

                                                                          C:\Windows\Installer\MSI2DAA.tmp

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):1021792
                                                                          Entropy (8bit):6.608727172078022
                                                                          Encrypted:false
                                                                          SSDEEP:24576:2Nmq6KGDx4JYKcP/+h0lhSMXl+GGXo8Wea/xwuX:Ymq6KGk/cHrOGGY8Wea/xwuX
                                                                          MD5:EE09D6A1BB908B42C05FD0BEEB67DFD2
                                                                          SHA1:1EB7C1304B7BCA649C2A5902B18A1EA57CEAA532
                                                                          SHA-256:7BBF611F5E2A16439DC8CD11936F6364F6D5CC0044545C92775DA5646AFC7752
                                                                          SHA-512:2DD2E4E66D2F2277F031C5F3C829A31C3B29196AB27262C6A8F1896A2113A1BE1687C9E8CD9667B89157F099DFB969EF14AE3EA602D4C772E960BC41D39C3D05
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......ia.p-..#-..#-..#].."!..#].."...#=..":..#=.."<..#=.."b..#].."7..#]..",..#].."...#-..#...#e.."T..#e..",..#e..#,..#-.g#,..#e..",..#Rich-..#........................PE..L.....$g.........."!...).....`...... ........ ...........................................@A............................L...,...@....................Z..`=......\....K..p....................L...... K..@............ ...............................text............................... ..`.rdata....... ......................@..@.data....(..........................@....fptable............................@....rsrc...............................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................

                                                                          C:\Windows\Installer\MSI4B74.tmp

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):380520
                                                                          Entropy (8bit):6.512348002260683
                                                                          Encrypted:false
                                                                          SSDEEP:6144:ZSXJmYiFGLzkhEFeCPGi5B8dZ6t+6bUSfcqKgAST:ZSXJ9khElPGvcttbxpAST
                                                                          MD5:FFDAACB43C074A8CB9A608C612D7540B
                                                                          SHA1:8F054A7F77853DE365A7763D93933660E6E1A890
                                                                          SHA-256:7484797EA4480BC71509FA28B16E607F82323E05C44F59FFA65DB3826ED1B388
                                                                          SHA-512:A9BD31377F7A6ECF75B1D90648847CB83D8BD65AD0B408C4F8DE6EB50764EEF1402E7ACDFF375B7C3B07AC9F94184BD399A10A22418DB474908B5E7A1ADFE263
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^..?{..?{..?{..x..?{..~..?{...x..?{......?{...~..?{.....?{..z..?{..?z..>{..r..?{..{..?{....?{..?.?{..y..?{.Rich.?{.........PE..L...>.$g.........."!...)..................... .......................................'....@A........................@3..X....3.......... ...............h:.......6..@...p...............................@............ ..(............................text...J........................... ..`.rdata...$... ...&..................@..@.data....!...P......................@....fptable.............@..............@....rsrc... ............B..............@..@.reloc...6.......8...\..............@..B........................................................................................................................................................................................................................................................

                                                                          C:\Windows\Installer\MSI50A5.tmp

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):191613
                                                                          Entropy (8bit):4.390096107845842
                                                                          Encrypted:false
                                                                          SSDEEP:768:7woSuhc9WTztg+U57GB0uPJGGbN99NvQIUfGQ9zSN75NsnKcKgM90be1ERgygKED:LSL9WTnU5IH2II/+VyKkbIEgKE4A
                                                                          MD5:42373389095958C2D37E9E129C2C0149
                                                                          SHA1:814B9E80B0A2337457D1DA142D666CC52F1BDAEC
                                                                          SHA-256:5482E16971E092393FA573B5803F0DD0E4C9FCBDF7BB2CF349EEF4B8927014D5
                                                                          SHA-512:3360EA95EF9823C0BBC9C18CAE7FCCBF7B9DA260D61CF62C1731A44343F518461E788D1DCB8F8E77174A58F619593A90FE9CDC33743E0A82554E40482FBB5658
                                                                          Malicious:false
                                                                          Preview:...@IXOS.@.....@NK,Z.@.....@.....@.....@.....@.....@......&.{DC285C62-6022-4429-B008-80582989EC47}..Fira App..Setup.msi.@.....@.....@.....@......icon_35.exe..&.{24FEC9C5-BDA4-4EA9-B041-0F82C468C613}.....@.....@.....@.....@.......@.....@.....@.......@......Fira App......Rollback..Rolling back action:....RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration...@3....@.....@.]....&.{F39C344E-A83E-4760-8DA8-F27602095B4F};.C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\.@.......@.....@.....@......&.{BC83E781-7DE2-47A8-97C3-2E6CC9BCAD82}0.21:\Software\Hypera Cisia Quero\Fira App\Version.@.......@.....@.....@......&.{279C32E3-A00A-4513-9A8B-D3984A41A6FB}D.C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\utest.dll.@.......@.....@.....@......&.{B61B35E4-8BE1-4171-B69B-E2423CE9179F}K.C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\vcruntime140.dll.@.......@.....@.....@......&.{FDDB96EE-847D-4B25-85B

                                                                          C:\Windows\Installer\MSI50A6.tmp

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):787808
                                                                          Entropy (8bit):6.693392695195763
                                                                          Encrypted:false
                                                                          SSDEEP:24576:aE33f8zyjmfyY43pNRmkL7mh0lhSMXlEeGXDMGz+:L3fSyjmfyY43pNRp7T0eGwGz+
                                                                          MD5:8CF47242B5DF6A7F6D2D7AF9CC3A7921
                                                                          SHA1:B51595A8A113CF889B0D1DD4B04DF16B3E18F318
                                                                          SHA-256:CCB57BDBB19E1AEB2C8DD3845CDC53880C1979284E7B26A1D8AE73BBEAF25474
                                                                          SHA-512:748C4767D258BFA6AD2664AA05EF7DC16F2D204FAE40530430EF5D1F38C8F61F074C6EC6501489053195B6B6F6E02D29FDE970D74C6AE97649D8FE1FD342A288
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............m..m..m.'n..m.'h.q.m.'i..m.."i..m.."n..m.."h..m.'l..m..l..m.#d..m.#m..m.#...m.....m.#o..m.Rich.m.........PE..L.....$g.........."!...).....4............................................... ............@A........................@J.......J..........................`=......4`...~..p........................... ~..@............................................text............................... ..`.rdata..Z...........................@..@.data...D-...`.......B..............@....fptable.............^..............@....rsrc................`..............@..@.reloc..4`.......b...f..............@..B........................................................................................................................................................................................................................................................

                                                                          C:\Windows\Installer\SourceHash{DC285C62-6022-4429-B008-80582989EC47}

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:Composite Document File V2 Document, Cannot read section info
                                                                          Category:dropped
                                                                          Size (bytes):20480
                                                                          Entropy (8bit):1.161620072247468
                                                                          Encrypted:false
                                                                          SSDEEP:12:JSbX72FjiZJAGiLIlHVRpMh/7777777777777777777777777vDHFgrgp3Xl0i8Q:JY7QI5cQ66F
                                                                          MD5:3F36D6FBA10F6518F1B63ED6E11CB01B
                                                                          SHA1:5C7098BE52662252F36CE563A46033B4D045BD85
                                                                          SHA-256:185DD06447AC3228D20160C5746EF36BAA585C8C3B8AFB21D8EF4C541087F4BB
                                                                          SHA-512:BFE1892C2556CDA00E25371F868E66A82B517F95498DC86D21C6D69B7E11F8B23610703E16CA005276C8BA66BF4DC14CFF32A8B2ED74CF0F485B0042A2B65776
                                                                          Malicious:false
                                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Windows\Installer\inprogressinstallinfo.ipi

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:Composite Document File V2 Document, Cannot read section info
                                                                          Category:dropped
                                                                          Size (bytes):20480
                                                                          Entropy (8bit):1.5639756660834792
                                                                          Encrypted:false
                                                                          SSDEEP:48:d8PhluRc06WXOCjT5Zpj/imiMoAECiCyfSCmjo+XOmmSCmqTZo:Ahl1UjTV/rECQuXs5
                                                                          MD5:81D416D5D898B0A9D28C6175C694EC30
                                                                          SHA1:3204A9AE6920731ACC409692482441B7FD2DC815
                                                                          SHA-256:06B68834D31DCF91015ACF77BC37041E6A7A0C605367820F253F550308A7F6AE
                                                                          SHA-512:3C7CA1FC212F4D81D9A72787C276348378E73841C8DEFDFDC76063641F9D58FB86E64FD75C42342E072F78F9A474AD2A4B635F135C2C4DAB3B32DC6C376F5CF3
                                                                          Malicious:false
                                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                          Category:dropped
                                                                          Size (bytes):432221
                                                                          Entropy (8bit):5.3751673853147155
                                                                          Encrypted:false
                                                                          SSDEEP:1536:6qELG7gK+RaOOp3LCCpfmLgYI66xgFF9Sq8K6MAS2OMUHl6Gin327D22A26KgauH:zTtbmkExhMJCIpErQH
                                                                          MD5:1A4369CF2A5130D8BE52F08A4F402A7D
                                                                          SHA1:6B5021A15B28F4735E719DDBD1576AEE0401C736
                                                                          SHA-256:609C1DAC1655DF39809B41A9BA0D4B60FD45069C53FB0658423A80A79F58FB60
                                                                          SHA-512:2ADEBC9F756A7050CFAA6D59BD196ED28DF6F010D84FFB069E039184F0471CEEB77C8CD300F730A555E421A353D693A48C9CD8741B66170D8266E85880D9296B
                                                                          Malicious:false
                                                                          Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [

                                                                          C:\Windows\Temp\~DF2A67304EE31C430B.TMP

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):512
                                                                          Entropy (8bit):0.0
                                                                          Encrypted:false
                                                                          SSDEEP:3::
                                                                          MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                          SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                          SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                          SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                          Malicious:false
                                                                          Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Windows\Temp\~DF333D070121C50EA6.TMP

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:Composite Document File V2 Document, Cannot read section info
                                                                          Category:dropped
                                                                          Size (bytes):32768
                                                                          Entropy (8bit):1.2535367663957195
                                                                          Encrypted:false
                                                                          SSDEEP:48:GJkduNJvcFXO1T58pj/imiMoAECiCyfSCmjo+XOmmSCmqTZo:GGdfoTy/rECQuXs5
                                                                          MD5:A7705D66494C2C5510EB7AB554E65C18
                                                                          SHA1:955CC92E854FB1D2DE758F98FA521AF04403E43D
                                                                          SHA-256:EFD1C2177DB7F3CAEC3BB1CB149A97AAB3396E718764C13321F3B605D5EA5232
                                                                          SHA-512:CFC32AED273D0CF9E7D3DD13D0645CD97EC94BECC5D811F9FFAE5DD22DF92CFD68F1CABA68E43136F903B300A6588CEAD45706A75569444DBDEE08228FCC4B83
                                                                          Malicious:false
                                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Windows\Temp\~DF360876A0F4455D26.TMP

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):512
                                                                          Entropy (8bit):0.0
                                                                          Encrypted:false
                                                                          SSDEEP:3::
                                                                          MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                          SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                          SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                          SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                          Malicious:false
                                                                          Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Windows\Temp\~DF6E3C46EFF6E06477.TMP

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):512
                                                                          Entropy (8bit):0.0
                                                                          Encrypted:false
                                                                          SSDEEP:3::
                                                                          MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                          SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                          SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                          SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                          Malicious:false
                                                                          Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Windows\Temp\~DF90EBD2DB589E173B.TMP

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):512
                                                                          Entropy (8bit):0.0
                                                                          Encrypted:false
                                                                          SSDEEP:3::
                                                                          MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                          SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                          SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                          SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                          Malicious:false
                                                                          Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Windows\Temp\~DF991395829EC65B53.TMP

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:Composite Document File V2 Document, Cannot read section info
                                                                          Category:dropped
                                                                          Size (bytes):20480
                                                                          Entropy (8bit):1.5639756660834792
                                                                          Encrypted:false
                                                                          SSDEEP:48:d8PhluRc06WXOCjT5Zpj/imiMoAECiCyfSCmjo+XOmmSCmqTZo:Ahl1UjTV/rECQuXs5
                                                                          MD5:81D416D5D898B0A9D28C6175C694EC30
                                                                          SHA1:3204A9AE6920731ACC409692482441B7FD2DC815
                                                                          SHA-256:06B68834D31DCF91015ACF77BC37041E6A7A0C605367820F253F550308A7F6AE
                                                                          SHA-512:3C7CA1FC212F4D81D9A72787C276348378E73841C8DEFDFDC76063641F9D58FB86E64FD75C42342E072F78F9A474AD2A4B635F135C2C4DAB3B32DC6C376F5CF3
                                                                          Malicious:false
                                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Windows\Temp\~DF9B7CE7F504115042.TMP

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):512
                                                                          Entropy (8bit):0.0
                                                                          Encrypted:false
                                                                          SSDEEP:3::
                                                                          MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                          SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                          SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                          SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                          Malicious:false
                                                                          Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Windows\Temp\~DFA90629D8FE9E012A.TMP

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):32768
                                                                          Entropy (8bit):0.06888102819197614
                                                                          Encrypted:false
                                                                          SSDEEP:6:2/9LG7iVCnLG7iVrKOzPLHKOJn2tN1RnyVky6l3X:2F0i8n0itFzDHFgrB3X
                                                                          MD5:CB2EA2C14EFB52BF4DD1A3EB48411FDC
                                                                          SHA1:2C3A817BBB443DD76B0DD3E9AE7C148D2FA8C788
                                                                          SHA-256:C8C0A64BAB3B8D41082737F5FDEEF2555C76555773C8D4B4D60EE0E4A53D8A24
                                                                          SHA-512:84F4B1C252C37BB5FA8A36741C404EEBDF9B8A942A2B9C61388253DB439BABC749A1E6ABDFB4819AC9DEB363420DA086FBC7576F50BC204FEB5DB24F9EBD8B40
                                                                          Malicious:false
                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Windows\Temp\~DFAD248EFFE87007DC.TMP

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):73728
                                                                          Entropy (8bit):0.1371152999614467
                                                                          Encrypted:false
                                                                          SSDEEP:48:ZoaTemmSCm/miMoAECiCyfSCmjo+XM2rp:ZAxECQuXM2
                                                                          MD5:EF98DC993BC64FB87204BC78083893BA
                                                                          SHA1:D1E3130BC152984A160F3E7B43B46027D4686C8E
                                                                          SHA-256:279A1B6E4B0CC437C03D1EA99A730D365B41C21E3724AC3C5CC7A92D5E732CF3
                                                                          SHA-512:F044DB0E39F77C90CE8D1DA6D07A1E419AA4706E264E566BBFD954EE55A6CF483F93E687319174BB95F9E9A5CBEE2EE6940D4343F458F3F413B2D645E94E7491
                                                                          Malicious:false
                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Windows\Temp\~DFCC89CD58BCC604F4.TMP

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:Composite Document File V2 Document, Cannot read section info
                                                                          Category:dropped
                                                                          Size (bytes):32768
                                                                          Entropy (8bit):1.2535367663957195
                                                                          Encrypted:false
                                                                          SSDEEP:48:GJkduNJvcFXO1T58pj/imiMoAECiCyfSCmjo+XOmmSCmqTZo:GGdfoTy/rECQuXs5
                                                                          MD5:A7705D66494C2C5510EB7AB554E65C18
                                                                          SHA1:955CC92E854FB1D2DE758F98FA521AF04403E43D
                                                                          SHA-256:EFD1C2177DB7F3CAEC3BB1CB149A97AAB3396E718764C13321F3B605D5EA5232
                                                                          SHA-512:CFC32AED273D0CF9E7D3DD13D0645CD97EC94BECC5D811F9FFAE5DD22DF92CFD68F1CABA68E43136F903B300A6588CEAD45706A75569444DBDEE08228FCC4B83
                                                                          Malicious:false
                                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Windows\Temp\~DFDC9114425B242B91.TMP

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:Composite Document File V2 Document, Cannot read section info
                                                                          Category:dropped
                                                                          Size (bytes):20480
                                                                          Entropy (8bit):1.5639756660834792
                                                                          Encrypted:false
                                                                          SSDEEP:48:d8PhluRc06WXOCjT5Zpj/imiMoAECiCyfSCmjo+XOmmSCmqTZo:Ahl1UjTV/rECQuXs5
                                                                          MD5:81D416D5D898B0A9D28C6175C694EC30
                                                                          SHA1:3204A9AE6920731ACC409692482441B7FD2DC815
                                                                          SHA-256:06B68834D31DCF91015ACF77BC37041E6A7A0C605367820F253F550308A7F6AE
                                                                          SHA-512:3C7CA1FC212F4D81D9A72787C276348378E73841C8DEFDFDC76063641F9D58FB86E64FD75C42342E072F78F9A474AD2A4B635F135C2C4DAB3B32DC6C376F5CF3
                                                                          Malicious:false
                                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Windows\Temp\~DFE2560DE6FE7FFE58.TMP

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:Composite Document File V2 Document, Cannot read section info
                                                                          Category:dropped
                                                                          Size (bytes):32768
                                                                          Entropy (8bit):1.2535367663957195
                                                                          Encrypted:false
                                                                          SSDEEP:48:GJkduNJvcFXO1T58pj/imiMoAECiCyfSCmjo+XOmmSCmqTZo:GGdfoTy/rECQuXs5
                                                                          MD5:A7705D66494C2C5510EB7AB554E65C18
                                                                          SHA1:955CC92E854FB1D2DE758F98FA521AF04403E43D
                                                                          SHA-256:EFD1C2177DB7F3CAEC3BB1CB149A97AAB3396E718764C13321F3B605D5EA5232
                                                                          SHA-512:CFC32AED273D0CF9E7D3DD13D0645CD97EC94BECC5D811F9FFAE5DD22DF92CFD68F1CABA68E43136F903B300A6588CEAD45706A75569444DBDEE08228FCC4B83
                                                                          Malicious:false
                                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          \Device\ConDrv

                                                                          Download File
                                                                          Process:C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\createdump.exe
                                                                          File Type:ASCII text, with CRLF line terminators
                                                                          Category:dropped
                                                                          Size (bytes):638
                                                                          Entropy (8bit):4.751962275036146
                                                                          Encrypted:false
                                                                          SSDEEP:12:ku/L92WF4gx9l+jsPczo/CdaD0gwiSrlEX6OPkRVdoaQLeU4wv:ku/h5F4Bs0oCdalwisCkRVKVeU4wv
                                                                          MD5:15CA959638E74EEC47E0830B90D0696E
                                                                          SHA1:E836936738DCB6C551B6B76054F834CFB8CC53E5
                                                                          SHA-256:57F2C730C98D62D6C84B693294F6191FD2BEC7D7563AD9963A96AE87ABEBF9EE
                                                                          SHA-512:101390C5D2FA93162804B589376CF1E4A1A3DD4BDF4B6FE26D807AFC3FF80DA26EE3BAEB731D297A482165DE7CA48508D6EAA69A5509168E9CEF20B4A88A49FD
                                                                          Malicious:false
                                                                          Preview:[createdump] createdump [options] pid..-f, --name - dump path and file name. The default is '%TEMP%\dump.%p.dmp'. These specifiers are substituted with following values:.. %p PID of dumped process... %e The process executable filename... %h Hostname return by gethostname()... %t Time of dump, expressed as seconds since the Epoch, 1970-01-01 00:00:00 +0000 (UTC)...-n, --normal - create minidump...-h, --withheap - create minidump with heap (default)...-t, --triage - create triage minidump...-u, --full - create full core dump...-d, --diag - enable diagnostic messages...-v, --verbose - enable verbose diagnostic messages...

                                                                          Static File Info

                                                                          General

                                                                          File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Security: 0, Code page: 1252, Revision Number: {24FEC9C5-BDA4-4EA9-B041-0F82C468C613}, Number of Words: 10, Subject: Fira App, Author: Hypera Cisia Quero, Name of Creating Application: Fira App, Template: x64;2057, Comments: This installer database contains the logic and data required to install Fira App., Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Sat Jan 11 11:50:51 2025, Last Saved Time/Date: Sat Jan 11 11:50:51 2025, Last Printed: Sat Jan 11 11:50:51 2025, Number of Pages: 450
                                                                          Entropy (8bit):7.215725349756504
                                                                          TrID:
                                                                          • Windows SDK Setup Transform Script (63028/2) 88.73%
                                                                          • Generic OLE2 / Multistream Compound File (8008/1) 11.27%
                                                                          File name:Setup.msi
                                                                          File size:60'682'240 bytes
                                                                          MD5:369f5b71c3c82b0236de3582fd05e537
                                                                          SHA1:7796a692f3ff9882d8839adf91b0716a8205c67e
                                                                          SHA256:669cde998d0245ceaad815e30c1ab30d8ad94011e1179b9cbb76b68cd6480429
                                                                          SHA512:0d0f5a40d35f1224b4fff702876091952cb37de8c2ab7f6f6c12905fbff12f974af82ae218e0895a6a8d75375d3808a4e862bd7b3973fabf6b907826b9733703
                                                                          SSDEEP:786432:IrBQuVmrjV7eIAteQOTZboh7DaQvJZ+16ZhHNY9jyWSwXO/hdYO:IrBVmrjV7eIvQOTZbcaQvO16Zh4W3Y
                                                                          TLSH:C4D77C01B3FA4148F2F75E717EBA95A5947ABD521B30C0EF1204A60E1B72BC25BB1763
                                                                          File Content Preview:........................>............................................2..................................................................x......................................................................................................................

                                                                          File Icon

                                                                          Icon Hash:2d2e3797b32b2b99

                                                                          Network Behavior

                                                                          Suricata IDS Alerts

                                                                          TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                          2025-01-12T15:26:26.583291+01002829202ETPRO MALWARE MSIL/Zbrain PUP/Stealer Installer UA1192.168.2.449730104.21.34.147443TCP

                                                                          Network Port Distribution

                                                                          TCP Packets

                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                          Jan 12, 2025 15:26:26.054450989 CET49730443192.168.2.4104.21.34.147
                                                                          Jan 12, 2025 15:26:26.054543018 CET44349730104.21.34.147192.168.2.4
                                                                          Jan 12, 2025 15:26:26.054636955 CET49730443192.168.2.4104.21.34.147
                                                                          Jan 12, 2025 15:26:26.058340073 CET49730443192.168.2.4104.21.34.147
                                                                          Jan 12, 2025 15:26:26.058382988 CET44349730104.21.34.147192.168.2.4
                                                                          Jan 12, 2025 15:26:26.531678915 CET44349730104.21.34.147192.168.2.4
                                                                          Jan 12, 2025 15:26:26.531873941 CET49730443192.168.2.4104.21.34.147
                                                                          Jan 12, 2025 15:26:26.578305960 CET49730443192.168.2.4104.21.34.147
                                                                          Jan 12, 2025 15:26:26.578382015 CET44349730104.21.34.147192.168.2.4
                                                                          Jan 12, 2025 15:26:26.579421997 CET44349730104.21.34.147192.168.2.4
                                                                          Jan 12, 2025 15:26:26.579489946 CET49730443192.168.2.4104.21.34.147
                                                                          Jan 12, 2025 15:26:26.582981110 CET49730443192.168.2.4104.21.34.147
                                                                          Jan 12, 2025 15:26:26.583024025 CET49730443192.168.2.4104.21.34.147
                                                                          Jan 12, 2025 15:26:26.583184958 CET44349730104.21.34.147192.168.2.4
                                                                          Jan 12, 2025 15:26:27.044893026 CET44349730104.21.34.147192.168.2.4
                                                                          Jan 12, 2025 15:26:27.045038939 CET44349730104.21.34.147192.168.2.4
                                                                          Jan 12, 2025 15:26:27.045166969 CET49730443192.168.2.4104.21.34.147
                                                                          Jan 12, 2025 15:26:27.045167923 CET49730443192.168.2.4104.21.34.147
                                                                          Jan 12, 2025 15:26:27.045463085 CET49730443192.168.2.4104.21.34.147
                                                                          Jan 12, 2025 15:26:27.045511961 CET44349730104.21.34.147192.168.2.4
                                                                          Jan 12, 2025 15:26:27.045542002 CET49730443192.168.2.4104.21.34.147
                                                                          Jan 12, 2025 15:26:27.045588017 CET49730443192.168.2.4104.21.34.147

                                                                          UDP Packets

                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                          Jan 12, 2025 15:26:26.013346910 CET5472253192.168.2.41.1.1.1
                                                                          Jan 12, 2025 15:26:26.049904108 CET53547221.1.1.1192.168.2.4

                                                                          DNS Queries

                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                          Jan 12, 2025 15:26:26.013346910 CET192.168.2.41.1.1.10xdd3fStandard query (0)staticmaxepress.comA (IP address)IN (0x0001)false

                                                                          DNS Answers

                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                          Jan 12, 2025 15:26:26.049904108 CET1.1.1.1192.168.2.40xdd3fNo error (0)staticmaxepress.com104.21.34.147A (IP address)IN (0x0001)false
                                                                          Jan 12, 2025 15:26:26.049904108 CET1.1.1.1192.168.2.40xdd3fNo error (0)staticmaxepress.com172.67.162.17A (IP address)IN (0x0001)false

                                                                          HTTP Request Dependency Graph

                                                                          • staticmaxepress.com

                                                                          HTTPS Proxied Packets

                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          0192.168.2.449730104.21.34.1474437636C:\Windows\SysWOW64\msiexec.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2025-01-12 14:26:26 UTC198OUTPOST /updater2.php HTTP/1.1
                                                                          Content-Type: application/x-www-form-urlencoded; charset=utf-8
                                                                          User-Agent: AdvancedInstaller
                                                                          Host: staticmaxepress.com
                                                                          Content-Length: 71
                                                                          Cache-Control: no-cache
                                                                          2025-01-12 14:26:26 UTC71OUTData Raw: 44 61 74 65 3d 31 32 25 32 46 30 31 25 32 46 32 30 32 35 26 54 69 6d 65 3d 30 39 25 33 41 32 36 25 33 41 32 35 26 42 75 69 6c 64 56 65 72 73 69 6f 6e 3d 38 2e 39 2e 39 26 53 6f 72 6f 71 56 69 6e 73 3d 54 72 75 65
                                                                          Data Ascii: Date=12%2F01%2F2025&Time=09%3A26%3A25&BuildVersion=8.9.9&SoroqVins=True
                                                                          2025-01-12 14:26:27 UTC833INHTTP/1.1 500 Internal Server Error
                                                                          Date: Sun, 12 Jan 2025 14:26:27 GMT
                                                                          Content-Type: text/html; charset=UTF-8
                                                                          Transfer-Encoding: chunked
                                                                          Connection: close
                                                                          Cache-Control: no-store
                                                                          cf-cache-status: DYNAMIC
                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=axicupAzfZLnHLuLse1PMWgw6bGQoPM4xQQ9vuXPr3xxhpoW8EOKb3oxlHawRmVk0iPvIWrdc3MHcUOtSF%2FjfU91%2BDE3ARbMRmQCn0bvbfN6Q%2F0Qm5Zl90dlgtFvaMKsapejO26l"}],"group":"cf-nel","max_age":604800}
                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                          Server: cloudflare
                                                                          CF-RAY: 900dd2547f2143d0-EWR
                                                                          alt-svc: h3=":443"; ma=86400
                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1577&min_rtt=1572&rtt_var=599&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2851&recv_bytes=929&delivery_rate=1810291&cwnd=181&unsent_bytes=0&cid=f03b5d44c50b6b28&ts=534&x=0"
                                                                          2025-01-12 14:26:27 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                          Data Ascii: 0


                                                                          Statistics

                                                                          CPU Usage

                                                                          Click to jump to process

                                                                          Memory Usage

                                                                          Click to jump to process

                                                                          High Level Behavior Distribution

                                                                          Click to dive into process behavior distribution

                                                                          Behavior

                                                                          Click to jump to process

                                                                          System Behavior

                                                                          General

                                                                          Target ID:0
                                                                          Start time:09:26:14
                                                                          Start date:12/01/2025
                                                                          Path:C:\Windows\System32\msiexec.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\Setup.msi"
                                                                          Imagebase:0x7ff6dcee0000
                                                                          File size:69'632 bytes
                                                                          MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:high
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:1
                                                                          Start time:09:26:14
                                                                          Start date:12/01/2025
                                                                          Path:C:\Windows\System32\msiexec.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:C:\Windows\system32\msiexec.exe /V
                                                                          Imagebase:0x7ff6dcee0000
                                                                          File size:69'632 bytes
                                                                          MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:high
                                                                          Has exited:false

                                                                          General

                                                                          Target ID:2
                                                                          Start time:09:26:17
                                                                          Start date:12/01/2025
                                                                          Path:C:\Windows\SysWOW64\msiexec.exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding B9833FF3F976071D408CB51D5EFABA56
                                                                          Imagebase:0x560000
                                                                          File size:59'904 bytes
                                                                          MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:high
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:3
                                                                          Start time:09:26:26
                                                                          Start date:12/01/2025
                                                                          Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss512C.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi511A.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr511B.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr511C.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."
                                                                          Imagebase:0x930000
                                                                          File size:433'152 bytes
                                                                          MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:high
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:4
                                                                          Start time:09:26:26
                                                                          Start date:12/01/2025
                                                                          Path:C:\Windows\System32\conhost.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                          Imagebase:0x7ff7699e0000
                                                                          File size:862'208 bytes
                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:high
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:6
                                                                          Start time:09:26:32
                                                                          Start date:12/01/2025
                                                                          Path:C:\Windows\System32\cmd.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\suriqk.bat" "C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exe""
                                                                          Imagebase:0x7ff62ae70000
                                                                          File size:289'792 bytes
                                                                          MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:high
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:7
                                                                          Start time:09:26:32
                                                                          Start date:12/01/2025
                                                                          Path:C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\createdump.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:"C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\createdump.exe"
                                                                          Imagebase:0x7ff7075c0000
                                                                          File size:57'488 bytes
                                                                          MD5 hash:71F796B486C7FAF25B9B16233A7CE0CD
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Antivirus matches:
                                                                          • Detection: 0%, ReversingLabs
                                                                          Reputation:moderate
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:8
                                                                          Start time:09:26:32
                                                                          Start date:12/01/2025
                                                                          Path:C:\Windows\System32\conhost.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                          Imagebase:0x7ff7699e0000
                                                                          File size:862'208 bytes
                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:high
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:9
                                                                          Start time:09:26:32
                                                                          Start date:12/01/2025
                                                                          Path:C:\Windows\System32\conhost.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                          Imagebase:0x7ff7699e0000
                                                                          File size:862'208 bytes
                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:high
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:10
                                                                          Start time:09:26:33
                                                                          Start date:12/01/2025
                                                                          Path:C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:"C:\Users\user\AppData\Roaming\Hypera Cisia Quero\Fira App\obs-ffmpeg-mux.exe"
                                                                          Imagebase:0x7ff63dd90000
                                                                          File size:35'656 bytes
                                                                          MD5 hash:D3CAC4D7B35BACAE314F48C374452D71
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Antivirus matches:
                                                                          • Detection: 0%, ReversingLabs
                                                                          Reputation:moderate
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:11
                                                                          Start time:09:26:33
                                                                          Start date:12/01/2025
                                                                          Path:C:\Windows\System32\conhost.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                          Imagebase:0x7ff7699e0000
                                                                          File size:862'208 bytes
                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Has exited:true

                                                                          Disassembly

                                                                          Reset < >

                                                                            Executed Functions

                                                                            Function 07351B50 Relevance: 4.0, Strings: 3, Instructions: 203COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.1851010855.0000000007350000.00000040.00000800.00020000.00000000.sdmp, Offset: 07350000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_7350000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: $^q$$^q$$^q
                                                                            • API String ID: 0-831282457
                                                                            • Opcode ID: 4e5049fcff442c6bf75ec25aabfdc77f4e326f753d3687df6f5d9ac7f0dd1936
                                                                            • Instruction ID: 839b893eb7b7aa94af808e3b4fe782803cf7a48ab823842c893989f7a8bad61d
                                                                            • Opcode Fuzzy Hash: 4e5049fcff442c6bf75ec25aabfdc77f4e326f753d3687df6f5d9ac7f0dd1936
                                                                            • Instruction Fuzzy Hash: BF6149B170424E9FEB249F68D840B6ABBE6EF85311F14846AEC89CB251DB36CC40C791
                                                                            Function 07351B4A Relevance: 2.6, Strings: 2, Instructions: 89COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.1851010855.0000000007350000.00000040.00000800.00020000.00000000.sdmp, Offset: 07350000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_7350000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: $^q$$^q
                                                                            • API String ID: 0-355816377
                                                                            • Opcode ID: 440c2e6e1bf5dfbc20012667563acaad9cbbfff7f07fbb9eaf7452f5e0194a8f
                                                                            • Instruction ID: fb0318152c7d8ed1da4d2f7b8937ff905fca75bed0080ed1088dcd963bb1f72f
                                                                            • Opcode Fuzzy Hash: 440c2e6e1bf5dfbc20012667563acaad9cbbfff7f07fbb9eaf7452f5e0194a8f
                                                                            • Instruction Fuzzy Hash: 49319AF1A0020EDFEB28CE15C184FAAB7F5EF40650F1480A6DC5D8B251E732C984CB91
                                                                            Function 04B98BB0 Relevance: 1.4, Strings: 1, Instructions: 193COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.1847712653.0000000004B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B90000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_4b90000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: U
                                                                            • API String ID: 0-3372436214
                                                                            • Opcode ID: e8948482cb672572a7a44f8e141eda2fea1007cf233fe7811495247eb6837eac
                                                                            • Instruction ID: 7b683938f5dcbf9cc7ebbadd6bd3841f2b388304e96025be85d51765a3b2c112
                                                                            • Opcode Fuzzy Hash: e8948482cb672572a7a44f8e141eda2fea1007cf233fe7811495247eb6837eac
                                                                            • Instruction Fuzzy Hash: 3C71B030A006498FCB14DF68C894A9EBBF6EF86314F1485BAE419DB751DB71AC46CB40
                                                                            Function 04B93A78 Relevance: .4, Instructions: 363COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.1847712653.0000000004B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B90000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_4b90000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: b0d8e9e8f4afd0f7846388b1259e283f28e64f77b228e2b6d279dc849a0ec203
                                                                            • Instruction ID: 690b09faf72ebc867f2e2aa6be7a7538a321925aa041691e30673fedaf7df6ba
                                                                            • Opcode Fuzzy Hash: b0d8e9e8f4afd0f7846388b1259e283f28e64f77b228e2b6d279dc849a0ec203
                                                                            • Instruction Fuzzy Hash: D8E1BD70A056818FCB15CF68C4909AABBF2FF8A30071589EAD845DB766D735FC45CBA0
                                                                            Function 04B98460 Relevance: .3, Instructions: 266COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.1847712653.0000000004B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B90000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_4b90000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: c52e2bc252fee5600e62d98a63c09f8a5134b5e6791bfcedfbac7f6682cc76a1
                                                                            • Instruction ID: 5a2f612748ab55d4a52327050e695ec059bd1ed308553a601d20581b28c3d58d
                                                                            • Opcode Fuzzy Hash: c52e2bc252fee5600e62d98a63c09f8a5134b5e6791bfcedfbac7f6682cc76a1
                                                                            • Instruction Fuzzy Hash: 8CA17A31E102089FDB14EFA5C984A9DBBF2FF85350F1185A8E406AF365DB74AD49CB90
                                                                            Function 04B98D1E Relevance: .2, Instructions: 188COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.1847712653.0000000004B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B90000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_4b90000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 8a81b035e089afb14f073a36533a18c28c21e92b56a397f4311ac00ec26303b2
                                                                            • Instruction ID: 0eda91c5afaa3f2420db47352800ce2bf838e1a0cced11f7747001dbd0bf64bc
                                                                            • Opcode Fuzzy Hash: 8a81b035e089afb14f073a36533a18c28c21e92b56a397f4311ac00ec26303b2
                                                                            • Instruction Fuzzy Hash: 03716D30E006099FDF14EFA4D494AADBBF6FF85304F258869D416AB251DB34AD46CB41
                                                                            Function 04B98B9B Relevance: .1, Instructions: 117COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.1847712653.0000000004B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B90000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_4b90000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 556013052bb87241519a457fb2f3608b5bd93313ef5a9868686b0893c6c64494
                                                                            • Instruction ID: 14bb599b239c30f9fafea8da2164965f8650e15f6759329a04a7a95c58ed1ef4
                                                                            • Opcode Fuzzy Hash: 556013052bb87241519a457fb2f3608b5bd93313ef5a9868686b0893c6c64494
                                                                            • Instruction Fuzzy Hash: BC416B70A402098FDB18EFA9C4946ADBBF2FF85314F1489B9D406AB655DB71AC85CB80
                                                                            Function 04B9894C Relevance: .1, Instructions: 116COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.1847712653.0000000004B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B90000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_4b90000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 385c3bc0c1acd1a887c4ac927d1380f2f3ff5f789cb38563111e5eb2f1bade57
                                                                            • Instruction ID: b3f125321ca498e32225fbc3034f0c0aabd782de52e8a87922949d252b2ce78c
                                                                            • Opcode Fuzzy Hash: 385c3bc0c1acd1a887c4ac927d1380f2f3ff5f789cb38563111e5eb2f1bade57
                                                                            • Instruction Fuzzy Hash: 95419475A402049FDB18EF25C558AADBBF6EF89710F194478D506EB3A0CF31AC41DB50
                                                                            Function 02E1D005 Relevance: .0, Instructions: 45COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.1847136720.0000000002E1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E1D000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_2e1d000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 14b901bf08ed6467fa71e771e6713fb1b03255c784c8338f2b6e8e4bd24dd705
                                                                            • Instruction ID: 232be534d53fa8a31067b9c5f4d8a83cb4f13388b22c920306a64f44adc62b73
                                                                            • Opcode Fuzzy Hash: 14b901bf08ed6467fa71e771e6713fb1b03255c784c8338f2b6e8e4bd24dd705
                                                                            • Instruction Fuzzy Hash: 7E014C7140E3C09ED7128B258C94B52BFB4EF43228F1DC5DBD9888F1A7C2699849C772
                                                                            Function 02E1D01D Relevance: .0, Instructions: 45COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.1847136720.0000000002E1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E1D000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_2e1d000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 836500d77004c49f1ebf4a34cfab2dbd03b35824b8835f137e5f90e4d6ed9153
                                                                            • Instruction ID: 557f55069a4fc140c0bb5c4aa7f720bcc91ff1e59cf89562cbf9c154f4de1995
                                                                            • Opcode Fuzzy Hash: 836500d77004c49f1ebf4a34cfab2dbd03b35824b8835f137e5f90e4d6ed9153
                                                                            • Instruction Fuzzy Hash: 9201D671449340AAE7108B29CDC4BA7BFD9EF41368F18C53AED584B246C779D881C6B1
                                                                            Function 04B988D5 Relevance: .0, Instructions: 24COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.1847712653.0000000004B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B90000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_4b90000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 167cde1a99ad5df47feaedf6399342953e4484730bcc8cc578713d9288a708f4
                                                                            • Instruction ID: a7598b7a8a312790ef8b019dd88066dbbc34fc0449197ca17e5d07171bab8645
                                                                            • Opcode Fuzzy Hash: 167cde1a99ad5df47feaedf6399342953e4484730bcc8cc578713d9288a708f4
                                                                            • Instruction Fuzzy Hash: 67F01270B402068FDB14DBA4C5A5B5E7BA2AB41340F105564D1019F364DB799D498BC0

                                                                            Non-executed Functions

                                                                            Function 07351658 Relevance: 15.3, Strings: 12, Instructions: 259COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.1851010855.0000000007350000.00000040.00000800.00020000.00000000.sdmp, Offset: 07350000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_7350000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: 84Yk$84Yk$tP^q$tP^q$tP^q$tP^q$$^q$$^q$$^q$$^q$Qk$Qk
                                                                            • API String ID: 0-2102110628
                                                                            • Opcode ID: 22181668cafe4c0293d1d3cb645338f2fd7a022b0822537e8fa37cf2daf49563
                                                                            • Instruction ID: d8374beb338fbf883936c695cc95e60474fe4ea269993e87c35b06ca5c2433ab
                                                                            • Opcode Fuzzy Hash: 22181668cafe4c0293d1d3cb645338f2fd7a022b0822537e8fa37cf2daf49563
                                                                            • Instruction Fuzzy Hash: B3815BB1B043498FE7245B699804F6ABBE6EF85310F1880ABE849CF351DE32DC45C7A1
                                                                            Function 07350898 Relevance: 10.2, Strings: 8, Instructions: 177COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.1851010855.0000000007350000.00000040.00000800.00020000.00000000.sdmp, Offset: 07350000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_7350000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: 4'^q$4'^q$$^q$$^q$$^q$$^q$$^q$$^q
                                                                            • API String ID: 0-3732357466
                                                                            • Opcode ID: 2eebe1a721c0d4d36094849b8c20e767909302e96a779f9dfd81c3855b53e879
                                                                            • Instruction ID: 552905608d7e88f37e6bf6fccb715e308a0b9a94f006739ea7e605aa48337f81
                                                                            • Opcode Fuzzy Hash: 2eebe1a721c0d4d36094849b8c20e767909302e96a779f9dfd81c3855b53e879
                                                                            • Instruction Fuzzy Hash: 4F51F6B5B0430A8FFB2C4A799404A6ABBA6AFC5311F24846BDC4D8B255DA33C845C7A1
                                                                            Function 07350E88 Relevance: 6.3, Strings: 5, Instructions: 79COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.1851010855.0000000007350000.00000040.00000800.00020000.00000000.sdmp, Offset: 07350000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_7350000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: 4Xk$4Xk$$^q$$^q$$^q
                                                                            • API String ID: 0-1137781394
                                                                            • Opcode ID: 7df155470055f8385a080659c833ec808fd1cda29df37f06361ec3e930a7b5bb
                                                                            • Instruction ID: fd731ee3f90dea2f9ba3e401a2aa62d536b5a838d9659fcc14ab32dc91eff307
                                                                            • Opcode Fuzzy Hash: 7df155470055f8385a080659c833ec808fd1cda29df37f06361ec3e930a7b5bb
                                                                            • Instruction Fuzzy Hash: 281127F131424A8BEB2C4639D820E7776DA8BD1710B14843AED0ACB396DE37C841C3B1
                                                                            Function 073504D0 Relevance: 5.0, Strings: 4, Instructions: 45COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.1851010855.0000000007350000.00000040.00000800.00020000.00000000.sdmp, Offset: 07350000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_7350000_powershell.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: 4'^q$4'^q$$^q$$^q
                                                                            • API String ID: 0-2049395529
                                                                            • Opcode ID: 2c53d2b269c540f30a34702e75a44bf61bd93537de1272204af1362201210198
                                                                            • Instruction ID: 8955191e34d568dd9f02be32c2dffa970c021d7a8a2e430fb1b44194eef79fad
                                                                            • Opcode Fuzzy Hash: 2c53d2b269c540f30a34702e75a44bf61bd93537de1272204af1362201210198
                                                                            • Instruction Fuzzy Hash: 0D01A2A1B4D3890FD72F16781C305651FB25FC365035A4897D445CF297CC6A8D4A8352

                                                                            Execution Graph

                                                                            Execution Coverage:3.4%
                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                            Signature Coverage:1.7%
                                                                            Total number of Nodes:701
                                                                            Total number of Limit Nodes:1
                                                                            execution_graph 2502 7ff7075c2700 2503 7ff7075c2710 2502->2503 2515 7ff7075c2bd8 2503->2515 2505 7ff7075c2ecc 7 API calls 2506 7ff7075c27b5 2505->2506 2507 7ff7075c2734 _RTC_Initialize 2513 7ff7075c2797 2507->2513 2523 7ff7075c2e64 InitializeSListHead 2507->2523 2513->2505 2514 7ff7075c27a5 2513->2514 2516 7ff7075c2c1b 2515->2516 2517 7ff7075c2be9 2515->2517 2516->2507 2518 7ff7075c2c58 2517->2518 2521 7ff7075c2bee __scrt_release_startup_lock 2517->2521 2519 7ff7075c2ecc 7 API calls 2518->2519 2520 7ff7075c2c62 2519->2520 2521->2516 2522 7ff7075c2c0b _initialize_onexit_table 2521->2522 2522->2516 2987 7ff7075c1d39 2988 7ff7075c1d40 2987->2988 2988->2988 2989 7ff7075c2040 22 API calls 2988->2989 2990 7ff7075c18a0 2988->2990 2989->2990 2992 7ff7075c1dd0 2990->2992 2995 7ff7075c20c0 21 API calls 2990->2995 2996 7ff7075c1d76 2990->2996 2991 7ff7075c2660 __GSHandlerCheck_EH 8 API calls 2993 7ff7075c1d87 2991->2993 2994 7ff7075c1450 6 API calls 2992->2994 2994->2996 2995->2990 2996->2991 2997 7ff7075c733c _seh_filter_exe 2527 7ff7075c7411 2528 7ff7075c7495 2527->2528 2529 7ff7075c7429 2527->2529 2529->2528 2534 7ff7075c43d0 2529->2534 2531 7ff7075c7476 2532 7ff7075c43d0 _CreateFrameInfo 10 API calls 2531->2532 2533 7ff7075c748b terminate 2532->2533 2533->2528 2537 7ff7075c43ec 2534->2537 2536 7ff7075c43d9 2536->2531 2538 7ff7075c4404 2537->2538 2539 7ff7075c440b GetLastError 2537->2539 2538->2536 2551 7ff7075c6678 2539->2551 2552 7ff7075c6498 __vcrt_FlsAlloc 5 API calls 2551->2552 2553 7ff7075c669f TlsGetValue 2552->2553 2555 7ff7075c3490 2558 7ff7075c3d50 2555->2558 2557 7ff7075c34b2 2559 7ff7075c3d5f free 2558->2559 2560 7ff7075c3d67 2558->2560 2559->2560 2560->2557 2561 7ff7075c3090 2562 7ff7075c30c4 2561->2562 2563 7ff7075c30a8 2561->2563 2563->2562 2568 7ff7075c41c0 2563->2568 2567 7ff7075c30e2 2569 7ff7075c43d0 _CreateFrameInfo 10 API calls 2568->2569 2570 7ff7075c30d6 2569->2570 2571 7ff7075c41d4 2570->2571 2572 7ff7075c43d0 _CreateFrameInfo 10 API calls 2571->2572 2573 7ff7075c41dd 2572->2573 2573->2567 2574 7ff7075c7090 2575 7ff7075c70d2 __GSHandlerCheckCommon 2574->2575 2576 7ff7075c70fa 2575->2576 2578 7ff7075c3d78 2575->2578 2580 7ff7075c3da8 _IsNonwritableInCurrentImage __C_specific_handler __except_validate_context_record 2578->2580 2579 7ff7075c3e99 2579->2576 2580->2579 2581 7ff7075c3e64 RtlUnwindEx 2580->2581 2581->2580 2582 7ff7075c7290 2583 7ff7075c72b0 2582->2583 2584 7ff7075c72a3 2582->2584 2586 7ff7075c1e80 2584->2586 2587 7ff7075c1e93 2586->2587 2589 7ff7075c1eb7 2586->2589 2588 7ff7075c1ed8 _invalid_parameter_noinfo_noreturn 2587->2588 2587->2589 2589->2583 2590 7ff7075c1510 2591 7ff7075c3cc0 __std_exception_copy 2 API calls 2590->2591 2592 7ff7075c1539 2591->2592 3001 7ff7075c1550 3002 7ff7075c3d50 __std_exception_destroy free 3001->3002 3003 7ff7075c1567 3002->3003 3004 7ff7075c27d0 3008 7ff7075c3074 SetUnhandledExceptionFilter 3004->3008 3009 7ff7075c74d6 3010 7ff7075c3b54 11 API calls 3009->3010 3012 7ff7075c74e9 3010->3012 3011 7ff7075c43d0 _CreateFrameInfo 10 API calls 3013 7ff7075c752e 3011->3013 3015 7ff7075c4104 10 API calls 3012->3015 3017 7ff7075c751a __GSHandlerCheck_EH 3012->3017 3014 7ff7075c43d0 _CreateFrameInfo 10 API calls 3013->3014 3016 7ff7075c753b 3014->3016 3015->3017 3018 7ff7075c43d0 _CreateFrameInfo 10 API calls 3016->3018 3017->3011 3019 7ff7075c7548 3018->3019 3020 7ff7075c48c7 abort 2599 7ff7075c5860 2600 7ff7075c43d0 _CreateFrameInfo 10 API calls 2599->2600 2601 7ff7075c58ad 2600->2601 2602 7ff7075c43d0 _CreateFrameInfo 10 API calls 2601->2602 2603 7ff7075c58bb __except_validate_context_record 2602->2603 2604 7ff7075c43d0 _CreateFrameInfo 10 API calls 2603->2604 2605 7ff7075c5914 2604->2605 2606 7ff7075c43d0 _CreateFrameInfo 10 API calls 2605->2606 2607 7ff7075c591d 2606->2607 2608 7ff7075c43d0 _CreateFrameInfo 10 API calls 2607->2608 2609 7ff7075c5926 2608->2609 2628 7ff7075c3b18 2609->2628 2612 7ff7075c43d0 _CreateFrameInfo 10 API calls 2613 7ff7075c5959 2612->2613 2614 7ff7075c5aa9 abort 2613->2614 2615 7ff7075c5991 2613->2615 2635 7ff7075c3b54 2615->2635 2617 7ff7075c5a5a __GSHandlerCheck_EH 2618 7ff7075c43d0 _CreateFrameInfo 10 API calls 2617->2618 2619 7ff7075c5a6d 2618->2619 2621 7ff7075c43d0 _CreateFrameInfo 10 API calls 2619->2621 2623 7ff7075c5a76 2621->2623 2624 7ff7075c43d0 _CreateFrameInfo 10 API calls 2623->2624 2625 7ff7075c5a7f 2624->2625 2626 7ff7075c43d0 _CreateFrameInfo 10 API calls 2625->2626 2627 7ff7075c5a8e 2626->2627 2629 7ff7075c43d0 _CreateFrameInfo 10 API calls 2628->2629 2630 7ff7075c3b29 2629->2630 2631 7ff7075c3b34 2630->2631 2632 7ff7075c43d0 _CreateFrameInfo 10 API calls 2630->2632 2633 7ff7075c43d0 _CreateFrameInfo 10 API calls 2631->2633 2632->2631 2634 7ff7075c3b45 2633->2634 2634->2612 2634->2613 2636 7ff7075c43d0 _CreateFrameInfo 10 API calls 2635->2636 2637 7ff7075c3b66 2636->2637 2638 7ff7075c3ba1 abort 2637->2638 2639 7ff7075c43d0 _CreateFrameInfo 10 API calls 2637->2639 2640 7ff7075c3b71 2639->2640 2640->2638 2641 7ff7075c3b8d 2640->2641 2642 7ff7075c43d0 _CreateFrameInfo 10 API calls 2641->2642 2643 7ff7075c3b92 2642->2643 2643->2617 2644 7ff7075c4104 2643->2644 2645 7ff7075c43d0 _CreateFrameInfo 10 API calls 2644->2645 2646 7ff7075c4112 2645->2646 2646->2617 2647 7ff7075c7260 2648 7ff7075c7280 2647->2648 2649 7ff7075c7273 2647->2649 2650 7ff7075c1e80 _invalid_parameter_noinfo_noreturn 2649->2650 2650->2648 2651 7ff7075c1ce0 2652 7ff7075c2688 5 API calls 2651->2652 2653 7ff7075c1cea gethostname 2652->2653 2654 7ff7075c1da9 WSAGetLastError 2653->2654 2655 7ff7075c1d08 2653->2655 2656 7ff7075c1450 6 API calls 2654->2656 2665 7ff7075c2040 2655->2665 2658 7ff7075c1d76 2656->2658 2659 7ff7075c2660 __GSHandlerCheck_EH 8 API calls 2658->2659 2660 7ff7075c1d87 2659->2660 2661 7ff7075c18a0 2661->2658 2662 7ff7075c1dd0 2661->2662 2664 7ff7075c20c0 21 API calls 2661->2664 2663 7ff7075c1450 6 API calls 2662->2663 2663->2658 2664->2661 2666 7ff7075c20a2 2665->2666 2667 7ff7075c2063 BuildCatchObjectHelperInternal 2665->2667 2670 7ff7075c2230 2666->2670 2667->2661 2669 7ff7075c20b5 2669->2661 2671 7ff7075c225e 2670->2671 2672 7ff7075c23ab 2670->2672 2673 7ff7075c22be 2671->2673 2677 7ff7075c22b1 2671->2677 2678 7ff7075c22e6 2671->2678 2674 7ff7075c17e0 21 API calls 2672->2674 2676 7ff7075c2690 5 API calls 2673->2676 2675 7ff7075c23b0 2674->2675 2679 7ff7075c1720 Concurrency::cancel_current_task 4 API calls 2675->2679 2683 7ff7075c22cf BuildCatchObjectHelperInternal 2676->2683 2677->2673 2677->2675 2682 7ff7075c2690 5 API calls 2678->2682 2678->2683 2680 7ff7075c23b6 2679->2680 2681 7ff7075c2364 _invalid_parameter_noinfo_noreturn 2684 7ff7075c2357 BuildCatchObjectHelperInternal 2681->2684 2682->2683 2683->2681 2683->2684 2684->2669 2688 7ff7075c195f 2689 7ff7075c196d 2688->2689 2689->2689 2690 7ff7075c1a23 2689->2690 2704 7ff7075c1ee0 2689->2704 2692 7ff7075c2230 22 API calls 2690->2692 2693 7ff7075c1a67 BuildCatchObjectHelperInternal 2690->2693 2692->2693 2694 7ff7075c1da2 _invalid_parameter_noinfo_noreturn 2693->2694 2697 7ff7075c18a0 2693->2697 2695 7ff7075c1da9 WSAGetLastError 2694->2695 2696 7ff7075c1450 6 API calls 2695->2696 2699 7ff7075c1d76 2696->2699 2697->2699 2700 7ff7075c1dd0 2697->2700 2703 7ff7075c20c0 21 API calls 2697->2703 2698 7ff7075c2660 __GSHandlerCheck_EH 8 API calls 2701 7ff7075c1d87 2698->2701 2699->2698 2702 7ff7075c1450 6 API calls 2700->2702 2702->2699 2703->2697 2707 7ff7075c1f25 2704->2707 2717 7ff7075c1f04 BuildCatchObjectHelperInternal 2704->2717 2705 7ff7075c2031 2706 7ff7075c17e0 21 API calls 2705->2706 2708 7ff7075c2036 2706->2708 2707->2705 2709 7ff7075c1f74 2707->2709 2711 7ff7075c1fa9 2707->2711 2712 7ff7075c1720 Concurrency::cancel_current_task 4 API calls 2708->2712 2709->2708 2710 7ff7075c2690 5 API calls 2709->2710 2716 7ff7075c1f92 BuildCatchObjectHelperInternal 2710->2716 2714 7ff7075c2690 5 API calls 2711->2714 2711->2716 2715 7ff7075c203c 2712->2715 2713 7ff7075c202a _invalid_parameter_noinfo_noreturn 2713->2705 2714->2716 2716->2713 2716->2717 2717->2690 3024 7ff7075c4024 3031 7ff7075c642c 3024->3031 3027 7ff7075c4031 3043 7ff7075c6714 3031->3043 3034 7ff7075c402d 3034->3027 3036 7ff7075c44ac 3034->3036 3035 7ff7075c6460 __vcrt_uninitialize_locks DeleteCriticalSection 3035->3034 3048 7ff7075c65e8 3036->3048 3044 7ff7075c6498 __vcrt_FlsAlloc 5 API calls 3043->3044 3045 7ff7075c674a 3044->3045 3046 7ff7075c675f InitializeCriticalSectionAndSpinCount 3045->3046 3047 7ff7075c6444 3045->3047 3046->3047 3047->3034 3047->3035 3049 7ff7075c6498 __vcrt_FlsAlloc 5 API calls 3048->3049 3050 7ff7075c660d TlsAlloc 3049->3050 3052 7ff7075c191a 3053 7ff7075c194d 3052->3053 3060 7ff7075c18a0 3052->3060 3054 7ff7075c20c0 21 API calls 3053->3054 3054->3060 3055 7ff7075c1d76 3056 7ff7075c2660 __GSHandlerCheck_EH 8 API calls 3055->3056 3058 7ff7075c1d87 3056->3058 3057 7ff7075c1dd0 3059 7ff7075c1450 6 API calls 3057->3059 3059->3055 3060->3055 3060->3057 3061 7ff7075c20c0 21 API calls 3060->3061 3061->3060 3062 7ff7075c291a 3063 7ff7075c3020 __scrt_is_managed_app GetModuleHandleW 3062->3063 3064 7ff7075c2921 3063->3064 3065 7ff7075c2960 _exit 3064->3065 3066 7ff7075c2925 3064->3066 2718 7ff7075c7559 2721 7ff7075c4158 2718->2721 2722 7ff7075c4182 2721->2722 2723 7ff7075c4170 2721->2723 2725 7ff7075c43d0 _CreateFrameInfo 10 API calls 2722->2725 2723->2722 2724 7ff7075c4178 2723->2724 2726 7ff7075c4180 2724->2726 2728 7ff7075c43d0 _CreateFrameInfo 10 API calls 2724->2728 2727 7ff7075c4187 2725->2727 2727->2726 2730 7ff7075c43d0 _CreateFrameInfo 10 API calls 2727->2730 2729 7ff7075c41a7 2728->2729 2731 7ff7075c43d0 _CreateFrameInfo 10 API calls 2729->2731 2730->2726 2732 7ff7075c41b4 terminate 2731->2732 3067 7ff7075c1b18 _time64 3068 7ff7075c1b34 3067->3068 3068->3068 3069 7ff7075c1bf1 3068->3069 3070 7ff7075c1ee0 22 API calls 3068->3070 3071 7ff7075c2230 22 API calls 3069->3071 3072 7ff7075c1c34 BuildCatchObjectHelperInternal 3069->3072 3070->3069 3071->3072 3073 7ff7075c1da2 _invalid_parameter_noinfo_noreturn 3072->3073 3076 7ff7075c18a0 3072->3076 3074 7ff7075c1da9 WSAGetLastError 3073->3074 3075 7ff7075c1450 6 API calls 3074->3075 3082 7ff7075c1d76 3075->3082 3078 7ff7075c1dd0 3076->3078 3081 7ff7075c20c0 21 API calls 3076->3081 3076->3082 3077 7ff7075c2660 __GSHandlerCheck_EH 8 API calls 3079 7ff7075c1d87 3077->3079 3080 7ff7075c1450 6 API calls 3078->3080 3080->3082 3081->3076 3082->3077 2733 7ff7075c7372 2734 7ff7075c43d0 _CreateFrameInfo 10 API calls 2733->2734 2735 7ff7075c7389 2734->2735 2736 7ff7075c43d0 _CreateFrameInfo 10 API calls 2735->2736 2737 7ff7075c73a4 2736->2737 2738 7ff7075c43d0 _CreateFrameInfo 10 API calls 2737->2738 2739 7ff7075c73ad 2738->2739 2744 7ff7075c5414 2739->2744 2742 7ff7075c43d0 _CreateFrameInfo 10 API calls 2743 7ff7075c73f8 2742->2743 2745 7ff7075c5443 __except_validate_context_record 2744->2745 2746 7ff7075c43d0 _CreateFrameInfo 10 API calls 2745->2746 2747 7ff7075c5448 2746->2747 2748 7ff7075c5498 2747->2748 2754 7ff7075c55b2 __GSHandlerCheck_EH 2747->2754 2758 7ff7075c5551 2747->2758 2749 7ff7075c559f 2748->2749 2757 7ff7075c54f3 __GSHandlerCheck_EH 2748->2757 2748->2758 2784 7ff7075c3678 2749->2784 2750 7ff7075c55f7 2750->2758 2791 7ff7075c49a4 2750->2791 2753 7ff7075c56a2 abort 2754->2750 2754->2758 2788 7ff7075c3bbc 2754->2788 2755 7ff7075c5543 2760 7ff7075c5cf0 2755->2760 2757->2753 2757->2755 2758->2742 2844 7ff7075c3ba8 2760->2844 2762 7ff7075c5d40 __GSHandlerCheck_EH 2763 7ff7075c5d72 2762->2763 2764 7ff7075c5d5b 2762->2764 2766 7ff7075c43d0 _CreateFrameInfo 10 API calls 2763->2766 2765 7ff7075c43d0 _CreateFrameInfo 10 API calls 2764->2765 2767 7ff7075c5d60 2765->2767 2768 7ff7075c5d77 2766->2768 2769 7ff7075c5fd0 abort 2767->2769 2774 7ff7075c5d6a 2767->2774 2770 7ff7075c43d0 _CreateFrameInfo 10 API calls 2768->2770 2768->2774 2772 7ff7075c5d82 2770->2772 2771 7ff7075c43d0 _CreateFrameInfo 10 API calls 2782 7ff7075c5d96 __GSHandlerCheck_EH 2771->2782 2773 7ff7075c43d0 _CreateFrameInfo 10 API calls 2772->2773 2773->2774 2774->2771 2775 7ff7075c5f92 2776 7ff7075c43d0 _CreateFrameInfo 10 API calls 2775->2776 2777 7ff7075c5f97 2776->2777 2778 7ff7075c5fa2 2777->2778 2780 7ff7075c43d0 _CreateFrameInfo 10 API calls 2777->2780 2779 7ff7075c2660 __GSHandlerCheck_EH 8 API calls 2778->2779 2781 7ff7075c5fb5 2779->2781 2780->2778 2781->2758 2782->2775 2847 7ff7075c3bd0 2782->2847 2785 7ff7075c368a 2784->2785 2786 7ff7075c5cf0 __GSHandlerCheck_EH 19 API calls 2785->2786 2787 7ff7075c36a5 2786->2787 2787->2758 2789 7ff7075c43d0 _CreateFrameInfo 10 API calls 2788->2789 2790 7ff7075c3bc5 2789->2790 2790->2750 2792 7ff7075c4a01 __GSHandlerCheck_EH 2791->2792 2793 7ff7075c4a20 2792->2793 2794 7ff7075c4a09 2792->2794 2796 7ff7075c43d0 _CreateFrameInfo 10 API calls 2793->2796 2795 7ff7075c43d0 _CreateFrameInfo 10 API calls 2794->2795 2804 7ff7075c4a0e 2795->2804 2797 7ff7075c4a25 2796->2797 2799 7ff7075c43d0 _CreateFrameInfo 10 API calls 2797->2799 2797->2804 2798 7ff7075c4e99 abort 2800 7ff7075c4a30 2799->2800 2801 7ff7075c43d0 _CreateFrameInfo 10 API calls 2800->2801 2801->2804 2802 7ff7075c4b54 __GSHandlerCheck_EH 2803 7ff7075c4def 2802->2803 2817 7ff7075c4b90 __GSHandlerCheck_EH 2802->2817 2803->2798 2806 7ff7075c4ded 2803->2806 2886 7ff7075c4ea0 2803->2886 2804->2798 2804->2802 2805 7ff7075c43d0 _CreateFrameInfo 10 API calls 2804->2805 2808 7ff7075c4ac0 2805->2808 2807 7ff7075c43d0 _CreateFrameInfo 10 API calls 2806->2807 2809 7ff7075c4e30 2807->2809 2811 7ff7075c4e37 2808->2811 2814 7ff7075c43d0 _CreateFrameInfo 10 API calls 2808->2814 2809->2798 2809->2811 2810 7ff7075c4dd4 __GSHandlerCheck_EH 2810->2806 2819 7ff7075c4e81 2810->2819 2813 7ff7075c2660 __GSHandlerCheck_EH 8 API calls 2811->2813 2815 7ff7075c4e43 2813->2815 2816 7ff7075c4ad0 2814->2816 2815->2758 2818 7ff7075c43d0 _CreateFrameInfo 10 API calls 2816->2818 2817->2810 2829 7ff7075c3bbc 10 API calls BuildCatchObjectHelperInternal 2817->2829 2864 7ff7075c52d0 2817->2864 2878 7ff7075c48d0 2817->2878 2820 7ff7075c4ad9 2818->2820 2821 7ff7075c43d0 _CreateFrameInfo 10 API calls 2819->2821 2850 7ff7075c3be8 2820->2850 2823 7ff7075c4e86 2821->2823 2824 7ff7075c43d0 _CreateFrameInfo 10 API calls 2823->2824 2825 7ff7075c4e8f terminate 2824->2825 2825->2798 2826 7ff7075c43d0 _CreateFrameInfo 10 API calls 2828 7ff7075c4b16 2826->2828 2828->2802 2830 7ff7075c43d0 _CreateFrameInfo 10 API calls 2828->2830 2829->2817 2831 7ff7075c4b22 2830->2831 2832 7ff7075c43d0 _CreateFrameInfo 10 API calls 2831->2832 2833 7ff7075c4b2b 2832->2833 2853 7ff7075c5fd8 2833->2853 2837 7ff7075c4b3f 2860 7ff7075c60c8 2837->2860 2839 7ff7075c4e7b terminate 2839->2819 2841 7ff7075c4b47 std::bad_alloc::bad_alloc __GSHandlerCheck_EH 2841->2839 2842 7ff7075c3f84 Concurrency::cancel_current_task 2 API calls 2841->2842 2843 7ff7075c4e7a 2842->2843 2843->2839 2845 7ff7075c43d0 _CreateFrameInfo 10 API calls 2844->2845 2846 7ff7075c3bb1 2845->2846 2846->2762 2848 7ff7075c43d0 _CreateFrameInfo 10 API calls 2847->2848 2849 7ff7075c3bde 2848->2849 2849->2782 2851 7ff7075c43d0 _CreateFrameInfo 10 API calls 2850->2851 2852 7ff7075c3bf6 2851->2852 2852->2798 2852->2826 2854 7ff7075c60bf abort 2853->2854 2859 7ff7075c6003 2853->2859 2855 7ff7075c4b3b 2855->2802 2855->2837 2856 7ff7075c3bbc 10 API calls BuildCatchObjectHelperInternal 2856->2859 2857 7ff7075c3ba8 BuildCatchObjectHelperInternal 10 API calls 2857->2859 2859->2855 2859->2856 2859->2857 2902 7ff7075c5190 2859->2902 2861 7ff7075c60e5 Is_bad_exception_allowed 2860->2861 2863 7ff7075c6135 2860->2863 2862 7ff7075c3ba8 10 API calls BuildCatchObjectHelperInternal 2861->2862 2861->2863 2862->2861 2863->2841 2865 7ff7075c538d 2864->2865 2866 7ff7075c52fd 2864->2866 2865->2817 2867 7ff7075c3ba8 BuildCatchObjectHelperInternal 10 API calls 2866->2867 2868 7ff7075c5306 2867->2868 2868->2865 2869 7ff7075c3ba8 BuildCatchObjectHelperInternal 10 API calls 2868->2869 2870 7ff7075c531f 2868->2870 2869->2870 2870->2865 2871 7ff7075c3ba8 BuildCatchObjectHelperInternal 10 API calls 2870->2871 2872 7ff7075c534c 2870->2872 2871->2872 2873 7ff7075c3bbc BuildCatchObjectHelperInternal 10 API calls 2872->2873 2874 7ff7075c5360 2873->2874 2874->2865 2875 7ff7075c5379 2874->2875 2876 7ff7075c3ba8 BuildCatchObjectHelperInternal 10 API calls 2874->2876 2877 7ff7075c3bbc BuildCatchObjectHelperInternal 10 API calls 2875->2877 2876->2875 2877->2865 2879 7ff7075c490d __GSHandlerCheck_EH 2878->2879 2880 7ff7075c4933 2879->2880 2916 7ff7075c480c 2879->2916 2882 7ff7075c3ba8 BuildCatchObjectHelperInternal 10 API calls 2880->2882 2883 7ff7075c4945 2882->2883 2925 7ff7075c3838 RtlUnwindEx 2883->2925 2887 7ff7075c4ef4 2886->2887 2888 7ff7075c5169 2886->2888 2890 7ff7075c43d0 _CreateFrameInfo 10 API calls 2887->2890 2889 7ff7075c2660 __GSHandlerCheck_EH 8 API calls 2888->2889 2891 7ff7075c5175 2889->2891 2892 7ff7075c4ef9 2890->2892 2891->2806 2893 7ff7075c4f60 __GSHandlerCheck_EH 2892->2893 2894 7ff7075c4f0e EncodePointer 2892->2894 2893->2888 2896 7ff7075c5189 abort 2893->2896 2899 7ff7075c4f82 __GSHandlerCheck_EH 2893->2899 2895 7ff7075c43d0 _CreateFrameInfo 10 API calls 2894->2895 2897 7ff7075c4f1e 2895->2897 2897->2893 2949 7ff7075c34f8 2897->2949 2899->2888 2900 7ff7075c3ba8 10 API calls BuildCatchObjectHelperInternal 2899->2900 2901 7ff7075c48d0 __GSHandlerCheck_EH 21 API calls 2899->2901 2900->2899 2901->2899 2903 7ff7075c51bd 2902->2903 2914 7ff7075c524c 2902->2914 2904 7ff7075c3ba8 BuildCatchObjectHelperInternal 10 API calls 2903->2904 2905 7ff7075c51c6 2904->2905 2906 7ff7075c3ba8 BuildCatchObjectHelperInternal 10 API calls 2905->2906 2907 7ff7075c51df 2905->2907 2905->2914 2906->2907 2908 7ff7075c520b 2907->2908 2909 7ff7075c3ba8 BuildCatchObjectHelperInternal 10 API calls 2907->2909 2907->2914 2910 7ff7075c3bbc BuildCatchObjectHelperInternal 10 API calls 2908->2910 2909->2908 2911 7ff7075c521f 2910->2911 2912 7ff7075c5238 2911->2912 2913 7ff7075c3ba8 BuildCatchObjectHelperInternal 10 API calls 2911->2913 2911->2914 2915 7ff7075c3bbc BuildCatchObjectHelperInternal 10 API calls 2912->2915 2913->2912 2914->2859 2915->2914 2917 7ff7075c482f 2916->2917 2928 7ff7075c4608 2917->2928 2919 7ff7075c4840 2920 7ff7075c4881 __AdjustPointer 2919->2920 2921 7ff7075c4845 __AdjustPointer 2919->2921 2922 7ff7075c3bbc BuildCatchObjectHelperInternal 10 API calls 2920->2922 2924 7ff7075c4864 BuildCatchObjectHelperInternal 2920->2924 2923 7ff7075c3bbc BuildCatchObjectHelperInternal 10 API calls 2921->2923 2921->2924 2922->2924 2923->2924 2924->2880 2926 7ff7075c2660 __GSHandlerCheck_EH 8 API calls 2925->2926 2927 7ff7075c394e 2926->2927 2927->2817 2929 7ff7075c4635 2928->2929 2931 7ff7075c463e 2928->2931 2930 7ff7075c3ba8 BuildCatchObjectHelperInternal 10 API calls 2929->2930 2930->2931 2932 7ff7075c3ba8 BuildCatchObjectHelperInternal 10 API calls 2931->2932 2933 7ff7075c465d 2931->2933 2940 7ff7075c46c2 __AdjustPointer BuildCatchObjectHelperInternal 2931->2940 2932->2933 2934 7ff7075c46aa 2933->2934 2935 7ff7075c46ca 2933->2935 2933->2940 2937 7ff7075c47e9 abort abort 2934->2937 2934->2940 2936 7ff7075c3bbc BuildCatchObjectHelperInternal 10 API calls 2935->2936 2939 7ff7075c474a 2935->2939 2935->2940 2936->2939 2938 7ff7075c480c 2937->2938 2942 7ff7075c4608 BuildCatchObjectHelperInternal 10 API calls 2938->2942 2939->2940 2941 7ff7075c3bbc BuildCatchObjectHelperInternal 10 API calls 2939->2941 2940->2919 2941->2940 2943 7ff7075c4840 2942->2943 2944 7ff7075c4845 __AdjustPointer 2943->2944 2945 7ff7075c4881 __AdjustPointer 2943->2945 2947 7ff7075c3bbc BuildCatchObjectHelperInternal 10 API calls 2944->2947 2948 7ff7075c4864 BuildCatchObjectHelperInternal 2944->2948 2946 7ff7075c3bbc BuildCatchObjectHelperInternal 10 API calls 2945->2946 2945->2948 2946->2948 2947->2948 2948->2919 2950 7ff7075c43d0 _CreateFrameInfo 10 API calls 2949->2950 2951 7ff7075c3524 2950->2951 2951->2893 2959 7ff7075c2970 2962 7ff7075c2da0 2959->2962 2963 7ff7075c2dc3 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 2962->2963 2964 7ff7075c2979 2962->2964 2963->2964 3086 7ff7075c7130 3087 7ff7075c7168 __GSHandlerCheckCommon 3086->3087 3088 7ff7075c7194 3087->3088 3090 7ff7075c3c00 3087->3090 3091 7ff7075c43d0 _CreateFrameInfo 10 API calls 3090->3091 3092 7ff7075c3c42 3091->3092 3093 7ff7075c43d0 _CreateFrameInfo 10 API calls 3092->3093 3094 7ff7075c3c4f 3093->3094 3095 7ff7075c43d0 _CreateFrameInfo 10 API calls 3094->3095 3096 7ff7075c3c58 __GSHandlerCheck_EH 3095->3096 3097 7ff7075c5414 __GSHandlerCheck_EH 31 API calls 3096->3097 3098 7ff7075c3ca9 3097->3098 3098->3088 3099 7ff7075c43b0 3100 7ff7075c43ca 3099->3100 3101 7ff7075c43b9 3099->3101 3101->3100 3102 7ff7075c43c5 free 3101->3102 3102->3100 2965 7ff7075c756f 2966 7ff7075c43d0 _CreateFrameInfo 10 API calls 2965->2966 2967 7ff7075c757d 2966->2967 2968 7ff7075c7588 2967->2968 2969 7ff7075c43d0 _CreateFrameInfo 10 API calls 2967->2969 2969->2968 2970 7ff7075c5f75 2978 7ff7075c5e35 __GSHandlerCheck_EH 2970->2978 2971 7ff7075c5f92 2972 7ff7075c43d0 _CreateFrameInfo 10 API calls 2971->2972 2973 7ff7075c5f97 2972->2973 2974 7ff7075c5fa2 2973->2974 2976 7ff7075c43d0 _CreateFrameInfo 10 API calls 2973->2976 2975 7ff7075c2660 __GSHandlerCheck_EH 8 API calls 2974->2975 2977 7ff7075c5fb5 2975->2977 2976->2974 2978->2971 2979 7ff7075c3bd0 __GSHandlerCheck_EH 10 API calls 2978->2979 2979->2978 3103 7ff7075c74a7 3106 7ff7075c5cc0 3103->3106 3111 7ff7075c5c38 3106->3111 3109 7ff7075c5ce0 3110 7ff7075c43d0 _CreateFrameInfo 10 API calls 3110->3109 3112 7ff7075c5ca3 3111->3112 3113 7ff7075c5c5a 3111->3113 3112->3109 3112->3110 3113->3112 3114 7ff7075c43d0 _CreateFrameInfo 10 API calls 3113->3114 3114->3112 3115 7ff7075c59ad 3116 7ff7075c43d0 _CreateFrameInfo 10 API calls 3115->3116 3117 7ff7075c59ba 3116->3117 3118 7ff7075c43d0 _CreateFrameInfo 10 API calls 3117->3118 3120 7ff7075c59c3 __GSHandlerCheck_EH 3118->3120 3119 7ff7075c5a0a RaiseException 3121 7ff7075c5a29 3119->3121 3120->3119 3122 7ff7075c3b54 11 API calls 3121->3122 3125 7ff7075c5a31 3122->3125 3123 7ff7075c5a5a __GSHandlerCheck_EH 3124 7ff7075c43d0 _CreateFrameInfo 10 API calls 3123->3124 3126 7ff7075c5a6d 3124->3126 3125->3123 3128 7ff7075c4104 10 API calls 3125->3128 3127 7ff7075c43d0 _CreateFrameInfo 10 API calls 3126->3127 3129 7ff7075c5a76 3127->3129 3128->3123 3130 7ff7075c43d0 _CreateFrameInfo 10 API calls 3129->3130 3131 7ff7075c5a7f 3130->3131 3132 7ff7075c43d0 _CreateFrameInfo 10 API calls 3131->3132 3133 7ff7075c5a8e 3132->3133 2256 7ff7075c27ec 2279 7ff7075c2b8c 2256->2279 2259 7ff7075c2943 2319 7ff7075c2ecc IsProcessorFeaturePresent 2259->2319 2260 7ff7075c280d 2262 7ff7075c294d 2260->2262 2268 7ff7075c282b __scrt_release_startup_lock 2260->2268 2263 7ff7075c2ecc 7 API calls 2262->2263 2264 7ff7075c2958 2263->2264 2266 7ff7075c2960 _exit 2264->2266 2265 7ff7075c2850 2267 7ff7075c28d6 _get_initial_narrow_environment __p___argv __p___argc 2285 7ff7075c1060 2267->2285 2268->2265 2268->2267 2271 7ff7075c28ce _register_thread_local_exe_atexit_callback 2268->2271 2271->2267 2274 7ff7075c2903 2275 7ff7075c2908 _cexit 2274->2275 2276 7ff7075c290d 2274->2276 2275->2276 2315 7ff7075c2d20 2276->2315 2326 7ff7075c316c 2279->2326 2282 7ff7075c2bbb __scrt_initialize_crt 2284 7ff7075c2805 2282->2284 2328 7ff7075c404c 2282->2328 2284->2259 2284->2260 2286 7ff7075c1386 2285->2286 2310 7ff7075c10b4 2285->2310 2355 7ff7075c1450 __acrt_iob_func 2286->2355 2288 7ff7075c1399 2313 7ff7075c3020 GetModuleHandleW 2288->2313 2289 7ff7075c1289 2289->2286 2290 7ff7075c129f 2289->2290 2360 7ff7075c2688 2290->2360 2292 7ff7075c12a9 2294 7ff7075c1325 2292->2294 2295 7ff7075c12b9 GetTempPathA 2292->2295 2293 7ff7075c1125 strcmp 2293->2310 2369 7ff7075c23c0 2294->2369 2298 7ff7075c12e9 strcat_s 2295->2298 2299 7ff7075c12cb GetLastError 2295->2299 2296 7ff7075c1151 strcmp 2296->2310 2298->2294 2302 7ff7075c1304 2298->2302 2301 7ff7075c1450 6 API calls 2299->2301 2305 7ff7075c12df GetLastError 2301->2305 2306 7ff7075c1450 6 API calls 2302->2306 2303 7ff7075c1344 __acrt_iob_func fflush __acrt_iob_func fflush 2309 7ff7075c1312 2303->2309 2304 7ff7075c117d strcmp 2304->2310 2305->2309 2306->2309 2309->2288 2310->2289 2310->2293 2310->2296 2310->2304 2311 7ff7075c1226 strcmp 2310->2311 2311->2310 2312 7ff7075c1239 atoi 2311->2312 2312->2310 2314 7ff7075c28ff 2313->2314 2314->2264 2314->2274 2317 7ff7075c2d31 __scrt_initialize_crt 2315->2317 2316 7ff7075c2916 2316->2265 2317->2316 2318 7ff7075c404c __scrt_initialize_crt 7 API calls 2317->2318 2318->2316 2320 7ff7075c2ef2 2319->2320 2321 7ff7075c2f11 RtlCaptureContext RtlLookupFunctionEntry 2320->2321 2322 7ff7075c2f76 2321->2322 2323 7ff7075c2f3a RtlVirtualUnwind 2321->2323 2324 7ff7075c2fa8 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 2322->2324 2323->2322 2325 7ff7075c2ffa 2324->2325 2325->2262 2327 7ff7075c2bae __scrt_dllmain_crt_thread_attach 2326->2327 2327->2282 2327->2284 2329 7ff7075c4054 2328->2329 2330 7ff7075c405e 2328->2330 2334 7ff7075c44f4 2329->2334 2330->2284 2335 7ff7075c4503 2334->2335 2337 7ff7075c4059 2334->2337 2342 7ff7075c6630 2335->2342 2338 7ff7075c6460 2337->2338 2339 7ff7075c648b 2338->2339 2340 7ff7075c648f 2339->2340 2341 7ff7075c646e DeleteCriticalSection 2339->2341 2340->2330 2341->2339 2346 7ff7075c6498 2342->2346 2347 7ff7075c65b2 TlsFree 2346->2347 2353 7ff7075c64dc 2346->2353 2348 7ff7075c650a LoadLibraryExW 2350 7ff7075c6581 2348->2350 2351 7ff7075c652b GetLastError 2348->2351 2349 7ff7075c65a1 GetProcAddress 2349->2347 2350->2349 2352 7ff7075c6598 FreeLibrary 2350->2352 2351->2353 2352->2349 2353->2347 2353->2348 2353->2349 2354 7ff7075c654d LoadLibraryExW 2353->2354 2354->2350 2354->2353 2405 7ff7075c1010 2355->2405 2357 7ff7075c148a __acrt_iob_func 2408 7ff7075c1000 2357->2408 2359 7ff7075c14a2 __stdio_common_vfprintf __acrt_iob_func fflush 2359->2288 2363 7ff7075c2690 2360->2363 2361 7ff7075c26aa malloc 2362 7ff7075c26b4 2361->2362 2361->2363 2362->2292 2363->2361 2364 7ff7075c26ba 2363->2364 2367 7ff7075c26c5 2364->2367 2410 7ff7075c2b30 2364->2410 2414 7ff7075c1720 2367->2414 2368 7ff7075c26cb 2368->2292 2370 7ff7075c2688 5 API calls 2369->2370 2371 7ff7075c23f5 OpenProcess 2370->2371 2372 7ff7075c2458 K32GetModuleBaseNameA 2371->2372 2373 7ff7075c243b GetLastError 2371->2373 2375 7ff7075c2492 2372->2375 2376 7ff7075c2470 GetLastError 2372->2376 2374 7ff7075c1450 6 API calls 2373->2374 2385 7ff7075c2453 2374->2385 2431 7ff7075c1800 2375->2431 2378 7ff7075c1450 6 API calls 2376->2378 2380 7ff7075c2484 CloseHandle 2378->2380 2380->2385 2381 7ff7075c25b3 CloseHandle 2381->2385 2382 7ff7075c24ae 2384 7ff7075c13c0 6 API calls 2382->2384 2383 7ff7075c25fa 2442 7ff7075c2660 2383->2442 2386 7ff7075c24cf CreateFileA 2384->2386 2385->2383 2387 7ff7075c25f3 _invalid_parameter_noinfo_noreturn 2385->2387 2388 7ff7075c250f GetLastError 2386->2388 2389 7ff7075c2543 2386->2389 2387->2383 2391 7ff7075c1450 6 API calls 2388->2391 2392 7ff7075c2550 MiniDumpWriteDump 2389->2392 2398 7ff7075c258a CloseHandle CloseHandle 2389->2398 2394 7ff7075c2538 CloseHandle 2391->2394 2395 7ff7075c2576 GetLastError 2392->2395 2392->2398 2394->2385 2395->2389 2397 7ff7075c258c 2395->2397 2399 7ff7075c1450 6 API calls 2397->2399 2398->2385 2399->2398 2400 7ff7075c13c0 __acrt_iob_func 2401 7ff7075c1010 fprintf __stdio_common_vfprintf 2400->2401 2402 7ff7075c13fa __acrt_iob_func 2401->2402 2501 7ff7075c1000 2402->2501 2404 7ff7075c1412 __stdio_common_vfprintf __acrt_iob_func fflush 2404->2303 2409 7ff7075c1000 2405->2409 2407 7ff7075c1036 __stdio_common_vfprintf 2407->2357 2408->2359 2409->2407 2411 7ff7075c2b3e std::bad_alloc::bad_alloc 2410->2411 2420 7ff7075c3f84 2411->2420 2413 7ff7075c2b4f 2415 7ff7075c172e Concurrency::cancel_current_task 2414->2415 2416 7ff7075c3f84 Concurrency::cancel_current_task 2 API calls 2415->2416 2417 7ff7075c173f 2416->2417 2425 7ff7075c3cc0 2417->2425 2421 7ff7075c3fc0 RtlPcToFileHeader 2420->2421 2422 7ff7075c3fa3 2420->2422 2423 7ff7075c3fd8 2421->2423 2424 7ff7075c3fe7 RaiseException 2421->2424 2422->2421 2423->2424 2424->2413 2426 7ff7075c3ce1 2425->2426 2427 7ff7075c176d 2425->2427 2426->2427 2428 7ff7075c3cf6 malloc 2426->2428 2427->2368 2429 7ff7075c3d23 free 2428->2429 2430 7ff7075c3d07 2428->2430 2429->2427 2430->2429 2432 7ff7075c1850 2431->2432 2433 7ff7075c1863 WSAStartup 2431->2433 2434 7ff7075c1450 6 API calls 2432->2434 2439 7ff7075c187f 2433->2439 2441 7ff7075c185c 2433->2441 2434->2441 2435 7ff7075c2660 __GSHandlerCheck_EH 8 API calls 2436 7ff7075c1d87 2435->2436 2436->2381 2436->2382 2437 7ff7075c1dd0 2438 7ff7075c1450 6 API calls 2437->2438 2438->2441 2439->2437 2439->2441 2451 7ff7075c20c0 2439->2451 2441->2435 2443 7ff7075c2669 2442->2443 2444 7ff7075c1334 2443->2444 2445 7ff7075c29c0 IsProcessorFeaturePresent 2443->2445 2444->2303 2444->2400 2446 7ff7075c29d8 2445->2446 2496 7ff7075c2a94 RtlCaptureContext 2446->2496 2452 7ff7075c2218 2451->2452 2455 7ff7075c20e9 2451->2455 2475 7ff7075c17e0 2452->2475 2454 7ff7075c2144 2466 7ff7075c2690 2454->2466 2455->2454 2457 7ff7075c2137 2455->2457 2458 7ff7075c216c 2455->2458 2456 7ff7075c221d 2460 7ff7075c1720 Concurrency::cancel_current_task 4 API calls 2456->2460 2457->2454 2457->2456 2463 7ff7075c2690 5 API calls 2458->2463 2464 7ff7075c2155 BuildCatchObjectHelperInternal 2458->2464 2461 7ff7075c2223 2460->2461 2462 7ff7075c21e0 _invalid_parameter_noinfo_noreturn 2465 7ff7075c21d3 BuildCatchObjectHelperInternal 2462->2465 2463->2464 2464->2462 2464->2465 2465->2439 2467 7ff7075c26aa malloc 2466->2467 2468 7ff7075c26b4 2467->2468 2469 7ff7075c269b 2467->2469 2468->2464 2469->2467 2470 7ff7075c26ba 2469->2470 2472 7ff7075c2b30 Concurrency::cancel_current_task 2 API calls 2470->2472 2473 7ff7075c26c5 2470->2473 2471 7ff7075c1720 Concurrency::cancel_current_task 4 API calls 2474 7ff7075c26cb 2471->2474 2472->2473 2473->2471 2474->2464 2488 7ff7075c34d4 2475->2488 2493 7ff7075c33f8 2488->2493 2491 7ff7075c3f84 Concurrency::cancel_current_task 2 API calls 2492 7ff7075c34f6 2491->2492 2494 7ff7075c3cc0 __std_exception_copy 2 API calls 2493->2494 2495 7ff7075c342c 2494->2495 2495->2491 2497 7ff7075c2aae RtlLookupFunctionEntry 2496->2497 2498 7ff7075c2ac4 RtlVirtualUnwind 2497->2498 2499 7ff7075c29eb 2497->2499 2498->2497 2498->2499 2500 7ff7075c2984 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2499->2500 2501->2404

                                                                            Executed Functions

                                                                            Function 00007FF7075C1060 Relevance: 65.0, APIs: 13, Strings: 24, Instructions: 214stringCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 0 7ff7075c1060-7ff7075c10ae 1 7ff7075c1386-7ff7075c1394 call 7ff7075c1450 0->1 2 7ff7075c10b4-7ff7075c10c6 0->2 7 7ff7075c1399 1->7 3 7ff7075c10d0-7ff7075c10d6 2->3 5 7ff7075c127f-7ff7075c1283 3->5 6 7ff7075c10dc-7ff7075c10df 3->6 5->3 9 7ff7075c1289-7ff7075c1299 5->9 10 7ff7075c10e1-7ff7075c10e5 6->10 11 7ff7075c10ed 6->11 8 7ff7075c139e-7ff7075c13b7 7->8 9->1 12 7ff7075c129f-7ff7075c12b7 call 7ff7075c2688 9->12 10->11 13 7ff7075c10e7-7ff7075c10eb 10->13 14 7ff7075c10f0-7ff7075c10fc 11->14 26 7ff7075c132a-7ff7075c1336 call 7ff7075c23c0 12->26 27 7ff7075c12b9-7ff7075c12c9 GetTempPathA 12->27 13->11 16 7ff7075c1104-7ff7075c110b 13->16 17 7ff7075c1110-7ff7075c1113 14->17 18 7ff7075c10fe-7ff7075c1102 14->18 20 7ff7075c127b 16->20 21 7ff7075c1125-7ff7075c1136 strcmp 17->21 22 7ff7075c1115-7ff7075c1119 17->22 18->14 18->16 20->5 24 7ff7075c1267-7ff7075c126e 21->24 25 7ff7075c113c-7ff7075c113f 21->25 22->21 23 7ff7075c111b-7ff7075c111f 22->23 23->21 23->24 28 7ff7075c1276 24->28 29 7ff7075c1151-7ff7075c1162 strcmp 25->29 30 7ff7075c1141-7ff7075c1145 25->30 41 7ff7075c1346 26->41 42 7ff7075c1338-7ff7075c1344 call 7ff7075c13c0 26->42 32 7ff7075c12e9-7ff7075c1302 strcat_s 27->32 33 7ff7075c12cb-7ff7075c12e7 GetLastError call 7ff7075c1450 GetLastError 27->33 28->20 36 7ff7075c1258-7ff7075c1265 29->36 37 7ff7075c1168-7ff7075c116b 29->37 30->29 34 7ff7075c1147-7ff7075c114b 30->34 39 7ff7075c1325 32->39 40 7ff7075c1304-7ff7075c1312 call 7ff7075c1450 32->40 52 7ff7075c1313-7ff7075c1323 call 7ff7075c2680 33->52 34->29 34->36 36->20 43 7ff7075c117d-7ff7075c118e strcmp 37->43 44 7ff7075c116d-7ff7075c1171 37->44 39->26 40->52 49 7ff7075c134b-7ff7075c1384 __acrt_iob_func fflush __acrt_iob_func fflush call 7ff7075c2680 41->49 42->49 50 7ff7075c1194-7ff7075c1197 43->50 51 7ff7075c1247-7ff7075c1256 43->51 44->43 48 7ff7075c1173-7ff7075c1177 44->48 48->43 48->51 49->8 57 7ff7075c11a5-7ff7075c11af 50->57 58 7ff7075c1199-7ff7075c119d 50->58 51->28 52->8 62 7ff7075c11b0-7ff7075c11bb 57->62 58->57 61 7ff7075c119f-7ff7075c11a3 58->61 61->57 63 7ff7075c11c3-7ff7075c11d2 61->63 64 7ff7075c11d7-7ff7075c11da 62->64 65 7ff7075c11bd-7ff7075c11c1 62->65 63->28 66 7ff7075c11ec-7ff7075c11f6 64->66 67 7ff7075c11dc-7ff7075c11e0 64->67 65->62 65->63 69 7ff7075c1200-7ff7075c120b 66->69 67->66 68 7ff7075c11e2-7ff7075c11e6 67->68 68->20 68->66 70 7ff7075c1215-7ff7075c1218 69->70 71 7ff7075c120d-7ff7075c1211 69->71 73 7ff7075c1226-7ff7075c1237 strcmp 70->73 74 7ff7075c121a-7ff7075c121e 70->74 71->69 72 7ff7075c1213 71->72 72->20 73->20 76 7ff7075c1239-7ff7075c1245 atoi 73->76 74->73 75 7ff7075c1220-7ff7075c1224 74->75 75->20 75->73 76->20
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.1901311586.00007FF7075C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7075C0000, based on PE: true
                                                                            • Associated: 00000007.00000002.1901062975.00007FF7075C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                            • Associated: 00000007.00000002.1901361201.00007FF7075C8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                            • Associated: 00000007.00000002.1902080639.00007FF7075CC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                            • Associated: 00000007.00000002.1902574005.00007FF7075CD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_7_2_7ff7075c0000_createdump.jbxd
                                                                            Similarity
                                                                            • API ID: strcmp$ErrorLast__acrt_iob_funcfflush$PathTempatoistrcat_s
                                                                            • String ID: -$-$-$-$-$-$-$--diag$--full$--name$--normal$--triage$--verbose$--withheap$Dump successfully written$GetTempPath failed (0x%08x)$createdump [options] pid-f, --name - dump path and file name. The default is '%TEMP%\dump.%p.dmp'. These specifiers are substituted with following values: %p PID of dumped process. %e The process executable filename. %h Hostname return by gethostn$dump.%p.dmp$full dump$minidump$minidump with heap$strcat_s failed (%d)$triage minidump$v
                                                                            • API String ID: 2647627392-2367407095
                                                                            • Opcode ID: 3e8843d71ddd811f5735ae345386871f6517bdd5673e2455e3aa9b185965a2cd
                                                                            • Instruction ID: c6a77c3e7904aeb1e052bec031edddc1fab2b56a0b4aacedf576fc8b58c24bd1
                                                                            • Opcode Fuzzy Hash: 3e8843d71ddd811f5735ae345386871f6517bdd5673e2455e3aa9b185965a2cd
                                                                            • Instruction Fuzzy Hash: C1A160A1D0CB868DFB61AB21AC403F9E6E4EF46754F884131C98E46696DF3DE446C370
                                                                            Function 00007FF7075C27EC Relevance: 13.6, APIs: 9, Instructions: 102COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.1901311586.00007FF7075C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7075C0000, based on PE: true
                                                                            • Associated: 00000007.00000002.1901062975.00007FF7075C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                            • Associated: 00000007.00000002.1901361201.00007FF7075C8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                            • Associated: 00000007.00000002.1902080639.00007FF7075CC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                            • Associated: 00000007.00000002.1902574005.00007FF7075CD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_7_2_7ff7075c0000_createdump.jbxd
                                                                            Similarity
                                                                            • API ID: __p___argc__p___argv__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_is_managed_app__scrt_release_startup_lock_cexit_exit_get_initial_narrow_environment_register_thread_local_exe_atexit_callback
                                                                            • String ID:
                                                                            • API String ID: 2308368977-0
                                                                            • Opcode ID: 5a9b20bb9eaae0def914decdfc47a4fcc48693c8541f2657ef11ecffac799aa6
                                                                            • Instruction ID: 13da865faa048b135e94fed90832ae0678c54bc85c29b3f39e67fa52d0d07773
                                                                            • Opcode Fuzzy Hash: 5a9b20bb9eaae0def914decdfc47a4fcc48693c8541f2657ef11ecffac799aa6
                                                                            • Instruction Fuzzy Hash: 1B312621E0C24B4AFA14BB25AD113F9A291BF45B84FC49039EA4D472E7DF6DA847C271
                                                                            Function 00007FF7075C1450 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 34COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.1901311586.00007FF7075C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7075C0000, based on PE: true
                                                                            • Associated: 00000007.00000002.1901062975.00007FF7075C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                            • Associated: 00000007.00000002.1901361201.00007FF7075C8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                            • Associated: 00000007.00000002.1902080639.00007FF7075CC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                            • Associated: 00000007.00000002.1902574005.00007FF7075CD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_7_2_7ff7075c0000_createdump.jbxd
                                                                            Similarity
                                                                            • API ID: __acrt_iob_func$__stdio_common_vfprintf$fflushfprintf
                                                                            • String ID: [createdump]
                                                                            • API String ID: 3735572767-2657508301
                                                                            • Opcode ID: f7b41b5d75985a22341ebafe60962d777547180dfe076665e84a48d8af4ee52e
                                                                            • Instruction ID: 933a68edbbcb0d71b46a61dd991f8bedbf3b7b07612dc9dd0a692d93ce50ceed
                                                                            • Opcode Fuzzy Hash: f7b41b5d75985a22341ebafe60962d777547180dfe076665e84a48d8af4ee52e
                                                                            • Instruction Fuzzy Hash: 6A014B61A08B9186E600AB50FC093AAE364EF84BD1F804539EA8D03765DF3CE456C720

                                                                            Non-executed Functions

                                                                            Function 00007FF7075C2ECC Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.1901311586.00007FF7075C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7075C0000, based on PE: true
                                                                            • Associated: 00000007.00000002.1901062975.00007FF7075C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                            • Associated: 00000007.00000002.1901361201.00007FF7075C8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                            • Associated: 00000007.00000002.1902080639.00007FF7075CC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                            • Associated: 00000007.00000002.1902574005.00007FF7075CD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_7_2_7ff7075c0000_createdump.jbxd
                                                                            Similarity
                                                                            • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                            • String ID:
                                                                            • API String ID: 3140674995-0
                                                                            • Opcode ID: 92083fc3b2590fb7f42fdf2bff26a09e0be32edceb9cda99800bf26d983c5eac
                                                                            • Instruction ID: f4c97e304f778a9bd556820c3cc8740dbbc317165e7c5986b1c06df46efeef41
                                                                            • Opcode Fuzzy Hash: 92083fc3b2590fb7f42fdf2bff26a09e0be32edceb9cda99800bf26d983c5eac
                                                                            • Instruction Fuzzy Hash: A7313272609B818AEB609F60E8503EDB3A5FB44744F84443ADA4E57B94EF3CD549C720
                                                                            Function 00007FF7075C3074 Relevance: .0, Instructions: 2COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.1901311586.00007FF7075C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7075C0000, based on PE: true
                                                                            • Associated: 00000007.00000002.1901062975.00007FF7075C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                            • Associated: 00000007.00000002.1901361201.00007FF7075C8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                            • Associated: 00000007.00000002.1902080639.00007FF7075CC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                            • Associated: 00000007.00000002.1902574005.00007FF7075CD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_7_2_7ff7075c0000_createdump.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 8c8a5ce5a61a9accbe9d72245b7862f6c7c599a8b634bc8698eb0ff17e984138
                                                                            • Instruction ID: aba4ac511bbe1cf8d7c681f3204d4058cd0b40446aa6eb031df4a40272bb11eb
                                                                            • Opcode Fuzzy Hash: 8c8a5ce5a61a9accbe9d72245b7862f6c7c599a8b634bc8698eb0ff17e984138
                                                                            • Instruction Fuzzy Hash: 6CA0012690C916D8F644AB10AC542A1A260BF50300B804432D00D610A0EF3DA4468271
                                                                            Function 00007FF7075C23C0 Relevance: 33.4, APIs: 14, Strings: 5, Instructions: 157COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            APIs
                                                                            • OpenProcess.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7075C242D
                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7075C243B
                                                                              • Part of subcall function 00007FF7075C1450: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7075C1475
                                                                              • Part of subcall function 00007FF7075C1450: fprintf.MSPDB140-MSVCRT ref: 00007FF7075C1485
                                                                              • Part of subcall function 00007FF7075C1450: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7075C1494
                                                                              • Part of subcall function 00007FF7075C1450: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7075C14B3
                                                                              • Part of subcall function 00007FF7075C1450: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7075C14BE
                                                                              • Part of subcall function 00007FF7075C1450: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7075C14C7
                                                                            • K32GetModuleBaseNameA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7075C2466
                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7075C2470
                                                                            • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7075C2487
                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7075C25F3
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.1901311586.00007FF7075C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7075C0000, based on PE: true
                                                                            • Associated: 00000007.00000002.1901062975.00007FF7075C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                            • Associated: 00000007.00000002.1901361201.00007FF7075C8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                            • Associated: 00000007.00000002.1902080639.00007FF7075CC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                            • Associated: 00000007.00000002.1902574005.00007FF7075CD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_7_2_7ff7075c0000_createdump.jbxd
                                                                            Similarity
                                                                            • API ID: __acrt_iob_func$ErrorLast$BaseCloseHandleModuleNameOpenProcess__stdio_common_vfprintf_invalid_parameter_noinfo_noreturnfflushfprintf
                                                                            • String ID: Get process name FAILED %d$Invalid dump path '%s' error %d$Invalid process id '%d' error %d$Write dump FAILED 0x%08x$Writing %s to file %s
                                                                            • API String ID: 3971781330-1292085346
                                                                            • Opcode ID: 8ec448eeb6e8f02312a1538d84a3c8dfc991fc7cafdc13e8cd0ded943aea62a7
                                                                            • Instruction ID: 700ebcdcb5ef0f5206795eec1808481d139e567361def84eb0cd7d3291639d8f
                                                                            • Opcode Fuzzy Hash: 8ec448eeb6e8f02312a1538d84a3c8dfc991fc7cafdc13e8cd0ded943aea62a7
                                                                            • Instruction Fuzzy Hash: 88617271A08A418AE610AB15EC507BEB7A1FF85790F900134EE9E07AA5DF7DF446C770
                                                                            Function 00007FF7075C49A4 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 316COMMONLIBRARYCODE
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 177 7ff7075c49a4-7ff7075c4a07 call 7ff7075c4518 180 7ff7075c4a20-7ff7075c4a29 call 7ff7075c43d0 177->180 181 7ff7075c4a09-7ff7075c4a12 call 7ff7075c43d0 177->181 188 7ff7075c4a3f-7ff7075c4a42 180->188 189 7ff7075c4a2b-7ff7075c4a38 call 7ff7075c43d0 * 2 180->189 186 7ff7075c4e99-7ff7075c4e9f abort 181->186 187 7ff7075c4a18-7ff7075c4a1e 181->187 187->188 188->186 191 7ff7075c4a48-7ff7075c4a54 188->191 189->188 192 7ff7075c4a7f 191->192 193 7ff7075c4a56-7ff7075c4a7d 191->193 195 7ff7075c4a81-7ff7075c4a83 192->195 193->195 195->186 197 7ff7075c4a89-7ff7075c4a8f 195->197 199 7ff7075c4a95-7ff7075c4a99 197->199 200 7ff7075c4b59-7ff7075c4b6f call 7ff7075c5724 197->200 199->200 202 7ff7075c4a9f-7ff7075c4aaa 199->202 205 7ff7075c4def-7ff7075c4df3 200->205 206 7ff7075c4b75-7ff7075c4b79 200->206 202->200 204 7ff7075c4ab0-7ff7075c4ab5 202->204 204->200 207 7ff7075c4abb-7ff7075c4ac5 call 7ff7075c43d0 204->207 210 7ff7075c4df5-7ff7075c4dfc 205->210 211 7ff7075c4e2b-7ff7075c4e35 call 7ff7075c43d0 205->211 206->205 208 7ff7075c4b7f-7ff7075c4b8a 206->208 219 7ff7075c4e37-7ff7075c4e56 call 7ff7075c2660 207->219 220 7ff7075c4acb-7ff7075c4af1 call 7ff7075c43d0 * 2 call 7ff7075c3be8 207->220 208->205 213 7ff7075c4b90-7ff7075c4b94 208->213 210->186 215 7ff7075c4e02-7ff7075c4e26 call 7ff7075c4ea0 210->215 211->186 211->219 217 7ff7075c4dd4-7ff7075c4dd8 213->217 218 7ff7075c4b9a-7ff7075c4bd1 call 7ff7075c36d0 213->218 215->211 217->211 223 7ff7075c4dda-7ff7075c4de7 call 7ff7075c3670 217->223 218->217 231 7ff7075c4bd7-7ff7075c4be2 218->231 246 7ff7075c4b11-7ff7075c4b1b call 7ff7075c43d0 220->246 247 7ff7075c4af3-7ff7075c4af7 220->247 233 7ff7075c4e81-7ff7075c4e98 call 7ff7075c43d0 * 2 terminate 223->233 234 7ff7075c4ded 223->234 235 7ff7075c4be6-7ff7075c4bf6 231->235 233->186 234->211 238 7ff7075c4d2f-7ff7075c4dce 235->238 239 7ff7075c4bfc-7ff7075c4c02 235->239 238->217 238->235 239->238 243 7ff7075c4c08-7ff7075c4c31 call 7ff7075c56a8 239->243 243->238 252 7ff7075c4c37-7ff7075c4c7e call 7ff7075c3bbc * 2 243->252 246->200 256 7ff7075c4b1d-7ff7075c4b3d call 7ff7075c43d0 * 2 call 7ff7075c5fd8 246->256 247->246 250 7ff7075c4af9-7ff7075c4b04 247->250 250->246 253 7ff7075c4b06-7ff7075c4b0b 250->253 263 7ff7075c4c80-7ff7075c4ca5 call 7ff7075c3bbc call 7ff7075c52d0 252->263 264 7ff7075c4cba-7ff7075c4cd0 call 7ff7075c5ab0 252->264 253->186 253->246 275 7ff7075c4b3f-7ff7075c4b49 call 7ff7075c60c8 256->275 276 7ff7075c4b54 256->276 280 7ff7075c4cd7-7ff7075c4d26 call 7ff7075c48d0 263->280 281 7ff7075c4ca7-7ff7075c4cb3 263->281 272 7ff7075c4cd2 264->272 273 7ff7075c4d2b 264->273 272->252 273->238 282 7ff7075c4b4f-7ff7075c4e7a call 7ff7075c4090 call 7ff7075c5838 call 7ff7075c3f84 275->282 283 7ff7075c4e7b-7ff7075c4e80 terminate 275->283 276->200 280->273 281->263 285 7ff7075c4cb5 281->285 282->283 283->233 285->264
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.1901311586.00007FF7075C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7075C0000, based on PE: true
                                                                            • Associated: 00000007.00000002.1901062975.00007FF7075C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                            • Associated: 00000007.00000002.1901361201.00007FF7075C8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                            • Associated: 00000007.00000002.1902080639.00007FF7075CC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                            • Associated: 00000007.00000002.1902574005.00007FF7075CD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_7_2_7ff7075c0000_createdump.jbxd
                                                                            Similarity
                                                                            • API ID: terminate$Is_bad_exception_allowedabortstd::bad_alloc::bad_alloc
                                                                            • String ID: csm$csm$csm
                                                                            • API String ID: 695522112-393685449
                                                                            • Opcode ID: b33eca4017884e99d2f222704934a1d2e619e74398d1b95ed41b8d3f9756be10
                                                                            • Instruction ID: a242eb1c32ef7c58b3b00ff5997e59aa154ecebc6e78f72e7e1e46d2f2ea416a
                                                                            • Opcode Fuzzy Hash: b33eca4017884e99d2f222704934a1d2e619e74398d1b95ed41b8d3f9756be10
                                                                            • Instruction Fuzzy Hash: 5CE1BF729086C68EEB20AF24D8907EDBBB0FF44B48F954135DA8D47695DF38E482C721
                                                                            Function 00007FF7075C13C0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 34COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.1901311586.00007FF7075C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7075C0000, based on PE: true
                                                                            • Associated: 00000007.00000002.1901062975.00007FF7075C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                            • Associated: 00000007.00000002.1901361201.00007FF7075C8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                            • Associated: 00000007.00000002.1902080639.00007FF7075CC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                            • Associated: 00000007.00000002.1902574005.00007FF7075CD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_7_2_7ff7075c0000_createdump.jbxd
                                                                            Similarity
                                                                            • API ID: __acrt_iob_func$__stdio_common_vfprintf$fflushfprintf
                                                                            • String ID: [createdump]
                                                                            • API String ID: 3735572767-2657508301
                                                                            • Opcode ID: 5b675bc39e039bc525fd467c26ca74d7b5bd1981a0b88a155956b168aee24ed4
                                                                            • Instruction ID: ec4ee205e800e2825c02032e9acccc04b039e7bde207c37c4ccdd17439c7f21b
                                                                            • Opcode Fuzzy Hash: 5b675bc39e039bc525fd467c26ca74d7b5bd1981a0b88a155956b168aee24ed4
                                                                            • Instruction Fuzzy Hash: EA014B71A08B918AE700AB50FC183EAE360EF84BD1F804135EA8D03765DF7DE496C760
                                                                            Function 00007FF7075C1800 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 92networkCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            APIs
                                                                            • WSAStartup.WS2_32 ref: 00007FF7075C186C
                                                                              • Part of subcall function 00007FF7075C1450: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7075C1475
                                                                              • Part of subcall function 00007FF7075C1450: fprintf.MSPDB140-MSVCRT ref: 00007FF7075C1485
                                                                              • Part of subcall function 00007FF7075C1450: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7075C1494
                                                                              • Part of subcall function 00007FF7075C1450: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7075C14B3
                                                                              • Part of subcall function 00007FF7075C1450: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7075C14BE
                                                                              • Part of subcall function 00007FF7075C1450: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7075C14C7
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.1901311586.00007FF7075C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7075C0000, based on PE: true
                                                                            • Associated: 00000007.00000002.1901062975.00007FF7075C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                            • Associated: 00000007.00000002.1901361201.00007FF7075C8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                            • Associated: 00000007.00000002.1902080639.00007FF7075CC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                            • Associated: 00000007.00000002.1902574005.00007FF7075CD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_7_2_7ff7075c0000_createdump.jbxd
                                                                            Similarity
                                                                            • API ID: __acrt_iob_func$Startup__stdio_common_vfprintffflushfprintf
                                                                            • String ID: %%%%%%%%$%%%%%%%%$--name$Invalid dump name format char '%c'$Pipe syntax in dump name not supported
                                                                            • API String ID: 3378602911-3973674938
                                                                            • Opcode ID: 6d691e12a95190b73438bc01f861d361a60469c0dc3d28550e2b0afd423a51ff
                                                                            • Instruction ID: f69eea0bd5a21d9d668b3c69a89b29d7e6d34b9847068c66561595d6792a1ebd
                                                                            • Opcode Fuzzy Hash: 6d691e12a95190b73438bc01f861d361a60469c0dc3d28550e2b0afd423a51ff
                                                                            • Instruction Fuzzy Hash: 0231EEA2E08A858AF759AF559C547F9A7A2BF45384FC44032EE4D03296CF3CE046C330
                                                                            Function 00007FF7075C6498 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            APIs
                                                                            • LoadLibraryExW.KERNEL32(00000000,?,00000000,00007FF7075C669F,?,?,?,00007FF7075C441E,?,?,?,00007FF7075C43D9), ref: 00007FF7075C651D
                                                                            • GetLastError.KERNEL32(?,00000000,00007FF7075C669F,?,?,?,00007FF7075C441E,?,?,?,00007FF7075C43D9,?,?,?,?,00007FF7075C3524), ref: 00007FF7075C652B
                                                                            • LoadLibraryExW.KERNEL32(?,00000000,00007FF7075C669F,?,?,?,00007FF7075C441E,?,?,?,00007FF7075C43D9,?,?,?,?,00007FF7075C3524), ref: 00007FF7075C6555
                                                                            • FreeLibrary.KERNEL32(?,00000000,00007FF7075C669F,?,?,?,00007FF7075C441E,?,?,?,00007FF7075C43D9,?,?,?,?,00007FF7075C3524), ref: 00007FF7075C659B
                                                                            • GetProcAddress.KERNEL32(?,00000000,00007FF7075C669F,?,?,?,00007FF7075C441E,?,?,?,00007FF7075C43D9,?,?,?,?,00007FF7075C3524), ref: 00007FF7075C65A7
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.1901311586.00007FF7075C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7075C0000, based on PE: true
                                                                            • Associated: 00000007.00000002.1901062975.00007FF7075C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                            • Associated: 00000007.00000002.1901361201.00007FF7075C8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                            • Associated: 00000007.00000002.1902080639.00007FF7075CC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                            • Associated: 00000007.00000002.1902574005.00007FF7075CD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_7_2_7ff7075c0000_createdump.jbxd
                                                                            Similarity
                                                                            • API ID: Library$Load$AddressErrorFreeLastProc
                                                                            • String ID: api-ms-
                                                                            • API String ID: 2559590344-2084034818
                                                                            • Opcode ID: 91eaabdab86b5d7484fb536d38c8d26551698fbc6984510a5f5d6d43d06b7795
                                                                            • Instruction ID: 8e8b6d315d7d581d990f382a0bfe05708de0a66cb972e197159f9805b1614ff6
                                                                            • Opcode Fuzzy Hash: 91eaabdab86b5d7484fb536d38c8d26551698fbc6984510a5f5d6d43d06b7795
                                                                            • Instruction Fuzzy Hash: FF31A421A1A64299FE11BB129C007F5A2D4FF48BA0FE94635DE1D4A784EF3CE546C370
                                                                            Function 00007FF7075C1B18 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 149COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 360 7ff7075c1b18-7ff7075c1b32 _time64 361 7ff7075c1b80-7ff7075c1ba8 360->361 362 7ff7075c1b34-7ff7075c1b37 360->362 361->361 363 7ff7075c1baa-7ff7075c1bd8 361->363 364 7ff7075c1b40-7ff7075c1b68 362->364 366 7ff7075c1bfa-7ff7075c1c32 363->366 367 7ff7075c1bda-7ff7075c1bf5 call 7ff7075c1ee0 363->367 364->364 365 7ff7075c1b6a-7ff7075c1b71 364->365 365->363 369 7ff7075c1c64-7ff7075c1c78 call 7ff7075c2230 366->369 370 7ff7075c1c34-7ff7075c1c43 366->370 367->366 378 7ff7075c1c7d-7ff7075c1c88 369->378 372 7ff7075c1c45 370->372 373 7ff7075c1c48-7ff7075c1c62 call 7ff7075c68c0 370->373 372->373 373->378 379 7ff7075c1c8a-7ff7075c1c98 378->379 380 7ff7075c1cbb-7ff7075c1cde 378->380 381 7ff7075c1cb3-7ff7075c1cb6 call 7ff7075c2680 379->381 382 7ff7075c1c9a-7ff7075c1cad 379->382 383 7ff7075c1d55-7ff7075c1d70 380->383 381->380 382->381 384 7ff7075c1da2-7ff7075c1dce _invalid_parameter_noinfo_noreturn WSAGetLastError call 7ff7075c1450 call 7ff7075c2680 382->384 388 7ff7075c18a0-7ff7075c18a3 383->388 389 7ff7075c1d76 383->389 393 7ff7075c1d78-7ff7075c1da1 call 7ff7075c2660 384->393 391 7ff7075c18a5-7ff7075c18b7 388->391 392 7ff7075c18f3-7ff7075c18fe 388->392 389->393 396 7ff7075c18e2-7ff7075c18ee call 7ff7075c20c0 391->396 397 7ff7075c18b9-7ff7075c18c8 391->397 398 7ff7075c1dd0-7ff7075c1dde call 7ff7075c1450 392->398 399 7ff7075c1904-7ff7075c1915 392->399 396->383 403 7ff7075c18ca 397->403 404 7ff7075c18cd-7ff7075c18dd 397->404 398->393 399->383 403->404 404->383
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.1901311586.00007FF7075C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7075C0000, based on PE: true
                                                                            • Associated: 00000007.00000002.1901062975.00007FF7075C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                            • Associated: 00000007.00000002.1901361201.00007FF7075C8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                            • Associated: 00000007.00000002.1902080639.00007FF7075CC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                            • Associated: 00000007.00000002.1902574005.00007FF7075CD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_7_2_7ff7075c0000_createdump.jbxd
                                                                            Similarity
                                                                            • API ID: _time64
                                                                            • String ID: %%%%%%%%$Could not get the host name for dump name: %d
                                                                            • API String ID: 1670930206-4114407318
                                                                            • Opcode ID: 30f253d6cb86930f70187238c9af70fef4a32202514a54efb800f102df6d23dc
                                                                            • Instruction ID: 7f1dafb488c045f84b470079d8716a393be15ea5c71dafc4b6e23f00f96f64bd
                                                                            • Opcode Fuzzy Hash: 30f253d6cb86930f70187238c9af70fef4a32202514a54efb800f102df6d23dc
                                                                            • Instruction Fuzzy Hash: 9C51C7B2A18B858AEB00DB28D8543EDA7A5FF417D4F800135DA5D177AADF3CE042D760
                                                                            Function 00007FF7075C4EA0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 190COMMONLIBRARYCODE
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.1901311586.00007FF7075C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7075C0000, based on PE: true
                                                                            • Associated: 00000007.00000002.1901062975.00007FF7075C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                            • Associated: 00000007.00000002.1901361201.00007FF7075C8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                            • Associated: 00000007.00000002.1902080639.00007FF7075CC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                            • Associated: 00000007.00000002.1902574005.00007FF7075CD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_7_2_7ff7075c0000_createdump.jbxd
                                                                            Similarity
                                                                            • API ID: EncodePointerabort
                                                                            • String ID: MOC$RCC
                                                                            • API String ID: 1188231555-2084237596
                                                                            • Opcode ID: 97abe66515cb1414aeefc8003222462485e27fa84eefc4111ad6d0138f6fd2ea
                                                                            • Instruction ID: 7a63159d8fb93d6b48e8d6bb6a59e67b30c90f47d00222f443bf77f2ef5a9700
                                                                            • Opcode Fuzzy Hash: 97abe66515cb1414aeefc8003222462485e27fa84eefc4111ad6d0138f6fd2ea
                                                                            • Instruction Fuzzy Hash: 3091B273A08B868EE710DB65D8403EDBBB0FB44788F544129EA8D57754EF38E1A6C720
                                                                            Function 00007FF7075C5414 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 163COMMONLIBRARYCODE
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 459 7ff7075c5414-7ff7075c5461 call 7ff7075c63f4 call 7ff7075c43d0 464 7ff7075c5463-7ff7075c5469 459->464 465 7ff7075c548e-7ff7075c5492 459->465 464->465 468 7ff7075c546b-7ff7075c546e 464->468 466 7ff7075c55b2-7ff7075c55c7 call 7ff7075c5724 465->466 467 7ff7075c5498-7ff7075c549b 465->467 480 7ff7075c55d2-7ff7075c55d8 466->480 481 7ff7075c55c9-7ff7075c55cc 466->481 469 7ff7075c54a1-7ff7075c54d1 467->469 470 7ff7075c5680 467->470 472 7ff7075c5480-7ff7075c5483 468->472 473 7ff7075c5470-7ff7075c5474 468->473 469->470 474 7ff7075c54d7-7ff7075c54de 469->474 475 7ff7075c5685-7ff7075c56a1 470->475 472->465 478 7ff7075c5485-7ff7075c5488 472->478 477 7ff7075c5476-7ff7075c547e 473->477 473->478 474->470 479 7ff7075c54e4-7ff7075c54e8 474->479 477->465 477->472 478->465 478->470 482 7ff7075c559f-7ff7075c55ad call 7ff7075c3678 479->482 483 7ff7075c54ee-7ff7075c54f1 479->483 484 7ff7075c55da-7ff7075c55de 480->484 485 7ff7075c5647-7ff7075c567b call 7ff7075c49a4 480->485 481->470 481->480 482->470 487 7ff7075c5556-7ff7075c5559 483->487 488 7ff7075c54f3-7ff7075c5508 call 7ff7075c4520 483->488 484->485 490 7ff7075c55e0-7ff7075c55e7 484->490 485->470 487->482 491 7ff7075c555b-7ff7075c5563 487->491 495 7ff7075c56a2-7ff7075c56a7 abort 488->495 500 7ff7075c550e-7ff7075c5511 488->500 490->485 494 7ff7075c55e9-7ff7075c55f0 490->494 491->495 496 7ff7075c5569-7ff7075c5593 491->496 494->485 498 7ff7075c55f2-7ff7075c5605 call 7ff7075c3bbc 494->498 496->495 499 7ff7075c5599-7ff7075c559d 496->499 498->485 506 7ff7075c5607-7ff7075c5645 498->506 503 7ff7075c5546-7ff7075c5551 call 7ff7075c5cf0 499->503 504 7ff7075c5513-7ff7075c5538 500->504 505 7ff7075c553a-7ff7075c553d 500->505 503->470 504->505 505->495 507 7ff7075c5543 505->507 506->475 507->503
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.1901311586.00007FF7075C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7075C0000, based on PE: true
                                                                            • Associated: 00000007.00000002.1901062975.00007FF7075C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                            • Associated: 00000007.00000002.1901361201.00007FF7075C8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                            • Associated: 00000007.00000002.1902080639.00007FF7075CC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                            • Associated: 00000007.00000002.1902574005.00007FF7075CD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_7_2_7ff7075c0000_createdump.jbxd
                                                                            Similarity
                                                                            • API ID: __except_validate_context_recordabort
                                                                            • String ID: csm$csm
                                                                            • API String ID: 746414643-3733052814
                                                                            • Opcode ID: 1056e810e0031d83590426beccc43492b2f2866ca19cabfb7471893f0b3bcd0b
                                                                            • Instruction ID: ce909d1ce92e531dc57016ca7af14c4fdedf55036b74d5a1aadcd2c6568eb730
                                                                            • Opcode Fuzzy Hash: 1056e810e0031d83590426beccc43492b2f2866ca19cabfb7471893f0b3bcd0b
                                                                            • Instruction Fuzzy Hash: 7B71C5325086C18ED721AF5598507B9BBA0FF40B89FA48135DA8D47A85DF3CE4A2CB60
                                                                            Function 00007FF7075C195F Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.1901311586.00007FF7075C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7075C0000, based on PE: true
                                                                            • Associated: 00000007.00000002.1901062975.00007FF7075C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                            • Associated: 00000007.00000002.1901361201.00007FF7075C8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                            • Associated: 00000007.00000002.1902080639.00007FF7075CC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                            • Associated: 00000007.00000002.1902574005.00007FF7075CD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_7_2_7ff7075c0000_createdump.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: %%%%%%%%$Could not get the host name for dump name: %d
                                                                            • API String ID: 0-4114407318
                                                                            • Opcode ID: 3a1402493b52144332fc7ef885a246e0bef5bb5eddb931c8bdeb75c83dbb8659
                                                                            • Instruction ID: ea7c2bb9a1e3d9117ac74fac274d70df355613f172cc38c27ab2a9beee37089f
                                                                            • Opcode Fuzzy Hash: 3a1402493b52144332fc7ef885a246e0bef5bb5eddb931c8bdeb75c83dbb8659
                                                                            • Instruction Fuzzy Hash: B151D872A18B858AE710DB29E8447EAA761FF817D0F840135EA9D17BDACF3DD042D760
                                                                            Function 00007FF7075C5860 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 117COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.1901311586.00007FF7075C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7075C0000, based on PE: true
                                                                            • Associated: 00000007.00000002.1901062975.00007FF7075C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                            • Associated: 00000007.00000002.1901361201.00007FF7075C8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                            • Associated: 00000007.00000002.1902080639.00007FF7075CC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                            • Associated: 00000007.00000002.1902574005.00007FF7075CD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_7_2_7ff7075c0000_createdump.jbxd
                                                                            Similarity
                                                                            • API ID: CreateFrameInfo__except_validate_context_record
                                                                            • String ID: csm
                                                                            • API String ID: 2558813199-1018135373
                                                                            • Opcode ID: 08459d2de849ea082ca6f7467207d0873ef5a0572d3180cf677e49d91fe67cef
                                                                            • Instruction ID: a0d92345b2ece53a47f122d5495b1882006939766365ebf0654ed340cde9b99f
                                                                            • Opcode Fuzzy Hash: 08459d2de849ea082ca6f7467207d0873ef5a0572d3180cf677e49d91fe67cef
                                                                            • Instruction Fuzzy Hash: 545152326187468AD620AB16E8407AEB7B4FB88F94F540134DB8D07B55DF7CE4A2CB20
                                                                            Function 00007FF7075C17E0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 59networkCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • std::_Xinvalid_argument.LIBCPMT ref: 00007FF7075C17EB
                                                                            • WSAStartup.WS2_32 ref: 00007FF7075C186C
                                                                              • Part of subcall function 00007FF7075C1450: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7075C1475
                                                                              • Part of subcall function 00007FF7075C1450: fprintf.MSPDB140-MSVCRT ref: 00007FF7075C1485
                                                                              • Part of subcall function 00007FF7075C1450: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7075C1494
                                                                              • Part of subcall function 00007FF7075C1450: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7075C14B3
                                                                              • Part of subcall function 00007FF7075C1450: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7075C14BE
                                                                              • Part of subcall function 00007FF7075C1450: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7075C14C7
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.1901311586.00007FF7075C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7075C0000, based on PE: true
                                                                            • Associated: 00000007.00000002.1901062975.00007FF7075C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                            • Associated: 00000007.00000002.1901361201.00007FF7075C8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                            • Associated: 00000007.00000002.1902080639.00007FF7075CC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                            • Associated: 00000007.00000002.1902574005.00007FF7075CD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_7_2_7ff7075c0000_createdump.jbxd
                                                                            Similarity
                                                                            • API ID: __acrt_iob_func$StartupXinvalid_argument__stdio_common_vfprintffflushfprintfstd::_
                                                                            • String ID: --name$Pipe syntax in dump name not supported$string too long
                                                                            • API String ID: 1412700758-3183687674
                                                                            • Opcode ID: 937e6b2c28cea08e1eee527b5bf6a7363096d6cc0634c1c423fcc3cad23f2144
                                                                            • Instruction ID: 0698ae14ddeb87dec4d5d4033b557f1f5a073d707c22ce5347fb05f01c42db56
                                                                            • Opcode Fuzzy Hash: 937e6b2c28cea08e1eee527b5bf6a7363096d6cc0634c1c423fcc3cad23f2144
                                                                            • Instruction Fuzzy Hash: 9701B162A189C599F761AF12EC817EAA350BF88798F800036EE4D07652CF3CE497C720
                                                                            Function 00007FF7075C1CE0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 54networkCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.1901311586.00007FF7075C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7075C0000, based on PE: true
                                                                            • Associated: 00000007.00000002.1901062975.00007FF7075C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                            • Associated: 00000007.00000002.1901361201.00007FF7075C8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                            • Associated: 00000007.00000002.1902080639.00007FF7075CC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                            • Associated: 00000007.00000002.1902574005.00007FF7075CD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_7_2_7ff7075c0000_createdump.jbxd
                                                                            Similarity
                                                                            • API ID: ErrorLastgethostname
                                                                            • String ID: %%%%%%%%$Could not get the host name for dump name: %d
                                                                            • API String ID: 3782448640-4114407318
                                                                            • Opcode ID: 320cb389b9e396755b8a5578c83a0b73153155c3fa84c5d330cc0819ada1fb95
                                                                            • Instruction ID: f1b0203584efc9b2f1821f0f383b7ee8c79cea9d0c2c9ed5579379c337cd86cf
                                                                            • Opcode Fuzzy Hash: 320cb389b9e396755b8a5578c83a0b73153155c3fa84c5d330cc0819ada1fb95
                                                                            • Instruction Fuzzy Hash: 0111C661E085464DFA89BB21AC507FAA390AF867B4F801135DA9F172D6DF3CE0838370
                                                                            Function 00007FF7075C4158 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 31COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.1901311586.00007FF7075C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7075C0000, based on PE: true
                                                                            • Associated: 00000007.00000002.1901062975.00007FF7075C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                            • Associated: 00000007.00000002.1901361201.00007FF7075C8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                            • Associated: 00000007.00000002.1902080639.00007FF7075CC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                            • Associated: 00000007.00000002.1902574005.00007FF7075CD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_7_2_7ff7075c0000_createdump.jbxd
                                                                            Similarity
                                                                            • API ID: terminate
                                                                            • String ID: MOC$RCC$csm
                                                                            • API String ID: 1821763600-2671469338
                                                                            • Opcode ID: 2eecf08628838b8288b91de4d166118c23004d29b6453832f1ed38693e8fa958
                                                                            • Instruction ID: 0b2eb65d258f2dfa0c0461beaf32461250e1e6a8859142823e0b0883042e1e22
                                                                            • Opcode Fuzzy Hash: 2eecf08628838b8288b91de4d166118c23004d29b6453832f1ed38693e8fa958
                                                                            • Instruction Fuzzy Hash: F7F0A43691828AC9E3247F51A9516ECBB74EF98F44F995031D74806252CF7CE4A2C6B2
                                                                            Function 00007FF7075C20C0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(-3333333333333333,?,00000000,00007FF7075C18EE), ref: 00007FF7075C21E0
                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7075C221E
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.1901311586.00007FF7075C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7075C0000, based on PE: true
                                                                            • Associated: 00000007.00000002.1901062975.00007FF7075C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                            • Associated: 00000007.00000002.1901361201.00007FF7075C8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                            • Associated: 00000007.00000002.1902080639.00007FF7075CC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                            • Associated: 00000007.00000002.1902574005.00007FF7075CD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_7_2_7ff7075c0000_createdump.jbxd
                                                                            Similarity
                                                                            • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                            • String ID: Invalid process id '%d' error %d
                                                                            • API String ID: 73155330-4244389950
                                                                            • Opcode ID: bba2875ca5ab07f9a8534c7e54732a79a80581b419c8ee845a73c6edf0a3127c
                                                                            • Instruction ID: d184638a5cf081b8c6d84ddba149665c2f8b2a8147c153c6bc21d6618990b8d6
                                                                            • Opcode Fuzzy Hash: bba2875ca5ab07f9a8534c7e54732a79a80581b419c8ee845a73c6edf0a3127c
                                                                            • Instruction Fuzzy Hash: 4A31BF2270978299EA14AF169D443E9A3A1FF05BD0F980631DB5D0BBD5DF7DE0928370
                                                                            Function 00007FF7075C3F84 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF7075C173F), ref: 00007FF7075C3FC8
                                                                            • RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF7075C173F), ref: 00007FF7075C400E
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.1901311586.00007FF7075C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7075C0000, based on PE: true
                                                                            • Associated: 00000007.00000002.1901062975.00007FF7075C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                            • Associated: 00000007.00000002.1901361201.00007FF7075C8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                            • Associated: 00000007.00000002.1902080639.00007FF7075CC000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                            • Associated: 00000007.00000002.1902574005.00007FF7075CD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_7_2_7ff7075c0000_createdump.jbxd
                                                                            Similarity
                                                                            • API ID: ExceptionFileHeaderRaise
                                                                            • String ID: csm
                                                                            • API String ID: 2573137834-1018135373
                                                                            • Opcode ID: 7531413fd5ba05c8efc2732aab9693bebd0b5d96e62eb0afc70bc4d0601aafd3
                                                                            • Instruction ID: bb0ce6b7e80efe21f626eb899b2c6136197275ae219b24118fc6db054ba75bdf
                                                                            • Opcode Fuzzy Hash: 7531413fd5ba05c8efc2732aab9693bebd0b5d96e62eb0afc70bc4d0601aafd3
                                                                            • Instruction Fuzzy Hash: 66113D32618B4582EB209B15F8402A9B7A4FF88B84F588631EE8D07B68DF3DD556C710

                                                                            Non-executed Functions

                                                                            Function 00007FFDFB8DB840 Relevance: 372.3, APIs: 121, Strings: 91, Instructions: 1269libraryloaderCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: AddressProc$Library$_aligned_free$ByteCharFreeHandleLoadModuleMultiWidefree$_errnocalloc
                                                                            • String ID: Cannot load %s$Cannot load optional %s$Loaded lib: %s$Loaded sym: %s$SetDefaultDllDirectories$cuArray3DCreate_v2$cuArrayCreate_v2$cuArrayDestroy$cuCtxCreate_v2$cuCtxDestroy_v2$cuCtxGetDevice$cuCtxPopCurrent_v2$cuCtxPushCurrent_v2$cuCtxSetLimit$cuD3D11GetDevice$cuD3D11GetDevices$cuDestroyExternalMemory$cuDestroyExternalSemaphore$cuDeviceComputeCapability$cuDeviceGet$cuDeviceGetAttribute$cuDeviceGetCount$cuDeviceGetName$cuDeviceGetUuid$cuDevicePrimaryCtxGetState$cuDevicePrimaryCtxRelease$cuDevicePrimaryCtxReset$cuDevicePrimaryCtxRetain$cuDevicePrimaryCtxSetFlags$cuEGLStreamConsumerDisconnect$cuEGLStreamProducerConnect$cuEGLStreamProducerDisconnect$cuEGLStreamProducerPresentFrame$cuEGLStreamProducerReturnFrame$cuEventCreate$cuEventDestroy_v2$cuEventQuery$cuEventRecord$cuEventSynchronize$cuExternalMemoryGetMappedBuffer$cuExternalMemoryGetMappedMipmappedArray$cuGLGetDevices_v2$cuGetErrorName$cuGetErrorString$cuGraphicsD3D11RegisterResource$cuGraphicsGLRegisterImage$cuGraphicsMapResources$cuGraphicsResourceGetMappedPointer_v2$cuGraphicsSubResourceGetMappedArray$cuGraphicsUnmapResources$cuGraphicsUnregisterResource$cuImportExternalMemory$cuImportExternalSemaphore$cuInit$cuLaunchKernel$cuLinkAddData$cuLinkComplete$cuLinkCreate$cuLinkDestroy$cuMemAllocManaged$cuMemAllocPitch_v2$cuMemAlloc_v2$cuMemFree_v2$cuMemcpy$cuMemcpy2DAsync_v2$cuMemcpy2D_v2$cuMemcpyAsync$cuMemcpyDtoDAsync_v2$cuMemcpyDtoD_v2$cuMemcpyDtoHAsync_v2$cuMemcpyDtoH_v2$cuMemcpyHtoDAsync_v2$cuMemcpyHtoD_v2$cuMemsetD8Async$cuMipmappedArrayDestroy$cuMipmappedArrayGetLevel$cuModuleGetFunction$cuModuleGetGlobal$cuModuleLoadData$cuModuleUnload$cuSignalExternalSemaphoresAsync$cuStreamAddCallback$cuStreamCreate$cuStreamDestroy_v2$cuStreamQuery$cuStreamSynchronize$cuTexObjectCreate$cuTexObjectDestroy$cuWaitExternalSemaphoresAsync$kernel32.dll$nvcuda.dll
                                                                            • API String ID: 3405737670-3447704524
                                                                            • Opcode ID: 4af3281c0e25db81b3078cec52e73783fda2d96fdf649ea0d565a5970141e5c3
                                                                            • Instruction ID: 312a6c84d4cab1bee1cd9315eda6585dcdddda6e224e117164dada955dd1ed47
                                                                            • Opcode Fuzzy Hash: 4af3281c0e25db81b3078cec52e73783fda2d96fdf649ea0d565a5970141e5c3
                                                                            • Instruction Fuzzy Hash: D6D2D324B2BE4791EB05EF60E870AF92795AF88744FC49532D82D4B6F9DE3CE506C250
                                                                            Function 00007FFDFB8DFDF0 Relevance: 140.7, APIs: 62, Strings: 18, Instructions: 667libraryloaderCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: AddressProc$ByteCharMultiWide_aligned_free$LibraryLoad$DesktopWindow_errno$atoi
                                                                            • String ID: &$DXVA2CreateDirect3DDeviceManager9$Direct3DCreate9$Direct3DCreate9Ex$Failed to bind Direct3D device to device manager$Failed to create Direct3D device$Failed to create Direct3D device manager$Failed to create IDirect3D object$Failed to load D3D9 library$Failed to load DXVA2 library$Failed to locate DXVA2CreateDirect3DDeviceManager9$Failed to locate Direct3DCreate9$Failed to open device handle$SetDefaultDllDirectories$Using D3D9Ex device.$d3d9.dll$dxva2.dll$kernel32.dll
                                                                            • API String ID: 1760633067-2418308259
                                                                            • Opcode ID: 1b8f3b45278436593ea4620b683ff6dcafb812b761b95205c1ba724c4eb98057
                                                                            • Instruction ID: 304fdd3fd94d9304a29020245a5146e51082f6671dcd28fd9318264e9c869c36
                                                                            • Opcode Fuzzy Hash: 1b8f3b45278436593ea4620b683ff6dcafb812b761b95205c1ba724c4eb98057
                                                                            • Instruction Fuzzy Hash: EA529D31B1AB8381EB589B91E825BBA6790FBC8B84F504835D9AD577E9DF7CE004C740
                                                                            Function 00007FFE13253AA7 Relevance: 130.3, APIs: 64, Strings: 10, Instructions: 798COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908676257.00007FFE13241000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE13240000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908661283.00007FFE13240000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908699278.00007FFE13259000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908719036.00007FFE13262000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908735260.00007FFE13263000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908750918.00007FFE13266000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908767541.00007FFE13267000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffe13240000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: av_log$av_channel_layout_compareav_channel_layout_describeav_channel_layout_uninit$av_channel_layout_checkav_channel_layout_subset$av_channel_layout_from_mask
                                                                            • String ID: %s: $%s:%f $Assertion %s failed at %s:%d$Full-on remixing from 22.2 has not yet been implemented! Processing the input as '%s'$Input channel layout '%s' is not supported$Input channel layout is invalid$Matrix coefficients:$Output channel layout '%s' is not supported$Output channel layout is invalid$src/libswresample/rematrix.c
                                                                            • API String ID: 2619559304-3174812640
                                                                            • Opcode ID: 5aa9f050ff1bdde174cdacfa5c37e80b8c215c118cb67db339f9d22cf6abd8d3
                                                                            • Instruction ID: 4e682e292566be772e99ce08cf9ad48de6f605b785b717fb5f33f9e7cee70947
                                                                            • Opcode Fuzzy Hash: 5aa9f050ff1bdde174cdacfa5c37e80b8c215c118cb67db339f9d22cf6abd8d3
                                                                            • Instruction Fuzzy Hash: C6829462E1CF8589E662EE22A4103FBA365EFF6390F505371DA4A765A5FF3CD141C600
                                                                            Function 00007FFE13227508 Relevance: 90.2, APIs: 36, Strings: 15, Instructions: 913COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908589897.00007FFE13221000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE13220000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908574862.00007FFE13220000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908610418.00007FFE13231000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908629237.00007FFE13236000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908644951.00007FFE13237000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffe13220000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: Name::operator+
                                                                            • String ID: /$[thunk]:$`adjustor{$`local static destructor helper'$`template static data member constructor helper'$`template static data member destructor helper'$`vtordispex{$`vtordisp{$extern "C" $private: $protected: $public: $static $virtual $}'
                                                                            • API String ID: 2943138195-2884338863
                                                                            • Opcode ID: dfe3c345cf42f50a30eb54d6b673e306e5f826d7c41941afd65b24be17fee6d5
                                                                            • Instruction ID: 93396cb1d774e7fbe131b65e2aa35962dec1ccb4aa14d2ee9c2f8548a84dae60
                                                                            • Opcode Fuzzy Hash: dfe3c345cf42f50a30eb54d6b673e306e5f826d7c41941afd65b24be17fee6d5
                                                                            • Instruction Fuzzy Hash: 9B928632A1CB828AE760EB19F8812ADB7A0FBD4364F501175FA8D536A9DF7CD544CB40
                                                                            Function 00007FFE13254B4A Relevance: 83.2, APIs: 43, Strings: 4, Instructions: 981COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908676257.00007FFE13241000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE13240000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908661283.00007FFE13240000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908699278.00007FFE13259000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908719036.00007FFE13262000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908735260.00007FFE13263000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908750918.00007FFE13266000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908767541.00007FFE13267000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffe13240000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: av_channel_layout_compare$av_callocav_mallocz$av_get_packed_sample_fmt$abortav_freepav_get_cpu_flagsav_log
                                                                            • String ID: ?$@$Assertion %s failed at %s:%d$src/libswresample/rematrix.c
                                                                            • API String ID: 589828794-1409810779
                                                                            • Opcode ID: 5188afd4967a419cf0fd434335850466d59e66cd640ed80c7eb5b51fe742ae3d
                                                                            • Instruction ID: e53098ef63254d0ce7317313d5b92482ba05144587077baea34eb3de4978e7d9
                                                                            • Opcode Fuzzy Hash: 5188afd4967a419cf0fd434335850466d59e66cd640ed80c7eb5b51fe742ae3d
                                                                            • Instruction Fuzzy Hash: 75A2CEB2909E46CDE761AB1290497FD6258FFA13E1F6143B4CA4EB61A4FF3CA149C704
                                                                            Function 00007FF63DD92A10 Relevance: 65.0, APIs: 32, Strings: 5, Instructions: 209stringCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1903087180.00007FF63DD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF63DD90000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1903060811.00007FF63DD90000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1903107554.00007FF63DD95000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1903135413.00007FF63DD96000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1903225542.00007FF63DD99000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ff63dd90000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: strncmp$__acrt_iob_func$av_dict_freeav_strerrorfprintfprintf$av_dict_getos_event_init$__stdio_common_vfprintf_errnoav_dict_countav_dict_parse_stringav_mallocavformat_write_headeravio_alloc_contextavio_openbreallocmemmovepthread_createpthread_mutex_initstrerror
                                                                            • String ID: %s=%s$Couldn't open '%s', %s$Error opening '%s': %s$Failed to parse muxer settings: %s%s$Using muxer settings:
                                                                            • API String ID: 2783795328-2826353358
                                                                            • Opcode ID: 0ced714b6d2bafb841ab697dc7cb68e417ab27a254e86fbca716fd3c82a395c5
                                                                            • Instruction ID: ccb7972f080df3fbb3d0297627cd86224bfd555f9a4bf5a17325d4c887cb17ac
                                                                            • Opcode Fuzzy Hash: 0ced714b6d2bafb841ab697dc7cb68e417ab27a254e86fbca716fd3c82a395c5
                                                                            • Instruction Fuzzy Hash: C9A15221B18A8A95EB54DBA1D4603F87360FB58788F804336EA4D97795FF3EE264D340
                                                                            Function 00007FF63DD92EE0 Relevance: 54.6, APIs: 29, Strings: 2, Instructions: 313COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1903087180.00007FF63DD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF63DD90000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1903060811.00007FF63DD90000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1903107554.00007FF63DD95000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1903135413.00007FF63DD96000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1903225542.00007FF63DD99000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ff63dd90000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: __acrt_iob_func$freemalloc$fprintf$ByteCharMultiWideav_rescale_q_rndrealloc$ErrorMode__stdio_common_vfprintf_fileno_setmodeav_interleaved_write_frameav_strerrormemsetsetvbuf
                                                                            • String ID: Couldn't initialize muxer$av_interleaved_write_frame failed: %d: %s
                                                                            • API String ID: 4192084208-164389310
                                                                            • Opcode ID: 90e4d641eae2122b72088982d14054dbbcc6ef952270b6c02c8a2abd6878b3b9
                                                                            • Instruction ID: bb33917806fc5e277c045b3d18b76c358eb415b5a88f558c2544c9226d75212c
                                                                            • Opcode Fuzzy Hash: 90e4d641eae2122b72088982d14054dbbcc6ef952270b6c02c8a2abd6878b3b9
                                                                            • Instruction Fuzzy Hash: 30E18122B08A8A86EB20DFA1D8643BD77A1FB89B94F404235DE0D97B64EF3DD545D700
                                                                            Function 00007FFDFB8CC2F0 Relevance: 51.3, APIs: 25, Strings: 4, Instructions: 582stringCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: _aligned_free$strcmp$strchrstrtol
                                                                            • String ID: channels$%d channels (%[^)]$ambisonic $mono
                                                                            • API String ID: 6235670-221731140
                                                                            • Opcode ID: 9a9eb1e0a00dde1935faf8ff688298a0d262cbf1e4cfcb0e70de2c1dca8238e4
                                                                            • Instruction ID: 430353f853a23df41cf277a45aadc5718d41f9316192123338c67867a790714e
                                                                            • Opcode Fuzzy Hash: 9a9eb1e0a00dde1935faf8ff688298a0d262cbf1e4cfcb0e70de2c1dca8238e4
                                                                            • Instruction Fuzzy Hash: 61424FF2B1968385EB648B15E460B7A6791FBC4780F548036DAAD47FE9DE3CE441CB80
                                                                            Function 00007FFE13248DB0 Relevance: 42.1, APIs: 12, Strings: 12, Instructions: 108COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908676257.00007FFE13241000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE13240000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908661283.00007FFE13240000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908699278.00007FFE13259000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908719036.00007FFE13262000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908735260.00007FFE13263000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908750918.00007FFE13266000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908767541.00007FFE13267000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffe13240000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: av_opt_set_int$av_opt_set_chlayout$av_log
                                                                            • String ID: Failed to set option$ich$ichl$icl$isf$isr$och$ochl$ocl$osf$osr$uch
                                                                            • API String ID: 4144258317-3247528414
                                                                            • Opcode ID: 10ab7c08c9e10468c087a0fc18b47031af3b6046317781463100eb67561eeeb0
                                                                            • Instruction ID: c8ee5fc81607b153bee873c5ed0f64aceba22f38a016b70d40f0928f8af5d5f8
                                                                            • Opcode Fuzzy Hash: 10ab7c08c9e10468c087a0fc18b47031af3b6046317781463100eb67561eeeb0
                                                                            • Instruction Fuzzy Hash: 8041B6E6B08B5385FA507723A951BE71601AFF57A8F8012B2ED0C67AA5FE7CD204C300
                                                                            Function 00007FFDFB8F2D90 Relevance: 26.5, APIs: 7, Strings: 8, Instructions: 203COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: _close_read$clock
                                                                            • String ID: /dev/random$/dev/urandom$Assertion %s failed at %s:%d$Microsoft Primitive Provider$N$RNG$sizeof(tmp) >= av_sha_size$src/libavutil/random_seed.c
                                                                            • API String ID: 3077350862-4220122895
                                                                            • Opcode ID: 42a263d787bb1900c231adad2bae4144787def7db549a8d8b5a27e8b710399cc
                                                                            • Instruction ID: 22ac1bf07fb3e6039acdf138da958f19c28e3aa84f6dd7d46274793605c2525d
                                                                            • Opcode Fuzzy Hash: 42a263d787bb1900c231adad2bae4144787def7db549a8d8b5a27e8b710399cc
                                                                            • Instruction Fuzzy Hash: FD712B72B2A54345F7189F24E961AB93B91EB84784F504136E62E47AFDEF7CE904C700
                                                                            Function 00007FFDFB8EF2C0 Relevance: 23.2, APIs: 3, Strings: 10, Instructions: 461COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: _errno
                                                                            • String ID: %H%M%S$%H:%M$%H:%M:%S$%J:%M:%S$%M:%S$%Y - %m - %d$%Y%m%d$+$AliceBlue$now
                                                                            • API String ID: 2918714741-785088730
                                                                            • Opcode ID: 8cc4219109180221a37125365c6cb82e6481bf229ae85591e8e1ba171042397c
                                                                            • Instruction ID: 5dbe39bc054be3481fae48e09859f9fbafe283ddcc2659cc23967339511ab624
                                                                            • Opcode Fuzzy Hash: 8cc4219109180221a37125365c6cb82e6481bf229ae85591e8e1ba171042397c
                                                                            • Instruction Fuzzy Hash: 79023A62B2E69746FB288B65E460B7A7B91EBC0744F548131DA6D07BFCDE3DE4058B00
                                                                            Function 00007FFDFB8CD9B0 Relevance: 21.3, APIs: 6, Strings: 6, Instructions: 272COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: abort
                                                                            • String ID: Assertion %s failed at %s:%d$av_crc_init(av_crc_table[AV_CRC_16_CCITT], 0, 16, 0x1021, sizeof(av_crc_table[AV_CRC_16_CCITT])) >= 0$av_crc_init(av_crc_table[AV_CRC_24_IEEE], 0, 24, 0x864CFB, sizeof(av_crc_table[AV_CRC_24_IEEE])) >= 0$av_crc_init(av_crc_table[AV_CRC_32_IEEE], 0, 32, 0x04C11DB7, sizeof(av_crc_table[AV_CRC_32_IEEE])) >= 0$av_crc_init(av_crc_table[AV_CRC_8_ATM], 0, 8, 0x07, sizeof(av_crc_table[AV_CRC_8_ATM])) >= 0$src/libavutil/crc.c
                                                                            • API String ID: 4206212132-2611614167
                                                                            • Opcode ID: 92c9e43b5e3701d523069e98b3d843c3635d7b65042acc036af35ff1e6a13f27
                                                                            • Instruction ID: 31e88fea501d8e827223567a019b94ca9124ee02cdbd36b0d4499603fa3931bd
                                                                            • Opcode Fuzzy Hash: 92c9e43b5e3701d523069e98b3d843c3635d7b65042acc036af35ff1e6a13f27
                                                                            • Instruction Fuzzy Hash: 31A194B2F2AA4747E704AF64D861BF92690EB95304FC88136D62DC66FADE7DE105C700
                                                                            Function 00007FFDFB8DED32 Relevance: 17.7, APIs: 3, Strings: 7, Instructions: 176libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: LibraryLoad
                                                                            • String ID: DXGIGetDebugInterface$Failed to create Direct3D device (%lx)$Failed to load D3D11 library or its functions$Using device %04x:%04x (%ls).$d3d11_1sdklayers.dll$debug$dxgidebug.dll
                                                                            • API String ID: 1029625771-4247103231
                                                                            • Opcode ID: 5e2a214d2a33974e5b6e87ebf4458333bd18d13c46bc31c7c438c065be5d4816
                                                                            • Instruction ID: 5d7b742d57c70280b5f52fa5198c23d2c1c4a1aa256a5ad721e42d9ff3a8a77c
                                                                            • Opcode Fuzzy Hash: 5e2a214d2a33974e5b6e87ebf4458333bd18d13c46bc31c7c438c065be5d4816
                                                                            • Instruction Fuzzy Hash: 49711B22B1AA4382EF109B25E460B6A67A0FFC8B84F545536DA6D47BF8DF3DE404C740
                                                                            Function 00007FFDFB8EC650 Relevance: 16.8, APIs: 1, Strings: 10, Instructions: 299COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: %d%*1[:/]%d%c$-$The "%s" option is deprecated: %s$Unable to parse option value "%s"$all$const_values array too small for %s$default$max$min$none
                                                                            • API String ID: 0-679463259
                                                                            • Opcode ID: 9d9d9a3b7a0190a60b3e1d7de4052083c20cc3d048e1b11ee78faf5db607be51
                                                                            • Instruction ID: 97c6f69a3b61590e80277d310110ff597baed38cb8bef92f5d2df4878a0fa8aa
                                                                            • Opcode Fuzzy Hash: 9d9d9a3b7a0190a60b3e1d7de4052083c20cc3d048e1b11ee78faf5db607be51
                                                                            • Instruction Fuzzy Hash: BCE1B132A1AB8286E7658F54E450BABB7A4FBC5748F144136DAAD56AE8DF3CD044CF00
                                                                            Function 00007FFE132468B0 Relevance: 16.3, APIs: 6, Strings: 3, Instructions: 567COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908676257.00007FFE13241000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE13240000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908661283.00007FFE13240000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908699278.00007FFE13259000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908719036.00007FFE13262000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908735260.00007FFE13263000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908750918.00007FFE13266000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908767541.00007FFE13267000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffe13240000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: av_malloc_array
                                                                            • String ID: Assertion %s failed at %s:%d$src/libswresample/resample.c$tap_count == 1 || tap_count % 2 == 0
                                                                            • API String ID: 1862890220-3187375394
                                                                            • Opcode ID: 821feb5264397491c723a34886a4805e0f008ad312c9caf0883d02201ff3be8e
                                                                            • Instruction ID: c47315cfc5c57d1a360a83a52a15392616a3e6ece33d32282d5636706fd42f59
                                                                            • Opcode Fuzzy Hash: 821feb5264397491c723a34886a4805e0f008ad312c9caf0883d02201ff3be8e
                                                                            • Instruction Fuzzy Hash: B142B572D18F958DD6239B3594502BAA714FFF63E0F41D363E95E32A65EF28E182C600
                                                                            Function 00007FFDFB8E4C80 Relevance: 15.4, APIs: 3, Strings: 7, Instructions: 398COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: Last message repeated %d times$ Last message repeated %d times$%s%s%s%s$8$?$[%s @ %p] $[%s]
                                                                            • API String ID: 0-179686365
                                                                            • Opcode ID: 700e6493641140c6dda8d7c6b21148849bcfbba81eaa22d40e06a7a62df99f25
                                                                            • Instruction ID: 86f61d8055e109282edc86d71da68c4b9411098e8e9d655f9cead944db9aee7f
                                                                            • Opcode Fuzzy Hash: 700e6493641140c6dda8d7c6b21148849bcfbba81eaa22d40e06a7a62df99f25
                                                                            • Instruction Fuzzy Hash: 7FF1E362B1A68745EB688B51A430BFD2791BFC6B84F844036DEAD073EECE3DE5448740
                                                                            Function 00007FFDFB8E24D0 Relevance: 14.4, APIs: 5, Strings: 3, Instructions: 442COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: memcpy$abort
                                                                            • String ID: Assertion %s failed at %s:%d$ret >= 0$src/libavutil/imgutils.c
                                                                            • API String ID: 3629556515-2504023021
                                                                            • Opcode ID: 2312a6da2723e7e0594906141bd6e79322ef9e88a15247b0ee1471fd6e159ad7
                                                                            • Instruction ID: 939038c4caf1b99997b6f846d1a252911c5eb5b45be66c05bb4e4dd595fdfb2a
                                                                            • Opcode Fuzzy Hash: 2312a6da2723e7e0594906141bd6e79322ef9e88a15247b0ee1471fd6e159ad7
                                                                            • Instruction Fuzzy Hash: 0502F032B1968286E768DF55E460BAEB7A0FBC9784F544135DA9D43BA8DF3CE441CB00
                                                                            Function 00007FFE1A466CBC Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908801755.00007FFE1A461000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908785930.00007FFE1A460000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908817635.00007FFE1A468000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908834726.00007FFE1A46C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffe1a460000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                            • String ID:
                                                                            • API String ID: 313767242-0
                                                                            • Opcode ID: 13250969f5b2de30470bf22d6d750f243ba906d20c34ed2405166bb0a67cfad5
                                                                            • Instruction ID: deeaf39383fe75e5072af01ba9b902f50f58d950a9d6d435f9b44e867739424b
                                                                            • Opcode Fuzzy Hash: 13250969f5b2de30470bf22d6d750f243ba906d20c34ed2405166bb0a67cfad5
                                                                            • Instruction Fuzzy Hash: 41314972708E8186EB608F62E8403FD7371FB84B54F4444BADA5D47AA9EF38C558C710
                                                                            Function 00007FF63DD93C5C Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1903087180.00007FF63DD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF63DD90000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1903060811.00007FF63DD90000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1903107554.00007FF63DD95000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1903135413.00007FF63DD96000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1903225542.00007FF63DD99000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ff63dd90000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                            • String ID:
                                                                            • API String ID: 313767242-0
                                                                            • Opcode ID: 8e29f9cfb3282d508510f87b074f2afb23630758b427b43b81c2847ae2e7d6a0
                                                                            • Instruction ID: daf429dd0dc8b5ec9e69c4906985f16d92ac48ee46483d87630fa11a7035c8ca
                                                                            • Opcode Fuzzy Hash: 8e29f9cfb3282d508510f87b074f2afb23630758b427b43b81c2847ae2e7d6a0
                                                                            • Instruction Fuzzy Hash: 34316272A09B8586EB609FA0E8603ED7364FB84744F44413ADB4E87B99EF3DD548D710
                                                                            Function 00007FFDFB8E5980 Relevance: 12.7, APIs: 2, Strings: 5, Instructions: 408COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: abort
                                                                            • String ID: ?$Assertion %s failed at %s:%d$[$cnt >= 0$src/libavutil/lzo.c
                                                                            • API String ID: 4206212132-2884727783
                                                                            • Opcode ID: 7011ca950fc2a7db3eb286879491971854b83ca07a450eddb1490616219303e7
                                                                            • Instruction ID: 09fe6ed41b76875f8d01fa248f5ebf6ed7be7d0f39c076b85fddcd8630601946
                                                                            • Opcode Fuzzy Hash: 7011ca950fc2a7db3eb286879491971854b83ca07a450eddb1490616219303e7
                                                                            • Instruction Fuzzy Hash: EAE12772B2F66381E7688B518574BB92A92BBC4780F958131CE2D077E8EE7DE605D700
                                                                            Function 00007FFDFB8CBE20 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 216COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: abort
                                                                            • String ID: Assertion %s failed at %s:%d$ambisonic %d$channel_layout->order == AV_CHANNEL_ORDER_CUSTOM$src/libavutil/channel_layout.c
                                                                            • API String ID: 4206212132-610793534
                                                                            • Opcode ID: 4154b1103f2502a80824f1cfea4b5c08add524b0e9befcb9efd5374d9646e1ef
                                                                            • Instruction ID: 48a9b953711e31c33973bed4434ce41b00bf646abba7bdde7dc2ada8eb9ff679
                                                                            • Opcode Fuzzy Hash: 4154b1103f2502a80824f1cfea4b5c08add524b0e9befcb9efd5374d9646e1ef
                                                                            • Instruction Fuzzy Hash: 10715AE3F3A81B03E7254734D8217745281ABD4760F4CD232E91AD2BD9EA2DE9818B01
                                                                            Function 00007FFDFB9446C0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 85COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: abort
                                                                            • String ID: (state[4] & 3) == 3$Assertion %s failed at %s:%d$n$src/libavutil/utils.c
                                                                            • API String ID: 4206212132-3394967418
                                                                            • Opcode ID: f745146a8868629358c2eef4edc24f02b811a2bcba902581bbe48fb0424e79ec
                                                                            • Instruction ID: cbc65e533f8344899968e0c31cffd7cbe2d101a505f5829221556654227defc1
                                                                            • Opcode Fuzzy Hash: f745146a8868629358c2eef4edc24f02b811a2bcba902581bbe48fb0424e79ec
                                                                            • Instruction Fuzzy Hash: A9215F73B2E98385F7105A38987067E3291AB43B65F958332E539866FCCE3CD7868500
                                                                            Function 00007FFDFB8CBA70 Relevance: 7.8, Strings: 6, Instructions: 250COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: %d channels$%d channels ($@%s$AMBI%d$NONE$USR%d
                                                                            • API String ID: 0-1306170362
                                                                            • Opcode ID: b58385b35ee8c0576a5674ace7b060eb4fb2608f8c8b053f2f6c87950b102242
                                                                            • Instruction ID: 29fe55fcf011ff7ba65205e4109db1ff52d66ced1f07051676b9e27d922577cf
                                                                            • Opcode Fuzzy Hash: b58385b35ee8c0576a5674ace7b060eb4fb2608f8c8b053f2f6c87950b102242
                                                                            • Instruction Fuzzy Hash: E291E2EAF2A96B42EB248715D860E752645AFC4B90F84C033CD2D57AEECE3CE9418740
                                                                            Function 00007FFDFB96DAA0 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 331COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: pow
                                                                            • API String ID: 0-2276729525
                                                                            • Opcode ID: 4e4d1c9717f4655b5bbf70594396bdc5da546f85907a2c9caf3bda01d7e980ea
                                                                            • Instruction ID: cac0c74831f3988f2fe2736fc40152d082cd8678c27854fceac38a4a5baaf904
                                                                            • Opcode Fuzzy Hash: 4e4d1c9717f4655b5bbf70594396bdc5da546f85907a2c9caf3bda01d7e980ea
                                                                            • Instruction Fuzzy Hash: 54D1E922F1EA4749E72256355430F7A7616EF56380F20A332E9BD7A1FDEF6CB4819140
                                                                            Function 00007FFDFB905B00 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 253COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: abort
                                                                            • String ID: '$Assertion %s failed at %s:%d$src/libavutil/tx.c
                                                                            • API String ID: 4206212132-3565471776
                                                                            • Opcode ID: ec47289fc772912451eea82ccb2b1043ae62ca5012e7b26885c9d820250d193f
                                                                            • Instruction ID: 9e5cbe3c514bc3802939247ad1846d509b5508d43c74a520cbe987660ee1a9a8
                                                                            • Opcode Fuzzy Hash: ec47289fc772912451eea82ccb2b1043ae62ca5012e7b26885c9d820250d193f
                                                                            • Instruction Fuzzy Hash: 57A10876B0A68286D764CF28E490769B7E1F7887D4F585035DA9E437A8DF3DE844CB00
                                                                            Function 00007FFDFB8CD5C0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 79COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: Process$AffinityCurrentMask
                                                                            • String ID: detected %d logical cores$overriding to %d logical cores
                                                                            • API String ID: 1231390398-3421371979
                                                                            • Opcode ID: 2e9904b101b569c18024893eab007079966040748388d549111c530203c0def7
                                                                            • Instruction ID: 7a40750d375c7ee8d59f355b18e310cadedc1bfa33c72baa4cd77f347d207181
                                                                            • Opcode Fuzzy Hash: 2e9904b101b569c18024893eab007079966040748388d549111c530203c0def7
                                                                            • Instruction Fuzzy Hash: F321C7E3B2A90703E7144B29EC21B6512917B98764B4DD136DD1EC7BA9ED3CE605C341
                                                                            Function 00007FFDFB8C1C30 Relevance: 4.2, APIs: 3, Instructions: 497COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: memcpy
                                                                            • String ID:
                                                                            • API String ID: 3510742995-0
                                                                            • Opcode ID: 403baa3e1a488a5a0e7543da01e81e3aaffd6a2fe1ed6e15f3cbc0658172d83e
                                                                            • Instruction ID: 7282c9802700925bfffba4f146da77ff7faf9ce652b91ce77c8f9a48eecb45da
                                                                            • Opcode Fuzzy Hash: 403baa3e1a488a5a0e7543da01e81e3aaffd6a2fe1ed6e15f3cbc0658172d83e
                                                                            • Instruction Fuzzy Hash: 9032E4B2A1D7C186D7658B25E8507FEBBA0F795384F058126DBD943BAACB3CE164C700
                                                                            Function 00007FFDFB970640 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 155COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: _errno
                                                                            • String ID: __powi
                                                                            • API String ID: 2918714741-2331859415
                                                                            • Opcode ID: 1ed4b1acd7149e56c63c0e5b63662fa1acdc3d18d69be49f294a8596855a1eb9
                                                                            • Instruction ID: b77845cab2ff43b347b6fa879a24bb0ad3c3eab31f496dbc62f404115c8a5029
                                                                            • Opcode Fuzzy Hash: 1ed4b1acd7149e56c63c0e5b63662fa1acdc3d18d69be49f294a8596855a1eb9
                                                                            • Instruction Fuzzy Hash: 94518110F1F64785FB568B246C70B762394EFA6788E249336D83DAA4F8EF2D7C818500
                                                                            Function 00007FFDFB8C3B87 Relevance: 3.5, APIs: 2, Instructions: 484COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 238db13e466d98e71d78f61cae172d4804caeca104bc3b3bb4d467ddbb97d8ec
                                                                            • Instruction ID: 5f8ce7ae0723045f8204f7978ae093e120430faf6cf073911ac2a1f733fddf9a
                                                                            • Opcode Fuzzy Hash: 238db13e466d98e71d78f61cae172d4804caeca104bc3b3bb4d467ddbb97d8ec
                                                                            • Instruction Fuzzy Hash: 3D22AFE2B1E6D685D7208B15A020BBAB7A1FB85B84F544136DAAD577EDCF3CE484C700
                                                                            Function 00007FFDFB8CB030 Relevance: 3.1, APIs: 2, Instructions: 87stringCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: _errnomemcmpstrlenstrtol
                                                                            • String ID:
                                                                            • API String ID: 1078869015-0
                                                                            • Opcode ID: 4e62ed5a4916453a6424c7a293e756ef9a25259ab9570582f9bd8a4894d05afe
                                                                            • Instruction ID: f6d7b807b8c2799aa9d1e409d850d60b0b9f9e0501ec5f87e2627370746ca7c3
                                                                            • Opcode Fuzzy Hash: 4e62ed5a4916453a6424c7a293e756ef9a25259ab9570582f9bd8a4894d05afe
                                                                            • Instruction Fuzzy Hash: 7821B2E7F2A90647EB5C8A25DC2233952C2A7D4770F4CC13ADE1AC67D9E93C99918701
                                                                            Function 00007FFDFB969720 Relevance: 3.0, APIs: 2, Instructions: 39timeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: Time$FileInformationSystemZone
                                                                            • String ID:
                                                                            • API String ID: 2921752741-0
                                                                            • Opcode ID: a6735fc188ae2be04b6747e7321527e39212664d39bbfa2ed8a26b191bdbbc72
                                                                            • Instruction ID: ff78f780ae410ceebf1945f88554ab39bc78cf60e9c1490ae89c7b974344582e
                                                                            • Opcode Fuzzy Hash: a6735fc188ae2be04b6747e7321527e39212664d39bbfa2ed8a26b191bdbbc72
                                                                            • Instruction Fuzzy Hash: 7E01F1B2B1854246DF688F20F420779B292AB58794F48C131DAAE8A7E8EE3CD444C700
                                                                            Function 00007FFDFB906350 Relevance: 1.7, Strings: 1, Instructions: 449COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: %i:
                                                                            • API String ID: 0-3112360579
                                                                            • Opcode ID: 56225696255aec5cf75f5aaaa0dab9d34a63c7dc86180539428f912345232fc3
                                                                            • Instruction ID: 00dff66329e61625210a26b9dce81dbd9769b021711ee7ce525288d1f15fa47f
                                                                            • Opcode Fuzzy Hash: 56225696255aec5cf75f5aaaa0dab9d34a63c7dc86180539428f912345232fc3
                                                                            • Instruction Fuzzy Hash: 1D02BE7AB0A75286DB248F28C820A7C73A4FB44B88F594135CABD077E8DF79E951C740
                                                                            Function 00007FFDFB905350 Relevance: 1.6, Strings: 1, Instructions: 329COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID: 0-399585960
                                                                            • Opcode ID: 32d18d1ae2b9536030ec3fb165465a0a39662cd1298dc4829aec3954e2195451
                                                                            • Instruction ID: 1cf4b96d36b362a286550f95fc50c30362e84e05281a7903793f603b800c3a86
                                                                            • Opcode Fuzzy Hash: 32d18d1ae2b9536030ec3fb165465a0a39662cd1298dc4829aec3954e2195451
                                                                            • Instruction Fuzzy Hash: CCE1A036B1968687E7208F26E4A0BAA7764FB847C4F554036DF9D43BA9DF39E441CB00
                                                                            Function 00007FFDFB944840 Relevance: 1.4, Strings: 1, Instructions: 151COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: 0123456789abcdef
                                                                            • API String ID: 0-1757737011
                                                                            • Opcode ID: 067b04213758aebbec89ab64825b0ea9af463173314dc67680d0fe0a86fcad37
                                                                            • Instruction ID: 09c132fce7c334eabf5bed20d190b502abebeef2d6d005044d4c584b79eeac65
                                                                            • Opcode Fuzzy Hash: 067b04213758aebbec89ab64825b0ea9af463173314dc67680d0fe0a86fcad37
                                                                            • Instruction Fuzzy Hash: B861B8977292F19DD72247A9A810F9CBE56D266B45F1D4289D7C10BF93C212C0B2FB21
                                                                            Function 00007FFDFB8CB150 Relevance: 1.4, Strings: 1, Instructions: 147COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: %d channels
                                                                            • API String ID: 0-1351059727
                                                                            • Opcode ID: fb37549d1e1a87d1845128c91bcf027e9804e02a172115fddd54d2ad187c1367
                                                                            • Instruction ID: d51f2c02fb0ebf867a551c9cce6a9e1f4dbe42cfca360146d5c613cce1f183fb
                                                                            • Opcode Fuzzy Hash: fb37549d1e1a87d1845128c91bcf027e9804e02a172115fddd54d2ad187c1367
                                                                            • Instruction Fuzzy Hash: 8741E3E7F2A81B02EB158B55FC21E754242ABD47B5F88D032DD1986BADED3C9586C301
                                                                            Function 00007FFDFB902B60 Relevance: 1.4, Strings: 1, Instructions: 118COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: %02u:%02u:%02u%c%02u
                                                                            • API String ID: 0-3773705257
                                                                            • Opcode ID: 05e44b18eb7a4dcf895f83e0c2975131c3305643ef67c3862a7710349e35a628
                                                                            • Instruction ID: 1fc9c71983ace37fccd81659753d1e3140dcf6eaca8889fa2d22a81858c883d1
                                                                            • Opcode Fuzzy Hash: 05e44b18eb7a4dcf895f83e0c2975131c3305643ef67c3862a7710349e35a628
                                                                            • Instruction Fuzzy Hash: A9317CB7F2A5664AE7659E359840B6A3643F7447C9F8C8230ED5A4B7DCE93CE948C300
                                                                            Function 00007FFDFB8CE9A0 Relevance: 1.4, Strings: 1, Instructions: 100COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: 9%lld
                                                                            • API String ID: 0-1067827528
                                                                            • Opcode ID: 4bf4b89b430cf95bf7994c152801e5258dcff788620b942f10691eac737950a8
                                                                            • Instruction ID: 620f9adb93a149e203ff8bbb8c7502cef3a5db6aab7eb42dbf5e4c3a0eef2b87
                                                                            • Opcode Fuzzy Hash: 4bf4b89b430cf95bf7994c152801e5258dcff788620b942f10691eac737950a8
                                                                            • Instruction Fuzzy Hash: F73125E373594143E747CEA6A8656E92352F38978AFC4A032FE0B97348E67DDD05D100
                                                                            Function 00007FFDFB8CE820 Relevance: 1.3, Strings: 1, Instructions: 97COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: 9%lld
                                                                            • API String ID: 0-1067827528
                                                                            • Opcode ID: b7dcea320b78e429be7da6e3a51ac97eece9d04196250d78cf97526035406e98
                                                                            • Instruction ID: f0a49f26c87231a8dd28f18eb6b575185716d152e0d2cdd8974462b4852cd95a
                                                                            • Opcode Fuzzy Hash: b7dcea320b78e429be7da6e3a51ac97eece9d04196250d78cf97526035406e98
                                                                            • Instruction Fuzzy Hash: 0831D7A373195143E752CEA6A4616E92751F38D78AFC4A032FE0BD7748EA79DD0AD200
                                                                            Function 00007FFDFB902CC0 Relevance: 1.3, Strings: 1, Instructions: 69COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: %02u:%02u:%02u%c%02u
                                                                            • API String ID: 0-3773705257
                                                                            • Opcode ID: fdd9d13a151395552cd65e209512f394c3a647e9cf21eb926f75bca4cb5d8e29
                                                                            • Instruction ID: 166b211653211e03de0795213c6bd3bbaa219b84058f39ecd866ce18dd9f4888
                                                                            • Opcode Fuzzy Hash: fdd9d13a151395552cd65e209512f394c3a647e9cf21eb926f75bca4cb5d8e29
                                                                            • Instruction Fuzzy Hash: 2F110D73638455469B49DB2A8821BA97691F390BC4BC85235E99BCF398DD3CDB49C700
                                                                            Function 00007FFDFB8CB6A0 Relevance: 1.3, Strings: 1, Instructions: 67COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: front left
                                                                            • API String ID: 0-959785498
                                                                            • Opcode ID: 23cad181ecbb07febb14ec29e22a05d1089456614179c0b502e2ad97e0cb5eae
                                                                            • Instruction ID: 71520cc9828442ec85daa093186cda10e78b6710322237df1d8f13152b746e58
                                                                            • Opcode Fuzzy Hash: 23cad181ecbb07febb14ec29e22a05d1089456614179c0b502e2ad97e0cb5eae
                                                                            • Instruction Fuzzy Hash: 7411E7D7F3696F43EB20472DCC01B6401C293D576179CE132EC19C2B98EC3DE6428642
                                                                            Function 00007FFDFB8E87F0 Relevance: 1.3, APIs: 1, Instructions: 66COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: memset
                                                                            • String ID:
                                                                            • API String ID: 2221118986-0
                                                                            • Opcode ID: 30d0097c098d0a2c9e6ec4e870c0f712385f61fe009233d20c93c0c5dbd3fad9
                                                                            • Instruction ID: 4225f9b00bcbe443cb0b98ee36a67f47a73a4fe82ad2676ecd2c5ffbaa0cb931
                                                                            • Opcode Fuzzy Hash: 30d0097c098d0a2c9e6ec4e870c0f712385f61fe009233d20c93c0c5dbd3fad9
                                                                            • Instruction Fuzzy Hash: 0311B2A2711B4C42AD08C7AAA8B68B9929AA3ADFD4718F032CE0D4B354DD3CE091C340
                                                                            Function 00007FFDFB8F4920 Relevance: 1.0, Instructions: 994COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: e651fe4c88c82812c6238caf3bdcde6ab459b46390ea8f8b4a9699f07545262f
                                                                            • Instruction ID: 1bda1fb4674d5b31257bf7ffee1b08a0ed086879fa134946f1178f46d8c42b44
                                                                            • Opcode Fuzzy Hash: e651fe4c88c82812c6238caf3bdcde6ab459b46390ea8f8b4a9699f07545262f
                                                                            • Instruction Fuzzy Hash: 6572EAB7B251204BE354CF2AE844E46BB92F7D8748B56A114EE56E7F04D23DEA06CF40
                                                                            Function 00007FFDFB8F3C00 Relevance: 1.0, Instructions: 989COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: f1d4f91dbcd3920678f56ce2ea7d672d73a39a89e5afe551f032633b1d0d58bd
                                                                            • Instruction ID: 964c822f9f187339aa42b2d0479b64a4cd5d221fa53f8ffe4ad9e35da9718a6b
                                                                            • Opcode Fuzzy Hash: f1d4f91dbcd3920678f56ce2ea7d672d73a39a89e5afe551f032633b1d0d58bd
                                                                            • Instruction Fuzzy Hash: A0720977B282244B9318CF26E809D4AB796F7D4704B469128EF16D7F08E67DEA058F84
                                                                            Function 00007FFDFB8E3580 Relevance: .7, Instructions: 727COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a118a507555301ea384540139cf8e1fb3b65300ff54bfeb7e4b20e0f2e86e279
                                                                            • Instruction ID: 852c32b9953ec21700d980fc1e6038937d7a5e801956d0a3e002a1293e7a34f2
                                                                            • Opcode Fuzzy Hash: a118a507555301ea384540139cf8e1fb3b65300ff54bfeb7e4b20e0f2e86e279
                                                                            • Instruction Fuzzy Hash: 21520C5372D2A287E3644BA9A400B3EF6E1F7D4781F149125EAD983BE9E73CD540DB10
                                                                            Function 00007FFDFB8E6820 Relevance: .6, Instructions: 593COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 36dddfe8cf3ff9be88c3b72cff50abe549f3a298be1906c93472ea6cf2cfdb2f
                                                                            • Instruction ID: d6d88f746a4ae50c28d8098f9138b2af90f153be50452b50ae4d3fb19734729a
                                                                            • Opcode Fuzzy Hash: 36dddfe8cf3ff9be88c3b72cff50abe549f3a298be1906c93472ea6cf2cfdb2f
                                                                            • Instruction Fuzzy Hash: AC12B377B6016047D76CCF36E816F993796E399758389E12C9A02D7F08DA3DD90ACB80
                                                                            Function 00007FFDFB903560 Relevance: .5, Instructions: 518COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 8160ea691a23e1b632a407eca822979379531e44aeec8686b9d2442b5e3ae57d
                                                                            • Instruction ID: 39c8bcb51add3726d2edab8c7187519a14d4a064d2391af3c8f7b97873896294
                                                                            • Opcode Fuzzy Hash: 8160ea691a23e1b632a407eca822979379531e44aeec8686b9d2442b5e3ae57d
                                                                            • Instruction Fuzzy Hash: 7822837672EA4682DB60DF26E454D2A7365FB88FC4B598139DFAD8B798DF38D4009300
                                                                            Function 00007FFDFB90CBE0 Relevance: .5, Instructions: 505COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: ff40ba625cf61736bb64c8bdf5840a366f4253e3d55665abfb5f43b414cbf64c
                                                                            • Instruction ID: bbe0e5525d2b9381ac2a7bf08bf52d8b1fbacf227c80fb818b16a36da1f8c08a
                                                                            • Opcode Fuzzy Hash: ff40ba625cf61736bb64c8bdf5840a366f4253e3d55665abfb5f43b414cbf64c
                                                                            • Instruction Fuzzy Hash: FC22D562E29F904EC353CE75945223A6B58BFA73C4B41E313EE5B76B61DB35E1878200
                                                                            Function 00007FFDFB8F09B0 Relevance: .5, Instructions: 497COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 5d0debf0142da6a9273804bc82d00e17f960341957d4bf9a7368440b236c8168
                                                                            • Instruction ID: 997c3dd14e1d13a7656a7e0a3c11de3ada5be3a12d81f12b6a08bd3a15bd4554
                                                                            • Opcode Fuzzy Hash: 5d0debf0142da6a9273804bc82d00e17f960341957d4bf9a7368440b236c8168
                                                                            • Instruction Fuzzy Hash: 4D02F172F2A6C6CAEB744F50A521E7C7FA0FB90B45F459039C75E13BD8DA28AD159300
                                                                            Function 00007FFDFB922B80 Relevance: .5, Instructions: 495COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 5050afa32f6ddfb6a114996f9f218715255f7c7b544984919c9caa6235c0bb16
                                                                            • Instruction ID: 6e6a13050bff6d7fc7e98d5e25d86db8b109a66aa31b16d51c15ba8e6a754126
                                                                            • Opcode Fuzzy Hash: 5050afa32f6ddfb6a114996f9f218715255f7c7b544984919c9caa6235c0bb16
                                                                            • Instruction Fuzzy Hash: C9220532E29A8C47D712CA7794811797B10FFAE7C4B69DB16EE05727A2DB34F1889700
                                                                            Function 00007FFDFB8C7260 Relevance: .5, Instructions: 471COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 81a7950f2253a1c48c8c137fbc100e25f2fe9e5a0653b74c0b8ed70f9fb77fc6
                                                                            • Instruction ID: 488e457fb0fe294c595c239cdb1f51d67f26a972e67f2aadd8203cf09d524de0
                                                                            • Opcode Fuzzy Hash: 81a7950f2253a1c48c8c137fbc100e25f2fe9e5a0653b74c0b8ed70f9fb77fc6
                                                                            • Instruction Fuzzy Hash: 0E1284732108148BD391CF5EE8C0E5DB7D1F798B4EB629324EB4693B61D632A863D790
                                                                            Function 00007FFDFB8F1160 Relevance: .3, Instructions: 310COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 6f7b787218cfe6dc98328e18f40f484bb36194aafcb0adaf6dc1dee95f7ee729
                                                                            • Instruction ID: 725fb493dcc25dff5fd0d4e4e2f0bb5c8d98383d99d11fcebafdcc5015abd8fd
                                                                            • Opcode Fuzzy Hash: 6f7b787218cfe6dc98328e18f40f484bb36194aafcb0adaf6dc1dee95f7ee729
                                                                            • Instruction Fuzzy Hash: F5B1F3B3F2A6C286DB709B54A052E7D7FA0FFA0744F459035CB5A53BD8E738A9159300
                                                                            Function 00007FFDFB8C9D50 Relevance: .3, Instructions: 304COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 1b431d04f8cfd326d065826c0ea4a07768d4831b2dc7686569c959b8d95ae5da
                                                                            • Instruction ID: 03bbc64a3b0ed63f2faae3ad777d1c1656dcde94137a58067a1cd9c8e0acccc1
                                                                            • Opcode Fuzzy Hash: 1b431d04f8cfd326d065826c0ea4a07768d4831b2dc7686569c959b8d95ae5da
                                                                            • Instruction Fuzzy Hash: CFB109927195C15AEB198B769820AFB6BA0EB5DBC4F45E072DFDD4B78ACD2CD244C300
                                                                            Function 00007FFDFB8CA520 Relevance: .3, Instructions: 299COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: bd04e1f6e5b77fd235431d6daf680498f867f8c369b5541b7e47b1bcb3da3638
                                                                            • Instruction ID: 7020fdc7796e386a3197b6bbadd84d2437dcd0b9def3007740305aaca99f0ca3
                                                                            • Opcode Fuzzy Hash: bd04e1f6e5b77fd235431d6daf680498f867f8c369b5541b7e47b1bcb3da3638
                                                                            • Instruction Fuzzy Hash: DFB1BD735006588FD348DF6AD95843E3BA2F7D8B59B9B0229DB4317390EB70A825DB90
                                                                            Function 00007FFDFB8CA1B0 Relevance: .3, Instructions: 293COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: c26bc9e0afa6a36dad590029bfac38e6475024b67d277dcd255fc33b8d7af121
                                                                            • Instruction ID: 3fdbfbbdc3424e0077fe9e936321c637902623858bab7ab18d9b34922051c50d
                                                                            • Opcode Fuzzy Hash: c26bc9e0afa6a36dad590029bfac38e6475024b67d277dcd255fc33b8d7af121
                                                                            • Instruction Fuzzy Hash: 8BB16F33A005A48BD788DF6ED8A887D37A3E7C871179BC32AD74553389DA746809DBD0
                                                                            Function 00007FFDFB8E2F20 Relevance: .3, Instructions: 274COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 99f169184c6d2b13734529f87c174bec29b0316c2a188a1d7a05902af3d816c2
                                                                            • Instruction ID: c5fb8787accd7c03591df5b6d29579586cc0d002a1b986e0b59a3f630a074c3c
                                                                            • Opcode Fuzzy Hash: 99f169184c6d2b13734529f87c174bec29b0316c2a188a1d7a05902af3d816c2
                                                                            • Instruction Fuzzy Hash: 29914891B3E16343F76E87C99411F3AA591EF90BC1F84A534DD9A477E8D62EEE408700
                                                                            Function 00007FFDFB8C6E70 Relevance: .2, Instructions: 220COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: c8a701fd31c154d2dc192229eb25d8d25638208f0de1ecaa09b169f4e8a8f8eb
                                                                            • Instruction ID: 5ecff00a341bd34dbe8412c3541c4df4444f7e048cbc0b7a87d7250357c9fd73
                                                                            • Opcode Fuzzy Hash: c8a701fd31c154d2dc192229eb25d8d25638208f0de1ecaa09b169f4e8a8f8eb
                                                                            • Instruction Fuzzy Hash: 45A130720198148BE34BCF5E948021EB3E1FB48A9FB616710EF4F87661D636AE63D750
                                                                            Function 00007FFDFB9044D0 Relevance: .2, Instructions: 203COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 90b32cb7f7fc63c6fb00127071f37436bbba4780064a9dd077ecd279716693df
                                                                            • Instruction ID: 216a7fd857389d36271781cbb2ebce394ca801ae3f8661dffa4c2e01d95ad107
                                                                            • Opcode Fuzzy Hash: 90b32cb7f7fc63c6fb00127071f37436bbba4780064a9dd077ecd279716693df
                                                                            • Instruction Fuzzy Hash: 3E91E1271082E0AED306CF3A96549AE7FE0F71E788B9AD151DBD54BB47C238E612D710
                                                                            Function 00007FFDFB8C9A50 Relevance: .2, Instructions: 198COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 76ca8846758f7279c89c706cb55d4a6c794990205b94bc84ef3eb9dab7f83264
                                                                            • Instruction ID: 3b53d339feeefd14c1c35db466f0e2d16619494ca1293b5efc22873f8eea53b7
                                                                            • Opcode Fuzzy Hash: 76ca8846758f7279c89c706cb55d4a6c794990205b94bc84ef3eb9dab7f83264
                                                                            • Instruction Fuzzy Hash: DE617ED27264A686EF999B36CD717AA13917B8CBC0F81B832DD4D87399DD28D844C341
                                                                            Function 00007FFDFB8F30A0 Relevance: .2, Instructions: 170COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a01a8d336d240b66a520b8f76eca36f64ac119a91bb538f3d36a02399c46787c
                                                                            • Instruction ID: 820ad245ff257483318939df850e84fa9ddcc1c88169ce5b24c03cbeea31248c
                                                                            • Opcode Fuzzy Hash: a01a8d336d240b66a520b8f76eca36f64ac119a91bb538f3d36a02399c46787c
                                                                            • Instruction Fuzzy Hash: 7351F92272F7E641DA348B2A7910BA6AAC5AB98FC5F4990359D0D5FFD4EA3CE8414300
                                                                            Function 00007FFDFB8CE4C0 Relevance: .2, Instructions: 163COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 5d77631254022a2564090f98b8bfa30d20299f2ed0b727a65807a914737ba4ae
                                                                            • Instruction ID: 9dd5ab6f4f4fe5b81eb795a67175eb9d7ce45db35f8bbc0060c907579ac0d243
                                                                            • Opcode Fuzzy Hash: 5d77631254022a2564090f98b8bfa30d20299f2ed0b727a65807a914737ba4ae
                                                                            • Instruction Fuzzy Hash: 3F41CBA2F2554303FF19EA76A86543A458377C87D47049139EE1F8BBDDED38E881C240
                                                                            Function 00007FFDFB901E10 Relevance: .1, Instructions: 149COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: afccfe9f3e014e08196aad724a937f91ef825408217a78f00344b29ce58b4f81
                                                                            • Instruction ID: 51802c52df78913d751da0652ff810d70f692f3447bbe74612967e42fa0cf3d9
                                                                            • Opcode Fuzzy Hash: afccfe9f3e014e08196aad724a937f91ef825408217a78f00344b29ce58b4f81
                                                                            • Instruction Fuzzy Hash: 3E51F677B0A2D19AD7198B31A914AADBFE0F729788B488035EFD943B89C53CD551C710
                                                                            Function 00007FFDFB8CD210 Relevance: .1, Instructions: 145COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 925e7221762b452499bd5f1cd8d4647ae936fd8bfb8d6f0e8219c8ca6ea31777
                                                                            • Instruction ID: 6595ecd932c9352bfa22748cfd8e22887ba33be07bf6ca6a680c5f955490e0ed
                                                                            • Opcode Fuzzy Hash: 925e7221762b452499bd5f1cd8d4647ae936fd8bfb8d6f0e8219c8ca6ea31777
                                                                            • Instruction Fuzzy Hash: BA4126E3F2A40747E7285A39D861F3916806BA4768B08D037ED2BC77D8E92CF9424341
                                                                            Function 00007FFDFB8F2B40 Relevance: .1, Instructions: 139COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 1da0fa7538a61e1ec26d81ef3ee2e77181907d7570b22cc55868e0e260c2f721
                                                                            • Instruction ID: 16573b083ceef536962a9377327be4deca13683b5289dffda819ccdcad88ec0e
                                                                            • Opcode Fuzzy Hash: 1da0fa7538a61e1ec26d81ef3ee2e77181907d7570b22cc55868e0e260c2f721
                                                                            • Instruction Fuzzy Hash: 99413502F1A2E10BC7924EBF4DDA22DADD2158E44638CC77AA7D4C52DFD86CE60E6614
                                                                            Function 00007FFDFB8CCCE0 Relevance: .1, Instructions: 138COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 1bbb289327d116bb0d3926814ce134dcf89bf85936bb88c31896ce7583001f71
                                                                            • Instruction ID: 9d7c8d2670e8044962a8a6ebdb9013f08d2957a619f8d60d894ee8e950703bb2
                                                                            • Opcode Fuzzy Hash: 1bbb289327d116bb0d3926814ce134dcf89bf85936bb88c31896ce7583001f71
                                                                            • Instruction Fuzzy Hash: CA41E8E3F3A84603EB6C8629CC15B38518367E577174CD236D92AC6FDDE83CDA158942
                                                                            Function 00007FFDFB8F28B0 Relevance: .1, Instructions: 137COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 8289133b11807aa708dee106fcce6d7ef6ccc2dac79a51c200281d0fae8d85f5
                                                                            • Instruction ID: 0a24dedc9a0a57ffe617537608a8400275a41b98e14bb4ea312f375e18c72059
                                                                            • Opcode Fuzzy Hash: 8289133b11807aa708dee106fcce6d7ef6ccc2dac79a51c200281d0fae8d85f5
                                                                            • Instruction Fuzzy Hash: 8741A2522380F00AC76E1F3D293AA39BE92725664774EE36EFE8342AC7D41D8910A714
                                                                            Function 00007FFDFB8C13A0 Relevance: .1, Instructions: 131COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: e751435a9f45e6580fe7b108adce3f96b0c8069535fb2d3307a909beff15caba
                                                                            • Instruction ID: 819752be9f13d3f335fe19b330f13bcc4d7ab81c276277dc2cfe5cede1f7806a
                                                                            • Opcode Fuzzy Hash: e751435a9f45e6580fe7b108adce3f96b0c8069535fb2d3307a909beff15caba
                                                                            • Instruction Fuzzy Hash: EA3168D3F6126B03EF198B696C51FB498416F847D8F449232ED2E5BBC9E43CD946D200
                                                                            Function 00007FFDFB8CD030 Relevance: .1, Instructions: 127COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 66cb80125cf637f8d0b0a114fc56422192b4e9792f88120ada6a7116402668c2
                                                                            • Instruction ID: 9c6edf40ec2ec08815a69acc4b8b2e861d631e453a6d6f6686ff97897ca3c7d4
                                                                            • Opcode Fuzzy Hash: 66cb80125cf637f8d0b0a114fc56422192b4e9792f88120ada6a7116402668c2
                                                                            • Instruction Fuzzy Hash: 5E318FE7B354BA43EB7C5229C865F3805919765770B8CE03AD95AC2F81E81EE6418F42
                                                                            Function 00007FFDFB8C1990 Relevance: .1, Instructions: 120COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: f50bf9d45b07f9fed7a8078693abee7f23351cad672a747608ffeb063cebe12d
                                                                            • Instruction ID: 6942e4eb04130c4010c8e2d81fd912506f670df7da70507bf0eea88a6e6a6b7a
                                                                            • Opcode Fuzzy Hash: f50bf9d45b07f9fed7a8078693abee7f23351cad672a747608ffeb063cebe12d
                                                                            • Instruction Fuzzy Hash: BC517E73218AE28AD792DB64D498FED3BA4F719384F964471CBAC83751DBB5D890C700
                                                                            Function 00007FFDFB8C1730 Relevance: .1, Instructions: 116COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 860bab9d395cf43ed3b1cf56782110bfed2c0c3dddb8109515e6473b81413bd7
                                                                            • Instruction ID: 68e61d879d9776c4171681a46611d3a0e8b919e425fa83dae27d72fa0129fa2b
                                                                            • Opcode Fuzzy Hash: 860bab9d395cf43ed3b1cf56782110bfed2c0c3dddb8109515e6473b81413bd7
                                                                            • Instruction Fuzzy Hash: EC519F736186E186E792DB64D458FED7BA4F718384FA68071CBEC83741DBA5C990C700
                                                                            Function 00007FFDFB8E33E0 Relevance: .1, Instructions: 114COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: bf754ad211c098a8f34c6fa0d70b3b75da22e1392d81fac143d3245663dd1af9
                                                                            • Instruction ID: fdadd996ccc0a01676035228bdbc8c0989550625c35b0396e808ca87ae8204c3
                                                                            • Opcode Fuzzy Hash: bf754ad211c098a8f34c6fa0d70b3b75da22e1392d81fac143d3245663dd1af9
                                                                            • Instruction Fuzzy Hash: 1241C6E273C0B353F3364748E011D2EF7A1FB92BC5B546210DBA412EA88626D958DF20
                                                                            Function 00007FFDFB904330 Relevance: .1, Instructions: 109COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 51b6c65e6f8fbbfa1a7d368a2725116908e408c53695cc2cda4a45b28fc02054
                                                                            • Instruction ID: bfb57210ed2c1a759b3b142672ecbb497ae8d6c02706b4ec72007ccc3d915304
                                                                            • Opcode Fuzzy Hash: 51b6c65e6f8fbbfa1a7d368a2725116908e408c53695cc2cda4a45b28fc02054
                                                                            • Instruction Fuzzy Hash: F14171731046648BD301CF2AE980A5AB7E1F398B4CFA5D225DF4257356D739E907C780
                                                                            Function 00007FFDFB8CB460 Relevance: .1, Instructions: 96COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 1b83fdb0131200dfce48832797b5ce1ee65e01df28847898595a6ba08a50e8d6
                                                                            • Instruction ID: c0b5700817b06ffaa7fe4ea303d98aca630e9e9141c06c526d816d48b94963ea
                                                                            • Opcode Fuzzy Hash: 1b83fdb0131200dfce48832797b5ce1ee65e01df28847898595a6ba08a50e8d6
                                                                            • Instruction Fuzzy Hash: 15216DE7F3086A03EB68423DEC16F2404C251B977434CE136EA16C6F85F42EEA424A83
                                                                            Function 00007FFDFB8E2D20 Relevance: .1, Instructions: 93COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 9accf3f83477c77ce7ab5b6679156a875be267288f965f0b915796913070d0d7
                                                                            • Instruction ID: 7eed5754b1834e89ad7b281dee9995115732208a055216060500222a49c2bc36
                                                                            • Opcode Fuzzy Hash: 9accf3f83477c77ce7ab5b6679156a875be267288f965f0b915796913070d0d7
                                                                            • Instruction Fuzzy Hash: 1121299B7315F903FB010ABE6D056759982A188BF73499732ECA8E77CDC478DC519290
                                                                            Function 00007FFDFB8E2BF0 Relevance: .1, Instructions: 91COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a414ea0c491aecb8e1acee4f50acb857c601688e8d49eddf1fb7be55f6bcb7eb
                                                                            • Instruction ID: 7a5d0e89ee220409aea0cd3b8462f96d225d0e593cd00c887ba69c6791ff7a16
                                                                            • Opcode Fuzzy Hash: a414ea0c491aecb8e1acee4f50acb857c601688e8d49eddf1fb7be55f6bcb7eb
                                                                            • Instruction Fuzzy Hash: 7F213E9FF656BA03FB1846AF6C412786280E648BF63489732DDDDE77CAD47C890291D0
                                                                            Function 00007FFDFB8CC1A0 Relevance: .1, Instructions: 85COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 13f149c23a356f76f238516a0c29d6d6da4b78dcaf03ebe63ea6bb4be2698659
                                                                            • Instruction ID: ab69d362a7472616dabf5fea2fcd2eef93b9e7a8800332ce05b872d4123cb5cf
                                                                            • Opcode Fuzzy Hash: 13f149c23a356f76f238516a0c29d6d6da4b78dcaf03ebe63ea6bb4be2698659
                                                                            • Instruction Fuzzy Hash: F921E5FBF390A643EB754B2EE400F34154163A1BB4B98E036C91E83ED4D916DA029F02
                                                                            Function 00007FFDFB8CD700 Relevance: .1, Instructions: 77COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: b6e375ad6e9128b21d2b8073199f54bc1e05150e57f45dacb5095166fe167bd8
                                                                            • Instruction ID: 17bf9c4736cbfe81c8d7403579e5e9a14cc436657eab7f2b03fe2429e777f3e7
                                                                            • Opcode Fuzzy Hash: b6e375ad6e9128b21d2b8073199f54bc1e05150e57f45dacb5095166fe167bd8
                                                                            • Instruction Fuzzy Hash: 772124B3B708AA46D7508779E846F956990E3A1B48F98E631E725D3EC0D13EE092C740
                                                                            Function 00007FFDFB8CD8D0 Relevance: .1, Instructions: 71COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 333bc48ed0cd00a2d1b15b774f25581d7625ddc281499ec81eb7566562b50259
                                                                            • Instruction ID: 640711f3db43462fea40446be1afc9fe1b0a5b46081b5e2449f66566b8ab36ba
                                                                            • Opcode Fuzzy Hash: 333bc48ed0cd00a2d1b15b774f25581d7625ddc281499ec81eb7566562b50259
                                                                            • Instruction Fuzzy Hash: DD118EF3B324B20BD7489AB8CC163A932C2D3C8706F9CC535A755CAA89D53CE2559604
                                                                            Function 00007FFDFB8CB790 Relevance: .1, Instructions: 65COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 921da5e6bee8a79c60022e540b3013bc24987b6f10c9384b169f9994f4f13c7f
                                                                            • Instruction ID: 0ae5c0fa4c639253c05ea8e4b51e913fe10cad47cb12445546a9689ed296be73
                                                                            • Opcode Fuzzy Hash: 921da5e6bee8a79c60022e540b3013bc24987b6f10c9384b169f9994f4f13c7f
                                                                            • Instruction Fuzzy Hash: 53112AFBF3547A03EB7C025AE832F74054196B5BA898CE03EDE1B22F81E81E56404B46
                                                                            Function 00007FFDFB8CB5C0 Relevance: .1, Instructions: 65COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 48c7e682ef6fe0021f165804b69b7812e3084bd1803e36f36abadd25f99cf90a
                                                                            • Instruction ID: d428178b1f990570bef91305b3fc641c48a020df182cb99c08c3cdbff21cda9a
                                                                            • Opcode Fuzzy Hash: 48c7e682ef6fe0021f165804b69b7812e3084bd1803e36f36abadd25f99cf90a
                                                                            • Instruction Fuzzy Hash: 621182D7F3696E03EB60462DCC42B24018297E577178CE432E819C6F99E83EE6418A42
                                                                            Function 00007FFDFB8CDEF0 Relevance: .1, Instructions: 62COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 5b8c63fbc3d1884eef626a7aef42dd066a5768f9b76b144cbd0180c709170efd
                                                                            • Instruction ID: 1e81f51e0dc3e501dcfcc6f7f700a074c6dd293aad224c420436dcc1873119a2
                                                                            • Opcode Fuzzy Hash: 5b8c63fbc3d1884eef626a7aef42dd066a5768f9b76b144cbd0180c709170efd
                                                                            • Instruction Fuzzy Hash: 6C1124F2B350924BEB95A728C428EBC33D1F7C4344F858133DA06865CCD72CA841C350
                                                                            Function 00007FFDFB8CB8D0 Relevance: .1, Instructions: 54COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 87362e0b0484954b111388de62736d52838e743fda6cb01bb5a4730a87f793d9
                                                                            • Instruction ID: 0635468c725f67cbdf9ac173af362e23d02d55adb27501cd962fbfee0af82eeb
                                                                            • Opcode Fuzzy Hash: 87362e0b0484954b111388de62736d52838e743fda6cb01bb5a4730a87f793d9
                                                                            • Instruction Fuzzy Hash: 05017CE7F3286A03DB64867DCC0670400C396F877178CD031A914C6F89F83EE6458A42
                                                                            Function 00007FFDFB8CB380 Relevance: .0, Instructions: 44COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 7b36b57bc46747f380974be252968c61105f93df6c2abcd15431a709e92770c1
                                                                            • Instruction ID: 14bd2cacf1174b1c4f3da44626b05ac20a3ec18444f4115fae820648a13c1207
                                                                            • Opcode Fuzzy Hash: 7b36b57bc46747f380974be252968c61105f93df6c2abcd15431a709e92770c1
                                                                            • Instruction Fuzzy Hash: 43F0B7D7F3685A03EB5C456DDC1631401C391E823238DD13ABA47C6B8AF839EA968643
                                                                            Function 00007FFDFB8C99C0 Relevance: .0, Instructions: 30COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 3dde2236b060dd472fafee045e56aa39d7b712360777964fc0ed02c3a9815e90
                                                                            • Instruction ID: 5dd0843469ef9bb73b9f5c22db80f93ac9e6ae0c3d8e47ba6da23d9519b5fb62
                                                                            • Opcode Fuzzy Hash: 3dde2236b060dd472fafee045e56aa39d7b712360777964fc0ed02c3a9815e90
                                                                            • Instruction Fuzzy Hash: F5F0AFD9231BB64BEA15A69990D07D69721F30CBC6B70A622DE4D27375CA13A10BDA00
                                                                            Function 00007FFE13228C24 Relevance: 54.6, APIs: 3, Strings: 28, Instructions: 352COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908589897.00007FFE13221000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE13220000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908574862.00007FFE13220000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908610418.00007FFE13231000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908629237.00007FFE13236000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908644951.00007FFE13237000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffe13220000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: Name::operator+
                                                                            • String ID: volatile$<unknown>$UNKNOWN$__int128$__int16$__int32$__int64$__int8$__w64 $auto$bool$char$char16_t$char32_t$char8_t$const$decltype(auto)$double$float$int$long$long $short$signed $unsigned $void$volatile$wchar_t
                                                                            • API String ID: 2943138195-1388207849
                                                                            • Opcode ID: 34b20832b4d5a9c82cdd9a34609b0a596913eac70dfc3082442192f721d64891
                                                                            • Instruction ID: 907ca1cdfaafb60d840e88005a5128cc5dd5977b21864c4228702ffbc30296e9
                                                                            • Opcode Fuzzy Hash: 34b20832b4d5a9c82cdd9a34609b0a596913eac70dfc3082442192f721d64891
                                                                            • Instruction Fuzzy Hash: 74F19172F08E168CF734AB66EC542BC26B0BBA57A4F404575DA0D66AB8DF7CE604C340
                                                                            Function 00007FF63DD925C0 Relevance: 51.0, APIs: 6, Strings: 23, Instructions: 206COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00007FF63DD92570: printf.MSPDB140-MSVCRT ref: 00007FF63DD92587
                                                                              • Part of subcall function 00007FF63DD92530: atoi.API-MS-WIN-CRT-CONVERT-L1-1-0(?,?,?,?,00000000,00007FF63DD92617,?,?,?,00007FF63DD91BD6,?,?,?,00007FF63DD91A02), ref: 00007FF63DD92552
                                                                            • puts.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,00007FF63DD91BD6,?,?,?,00007FF63DD91A02), ref: 00007FF63DD928DF
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1903087180.00007FF63DD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF63DD90000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1903060811.00007FF63DD90000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1903107554.00007FF63DD95000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1903135413.00007FF63DD96000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1903225542.00007FF63DD99000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ff63dd90000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: atoiprintfputs
                                                                            • String ID: Invalid number of audio tracks$Invalid number of video tracks$Must have at least 1 audio track or 1 video track$audio codec$audio track count$file name$muxer settings$stream key$video bitrate$video chroma sample location$video codec$video codec tag$video color primaries$video color range$video color trc$video colorspace$video fps den$video fps num$video height$video max luminance$video track count$video width${stream_key}
                                                                            • API String ID: 3402752964-4246942696
                                                                            • Opcode ID: bbb72588bee9787a683502761444138c14bf0f1375247d53f9cdc5c5b4da8170
                                                                            • Instruction ID: 712fa551f45aea67f76ec1c808c813100bdbc308dfb82ed8768802d1142558dd
                                                                            • Opcode Fuzzy Hash: bbb72588bee9787a683502761444138c14bf0f1375247d53f9cdc5c5b4da8170
                                                                            • Instruction Fuzzy Hash: 20813C6490865A91FA94DFD1A6344F83795AF09BA4BC10232DD0D97796FF3EE30AE300
                                                                            Function 00007FF63DD91C50 Relevance: 42.2, APIs: 22, Strings: 2, Instructions: 215COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1903087180.00007FF63DD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF63DD90000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1903060811.00007FF63DD90000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1903107554.00007FF63DD95000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1903135413.00007FF63DD96000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1903225542.00007FF63DD99000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ff63dd90000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: memcpy$__acrt_iob_func__stdio_common_vfprintffclosefprintfmallocos_event_signalos_event_waitpthread_mutex_lock
                                                                            • String ID: Error allocating memory for output$Error writing to '%s', %s
                                                                            • API String ID: 2637689336-4070097938
                                                                            • Opcode ID: a31c7b85b8c0d82d0157cb35a6e72543ed071c06804e902690462ed57beb3fc0
                                                                            • Instruction ID: 2b99bfb8750cc5314ce54f33fd5e3edb6846bd8e2790f006b88d62045bf4909f
                                                                            • Opcode Fuzzy Hash: a31c7b85b8c0d82d0157cb35a6e72543ed071c06804e902690462ed57beb3fc0
                                                                            • Instruction Fuzzy Hash: 6FA16F32A09A8A85E751DFA1E4603FD7360FB88B88F440231DE8D97B59EF79D149D310
                                                                            Function 00007FFE13248C00 Relevance: 38.6, APIs: 12, Strings: 10, Instructions: 105COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908676257.00007FFE13241000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE13240000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908661283.00007FFE13240000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908699278.00007FFE13259000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908719036.00007FFE13262000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908735260.00007FFE13263000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908750918.00007FFE13266000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908767541.00007FFE13267000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffe13240000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: av_opt_set_int$av_get_channel_layout_nb_channels$av_log
                                                                            • String ID: Failed to set option$ich$icl$isf$isr$och$ocl$osf$osr$uch
                                                                            • API String ID: 2637049493-2814753009
                                                                            • Opcode ID: 0f1e360016396a0d2e4be37984f8ca9eacfdb0712dded5c64320b3a02cc610f5
                                                                            • Instruction ID: 1aa06168ee908a5478e98ef113b0b1c48c586be4dc74cd978bca1f1dc1df6b5a
                                                                            • Opcode Fuzzy Hash: 0f1e360016396a0d2e4be37984f8ca9eacfdb0712dded5c64320b3a02cc610f5
                                                                            • Instruction Fuzzy Hash: 28414FA3A09F5285FA10B762F8906E65760EFF5794F400271EE4D6BAA5FE2DE600C740
                                                                            Function 00007FFDFB8D0410 Relevance: 36.1, APIs: 24, Instructions: 131COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: _aligned_free
                                                                            • String ID:
                                                                            • API String ID: 2229574080-0
                                                                            • Opcode ID: b1b7e4f8b11abefead583c2dde418006ab1f199e84be47299285f48100eacfdc
                                                                            • Instruction ID: 477483f31d80b27316d8d75d434d2aed345d504d33830735550918148ef87cd0
                                                                            • Opcode Fuzzy Hash: b1b7e4f8b11abefead583c2dde418006ab1f199e84be47299285f48100eacfdc
                                                                            • Instruction Fuzzy Hash: 3A51FD2AB2650392DB54EB52E8A5DBE2726FFCCF44B054576DE2D573E9CE28E401C380
                                                                            Function 00007FFE1324B2B0 Relevance: 35.1, APIs: 13, Strings: 7, Instructions: 120COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908676257.00007FFE13241000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE13240000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908661283.00007FFE13240000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908699278.00007FFE13259000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908719036.00007FFE13262000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908735260.00007FFE13263000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908750918.00007FFE13266000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908767541.00007FFE13267000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffe13240000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: av_opt_set_int$av_channel_layout_from_maskav_channel_layout_uninitav_opt_set_chlayout$av_channel_layout_copy
                                                                            • String ID: Failed to set option$ichl$isf$isr$ochl$osf$osr
                                                                            • API String ID: 389780152-1201144049
                                                                            • Opcode ID: c1b362974a6b1451826b30618634720778a4b9fcb98fd731a30a779224ad2209
                                                                            • Instruction ID: b8387d25aa94a9fbf3031964b770b30108bddbf901c12e149c2ea504e2f5855c
                                                                            • Opcode Fuzzy Hash: c1b362974a6b1451826b30618634720778a4b9fcb98fd731a30a779224ad2209
                                                                            • Instruction Fuzzy Hash: 6041B1A2A08E4385FA157633A4607F71750BFB5BA8F4011B1DE4D7B2A5FE7DE204C250
                                                                            Function 00007FFDFB8F8800 Relevance: 34.6, APIs: 12, Strings: 11, Instructions: 88stringCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: strcmp
                                                                            • String ID: dbl$dblp$flt$fltp$s16$s16p$s32$s32p$s64$s64p$u8p
                                                                            • API String ID: 1004003707-1774405992
                                                                            • Opcode ID: c5f0c382e97445bf1fdad9ea523356781cb8596a76fcd8cb5a790a5f3faa4372
                                                                            • Instruction ID: 6956228aede4871605e860d78064640ff86a8648a1fa78346aed6045803238f1
                                                                            • Opcode Fuzzy Hash: c5f0c382e97445bf1fdad9ea523356781cb8596a76fcd8cb5a790a5f3faa4372
                                                                            • Instruction Fuzzy Hash: 5031C850B2E58380FFA09725ED76A751695EF90385F908432D87D8A2FDED1CED44E312
                                                                            Function 00007FFE13247650 Relevance: 33.6, APIs: 15, Strings: 4, Instructions: 309COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908676257.00007FFE13241000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE13240000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908661283.00007FFE13240000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908699278.00007FFE13259000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908719036.00007FFE13262000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908735260.00007FFE13263000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908750918.00007FFE13266000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908767541.00007FFE13267000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffe13240000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: av_freepmemcpy$av_callocav_get_bytes_per_sampleav_malloczav_reduce
                                                                            • String ID: Assertion %s failed at %s:%d$Filter length too large$Unsupported sample format$src/libswresample/resample.c
                                                                            • API String ID: 2174235161-2726094951
                                                                            • Opcode ID: c5a204f5f4996df374bfc84a6a3db035d48d9563b93a9ca167c4fa16f58e0cf6
                                                                            • Instruction ID: 3a249c2a9bfe460a2635e005d66ef590fa12492fce3346c386744c872cb08210
                                                                            • Opcode Fuzzy Hash: c5a204f5f4996df374bfc84a6a3db035d48d9563b93a9ca167c4fa16f58e0cf6
                                                                            • Instruction Fuzzy Hash: 3AD1E572908E818AD765EB2AD0403BE7394FBE5790F108376EA5A776A0DF3CD545CB00
                                                                            Function 00007FFDFB8D6890 Relevance: 31.7, APIs: 16, Strings: 2, Instructions: 201COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: _errno$ByteCharFullMultiNamePathWidewcscatwcscpywcslen$_sopen_wsopen
                                                                            • String ID: \\?\$\\?\UNC\
                                                                            • API String ID: 2611099503-3019864461
                                                                            • Opcode ID: 8b58886237893d285495af4019e8dee8374e10659ea7d6d5ad0572367657074e
                                                                            • Instruction ID: e19f50025cb8a49aec6d5e4646e769e78ba428a7fc2e8740065e8410d6d7c9f9
                                                                            • Opcode Fuzzy Hash: 8b58886237893d285495af4019e8dee8374e10659ea7d6d5ad0572367657074e
                                                                            • Instruction Fuzzy Hash: 73717225F2A64780EB649B55A824B7A26D0FFC9790F549236EA6E077FDDE7CD440C300
                                                                            Function 00007FFDFB8DE100 Relevance: 30.1, APIs: 2, Strings: 15, Instructions: 302stringCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: strtol
                                                                            • String ID: -> %s: %s$%s failed$Calling %s$Could not dynamically load CUDA$Disabling use of CUDA primary device context$Primary context already active with incompatible flags.$Using CUDA primary device context$cu->cuCtxCreate(&hwctx->cuda_ctx, desired_flags, hwctx->internal->cuda_device)$cu->cuCtxPopCurrent(&dummy)$cu->cuDeviceGet(&hwctx->internal->cuda_device, device_idx)$cu->cuDevicePrimaryCtxGetState(hwctx->internal->cuda_device, &dev_flags, &dev_active)$cu->cuDevicePrimaryCtxRetain(&hwctx->cuda_ctx, hwctx->internal->cuda_device)$cu->cuDevicePrimaryCtxSetFlags(hwctx->internal->cuda_device, desired_flags)$cu->cuInit(0)$primary_ctx
                                                                            • API String ID: 76114499-3193254869
                                                                            • Opcode ID: b1d8503496d87b39853df48a8e21de1adfc12c32e64f3833a9af2b5287376059
                                                                            • Instruction ID: 69885f6c18b09cff51d3ed6f7445c9477025935eefb600c1c8f1cfbe91f45fb4
                                                                            • Opcode Fuzzy Hash: b1d8503496d87b39853df48a8e21de1adfc12c32e64f3833a9af2b5287376059
                                                                            • Instruction Fuzzy Hash: 40D14F2571AA4391EB589B61E420BBA2361FB88798F909533DE2E177F8DF3DE445C340
                                                                            Function 00007FFDFB8C8700 Relevance: 28.9, APIs: 12, Strings: 7, Instructions: 414stringCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: strchr
                                                                            • String ID: $&amp;$&apos;$&gt;$&lt;$&quot;$'\''
                                                                            • API String ID: 2830005266-2908976646
                                                                            • Opcode ID: 58878a93e8017a577d70043575bf448a998ddca24cee1ed7eb6ac7db7c468040
                                                                            • Instruction ID: 4262e56ea72ea37831f20b15ab4ab9c45ed0ad9672c8d852ef22f058590e093e
                                                                            • Opcode Fuzzy Hash: 58878a93e8017a577d70043575bf448a998ddca24cee1ed7eb6ac7db7c468040
                                                                            • Instruction Fuzzy Hash: DEE19DD4BBF66344FB6497125471BBA1681AFC2B85F884037CD2D0A6FECE2EA5458342
                                                                            Function 00007FFDFB8D0BA0 Relevance: 28.6, APIs: 19, Instructions: 115COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: _aligned_free
                                                                            • String ID:
                                                                            • API String ID: 2229574080-0
                                                                            • Opcode ID: d09f3d952e3eb66ce5eccd33bd3b0168fb06931170680be69507253bbd36f74d
                                                                            • Instruction ID: 473c9b62c43b4c9bf76b374b705dda491f241fdf2561a093d04b186793f2cefd
                                                                            • Opcode Fuzzy Hash: d09f3d952e3eb66ce5eccd33bd3b0168fb06931170680be69507253bbd36f74d
                                                                            • Instruction Fuzzy Hash: B2412D2AB2A50392DB54EB52E8B5C7A2315FFCCB44B424576DD2D572E9CE28E441C380
                                                                            Function 00007FFE1322C3C8 Relevance: 28.3, APIs: 15, Strings: 1, Instructions: 288COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908589897.00007FFE13221000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE13220000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908574862.00007FFE13220000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908610418.00007FFE13231000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908629237.00007FFE13236000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908644951.00007FFE13237000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffe13220000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: Name::operator+
                                                                            • String ID: `anonymous namespace'
                                                                            • API String ID: 2943138195-3062148218
                                                                            • Opcode ID: c36001f134547c1fc12f70ffa9b86d35a9d04869d0c52a2f257cd9dd74f3dfc9
                                                                            • Instruction ID: 01316fc20914404799690041fffbf102f55ca7866bb58c82fca3713aa568af64
                                                                            • Opcode Fuzzy Hash: c36001f134547c1fc12f70ffa9b86d35a9d04869d0c52a2f257cd9dd74f3dfc9
                                                                            • Instruction Fuzzy Hash: F7E17D72A08F8299EB20EF66E8801ED77A4FBA87A4F404175EB4D27B65DF38D554C700
                                                                            Function 00007FFDFB8D6650 Relevance: 24.6, APIs: 10, Strings: 4, Instructions: 111fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: ByteCharFileFullMultiNamePathWide_close_errno$CloseCreateHandleMappingView_fstat64_get_osfhandle_sopen_wsopenwcslen
                                                                            • String ID: Cannot read file '%s': %s$Error occurred in CreateFileMapping()$Error occurred in MapViewOfFile()$Error occurred in fstat(): %s
                                                                            • API String ID: 741575255-3109280323
                                                                            • Opcode ID: 7267cfeadb9c871bf9fb2dec6a57e72c4003b2fad726f8657ee3e356bb816377
                                                                            • Instruction ID: 341ebfc075ac4957b8fa3abafddefb41f4763dc5a7ff40d51025938d1e3871fe
                                                                            • Opcode Fuzzy Hash: 7267cfeadb9c871bf9fb2dec6a57e72c4003b2fad726f8657ee3e356bb816377
                                                                            • Instruction Fuzzy Hash: 7C415061B2AB4B82EB549B51E820FBA6294FF88798F444136D96E07BE8DF7CD4058740
                                                                            Function 00007FF63DD91A40 Relevance: 24.6, APIs: 9, Strings: 5, Instructions: 87stringCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • strncmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF63DD91A6D
                                                                              • Part of subcall function 00007FF63DD92030: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF63DD923A2), ref: 00007FF63DD9204A
                                                                              • Part of subcall function 00007FF63DD92030: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF63DD923A2), ref: 00007FF63DD92065
                                                                              • Part of subcall function 00007FF63DD92030: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF63DD923A2), ref: 00007FF63DD92080
                                                                              • Part of subcall function 00007FF63DD92030: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF63DD923A2), ref: 00007FF63DD9209B
                                                                              • Part of subcall function 00007FF63DD92030: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF63DD923A2), ref: 00007FF63DD920B6
                                                                            • avformat_network_init.AVFORMAT-60 ref: 00007FF63DD91A85
                                                                            • av_guess_format.AVFORMAT-60 ref: 00007FF63DD91AAF
                                                                            • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF63DD91ABC
                                                                            • fprintf.MSPDB140-MSVCRT ref: 00007FF63DD91AD0
                                                                            • avformat_alloc_output_context2.AVFORMAT-60 ref: 00007FF63DD91AEC
                                                                            • av_strerror.AVUTIL-58 ref: 00007FF63DD91B19
                                                                            • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF63DD91B23
                                                                            • fprintf.MSPDB140-MSVCRT ref: 00007FF63DD91B38
                                                                              • Part of subcall function 00007FF63DD92910: calloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF63DD91B4C), ref: 00007FF63DD92939
                                                                              • Part of subcall function 00007FF63DD92370: avcodec_free_context.AVCODEC-60 ref: 00007FF63DD92388
                                                                              • Part of subcall function 00007FF63DD92370: av_free.AVUTIL-58 ref: 00007FF63DD923B1
                                                                              • Part of subcall function 00007FF63DD92370: avio_context_free.AVFORMAT-60 ref: 00007FF63DD923BD
                                                                              • Part of subcall function 00007FF63DD92370: avformat_free_context.AVFORMAT-60 ref: 00007FF63DD923CC
                                                                              • Part of subcall function 00007FF63DD92370: avcodec_free_context.AVCODEC-60 ref: 00007FF63DD92402
                                                                              • Part of subcall function 00007FF63DD92370: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF63DD92415
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1903087180.00007FF63DD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF63DD90000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1903060811.00007FF63DD90000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1903107554.00007FF63DD95000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1903135413.00007FF63DD96000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1903225542.00007FF63DD99000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ff63dd90000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: strncmp$__acrt_iob_funcavcodec_free_contextfprintf$av_freeav_guess_formatav_strerroravformat_alloc_output_context2avformat_free_contextavformat_network_initavio_context_freecallocfree
                                                                            • String ID: Couldn't find an appropriate muxer for '%s'$Couldn't initialize output context: %s$http$mpegts$video/M2PT
                                                                            • API String ID: 3777911973-2524251934
                                                                            • Opcode ID: 078559d49e555ef7517477361438487f95b7fa6d5945ffa6822e70d97715306d
                                                                            • Instruction ID: 759311ef5967d7a76bba72e0b2ed917809c42cbb039e3a5f04ae77ebf8bb7dda
                                                                            • Opcode Fuzzy Hash: 078559d49e555ef7517477361438487f95b7fa6d5945ffa6822e70d97715306d
                                                                            • Instruction Fuzzy Hash: 0F311311E1C64A82FB609BA594312BE3351AF89794F901335ED1DC7796FE3EE948A700
                                                                            Function 00007FFE1324B4A0 Relevance: 24.2, APIs: 16, Instructions: 234COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908676257.00007FFE13241000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE13240000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908661283.00007FFE13240000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908699278.00007FFE13259000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908719036.00007FFE13262000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908735260.00007FFE13263000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908750918.00007FFE13266000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908767541.00007FFE13267000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffe13240000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: av_channel_layout_from_maskav_channel_layout_uninitav_opt_set_int$av_channel_layout_compareav_opt_set_chlayout$av_frame_get_bufferav_get_bytes_per_sampleav_logav_sample_fmt_is_planar
                                                                            • String ID:
                                                                            • API String ID: 1741793059-0
                                                                            • Opcode ID: 5f9c736c55c51c0448996e1834cac8009cd8094c6cea8c5c45183c0897257ebe
                                                                            • Instruction ID: 13366518dfceceb957286268595426cb99a2b5024d6e1505fcbb52863d0519be
                                                                            • Opcode Fuzzy Hash: 5f9c736c55c51c0448996e1834cac8009cd8094c6cea8c5c45183c0897257ebe
                                                                            • Instruction Fuzzy Hash: 8F918522B08A42CAFB55BE37910077A62D5BFA5BA4F4445B1EE4D772A5EE3CE401C700
                                                                            Function 00007FFE1322A83C Relevance: 22.9, APIs: 15, Instructions: 358COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908589897.00007FFE13221000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE13220000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908574862.00007FFE13220000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908610418.00007FFE13231000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908629237.00007FFE13236000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908644951.00007FFE13237000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffe13220000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: Name::operator+
                                                                            • String ID:
                                                                            • API String ID: 2943138195-0
                                                                            • Opcode ID: 63ad456de8db332c0b347e2e514b887ab112aaee213ccda8367cb7f767930e9c
                                                                            • Instruction ID: fd396987bfdf91d2f7ebe79ff7430d320c2fc1b0a5a44670f89314e40540ed16
                                                                            • Opcode Fuzzy Hash: 63ad456de8db332c0b347e2e514b887ab112aaee213ccda8367cb7f767930e9c
                                                                            • Instruction Fuzzy Hash: 8AF17F72B08A829EF720EF66E8901EC77B0EBA475CB444076EA4D67AA5DF38D515C340
                                                                            Function 00007FFE1322D20C Relevance: 21.3, APIs: 7, Strings: 5, Instructions: 349COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908589897.00007FFE13221000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE13220000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908574862.00007FFE13220000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908610418.00007FFE13231000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908629237.00007FFE13236000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908644951.00007FFE13237000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffe13220000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: Name::operator+
                                                                            • String ID: NULL$`generic-class-parameter-$`generic-method-parameter-$`template-type-parameter-$nullptr
                                                                            • API String ID: 2943138195-2309034085
                                                                            • Opcode ID: 767f6b35ed257beddb1ea2fff1390adae3ecab9bc22a75a6672164d643aa4b64
                                                                            • Instruction ID: b2702936814bdb95ab967bc5a7b1c9d81f7668a51a5d1d810711df2631f7237e
                                                                            • Opcode Fuzzy Hash: 767f6b35ed257beddb1ea2fff1390adae3ecab9bc22a75a6672164d643aa4b64
                                                                            • Instruction Fuzzy Hash: 25E14D72E08E128CFB34BB66ED941BC27A0AFA5764F5401B5DA1D36AB9DE7CA504C240
                                                                            Function 00007FFDFB8EEA60 Relevance: 21.2, APIs: 6, Strings: 6, Instructions: 176stringCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: strlen$strchrstrtoul
                                                                            • String ID: 0123456789ABCDEFabcdef$Cannot find color '%s'$Invalid 0xRRGGBB[AA] color string: '%s'$Invalid alpha value specifier '%s' in '%s'$bikeshed$random
                                                                            • API String ID: 643661298-1323625105
                                                                            • Opcode ID: 05b314dcd31ff43a5f327d01538bb3f4bf05cbc92719439464dceff93f7a60bd
                                                                            • Instruction ID: c88350d7ec67a90cd7772021e131fe45d868683ca15b0e749d82c1162e440cff
                                                                            • Opcode Fuzzy Hash: 05b314dcd31ff43a5f327d01538bb3f4bf05cbc92719439464dceff93f7a60bd
                                                                            • Instruction Fuzzy Hash: 75710512B3F68344FBA99B619431B7A6691AFC17C1F448232D96E177FDDEACE4408300
                                                                            Function 00007FFDFB8E4960 Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 173COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: Console$getenv$AttributeBufferHandleInfoModeScreenText
                                                                            • String ID: 256color$AV_LOG_FORCE_256COLOR$AV_LOG_FORCE_COLOR$AV_LOG_FORCE_NOCOLOR$TERM
                                                                            • API String ID: 250312076-468416034
                                                                            • Opcode ID: 01025577c71988898b66c8b0eb027abf6c2326527978ea750917b74e8b6462d0
                                                                            • Instruction ID: 61f586c10668da1831e81a2ee5ab2111e1b0a70afe93df6994680860045cd083
                                                                            • Opcode Fuzzy Hash: 01025577c71988898b66c8b0eb027abf6c2326527978ea750917b74e8b6462d0
                                                                            • Instruction Fuzzy Hash: C3715A61F2F60385FB659B95A874AB92290AF81774F980335CD7D432F9EF3CE4458240
                                                                            Function 00007FF63DD914B0 Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 164COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1903087180.00007FF63DD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF63DD90000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1903060811.00007FF63DD90000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1903107554.00007FF63DD95000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1903135413.00007FF63DD96000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1903225542.00007FF63DD99000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ff63dd90000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: __acrt_iob_funcav_content_light_metadata_allocav_mastering_display_metadata_allocav_memdupav_stream_add_side_dataavcodec_alloc_context3avcodec_descriptor_get_by_name
                                                                            • String ID: 2$Couldn't find codec '%s'$E
                                                                            • API String ID: 3726879996-2734579634
                                                                            • Opcode ID: 984bf621481a9a25f05ee9f8f0874bf5fd16c3df77fd558344dbfddc274f0f6a
                                                                            • Instruction ID: 9cc73a674856cde0e73cc8d091a0000984460e0bab9cba2bdb3f67e93a00c334
                                                                            • Opcode Fuzzy Hash: 984bf621481a9a25f05ee9f8f0874bf5fd16c3df77fd558344dbfddc274f0f6a
                                                                            • Instruction Fuzzy Hash: 8681E276609784CBD754CF65E55025EBBB0F789B88F10412AEB8C87B58EB7AD858CB00
                                                                            Function 00007FF63DD91250 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 144COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1903087180.00007FF63DD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF63DD90000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1903060811.00007FF63DD90000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1903107554.00007FF63DD95000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1903135413.00007FF63DD96000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1903225542.00007FF63DD99000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ff63dd90000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: __acrt_iob_func$avcodec_descriptor_get_by_nameavcodec_find_encoder
                                                                            • String ID: Couldn't find codec '%s'$Couldn't find codec descriptor '%s'$title
                                                                            • API String ID: 3715327632-3279048111
                                                                            • Opcode ID: c9720edbb9d548ebec2452977bce4eb4d803eed367fb80ba86fd3ea18017a218
                                                                            • Instruction ID: 847f8ad1d060f241eddebd757c465061bfb49c6646eac616cfd8d7034fe22b47
                                                                            • Opcode Fuzzy Hash: c9720edbb9d548ebec2452977bce4eb4d803eed367fb80ba86fd3ea18017a218
                                                                            • Instruction Fuzzy Hash: A461AE32605B8986D704CF56E5A03AD77A0FB88B94F454235DF4E87794EF39E069C700
                                                                            Function 00007FFDFB903CB0 Relevance: 21.1, APIs: 14, Instructions: 123COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: _aligned_free
                                                                            • String ID:
                                                                            • API String ID: 2229574080-0
                                                                            • Opcode ID: 9507d53f166a1d0254cdadf622783abd4b684d210657e614246861b7e6ebef3c
                                                                            • Instruction ID: 01cc7f04214584f0b967c93c193735f8171290d934d277a58a9fee8518c9a326
                                                                            • Opcode Fuzzy Hash: 9507d53f166a1d0254cdadf622783abd4b684d210657e614246861b7e6ebef3c
                                                                            • Instruction Fuzzy Hash: 1D411E19B1E46380DB09EB62D876D7B1755AF89FC0B0A8839DE6D4B3E6CE38D4458380
                                                                            Function 00007FF63DD917A0 Relevance: 19.6, APIs: 13, Instructions: 72COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1903087180.00007FF63DD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF63DD90000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1903060811.00007FF63DD90000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1903107554.00007FF63DD95000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1903135413.00007FF63DD96000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1903225542.00007FF63DD99000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ff63dd90000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: bfreefreeos_event_destroy$av_packet_freeav_write_traileros_event_signalpthread_joinpthread_mutex_destroypthread_mutex_lockpthread_mutex_unlock
                                                                            • String ID:
                                                                            • API String ID: 3736584056-0
                                                                            • Opcode ID: 8bdf6fd2e92e54ef71616242ce810bf52dd6c25259264d2bdbef31b8de60417c
                                                                            • Instruction ID: 730f199de19500e6a101f1e44a85997703034942127b5767a51f6f456091b2a8
                                                                            • Opcode Fuzzy Hash: 8bdf6fd2e92e54ef71616242ce810bf52dd6c25259264d2bdbef31b8de60417c
                                                                            • Instruction Fuzzy Hash: 74316F22E1968681E741DFB0C4713F83360FF94B48F484231DE4D8A69AEF3AD589E350
                                                                            Function 00007FFE13222CE4 Relevance: 19.6, APIs: 8, Strings: 3, Instructions: 309COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908589897.00007FFE13221000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE13220000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908574862.00007FFE13220000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908610418.00007FFE13231000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908629237.00007FFE13236000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908644951.00007FFE13237000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffe13220000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: Frame$BlockEstablisherHandler3::Unwindabortterminate$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                            • String ID: csm$csm$csm
                                                                            • API String ID: 3436797354-393685449
                                                                            • Opcode ID: d5e0e3ab29c15918133307a59fdea49d8ed4f7431b693d67295d57de9f2acebd
                                                                            • Instruction ID: cf252a16d7c64c53ff9cc52944bfa293e82165a084144c970217f24048eeb814
                                                                            • Opcode Fuzzy Hash: d5e0e3ab29c15918133307a59fdea49d8ed4f7431b693d67295d57de9f2acebd
                                                                            • Instruction Fuzzy Hash: F2D16332A08F418AEB70AF66E8412AD77A0FBA5BA8F100175DF8D67765CF38E554C740
                                                                            Function 00007FFE13247400 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 161COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908676257.00007FFE13241000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE13240000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908661283.00007FFE13240000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908699278.00007FFE13259000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908719036.00007FFE13262000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908735260.00007FFE13263000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908750918.00007FFE13266000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908767541.00007FFE13267000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffe13240000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: memcpy$av_callocav_freep
                                                                            • String ID: !c->frac && !c->dst_incr_mod$Assertion %s failed at %s:%d$src/libswresample/resample.c
                                                                            • API String ID: 1182148616-608564573
                                                                            • Opcode ID: ae225f1ac773ac5f9c1fe2fea1a141108402761e9a2d6cdf13e09e92a9034940
                                                                            • Instruction ID: 9468774808a653e62dcb2a4a2e7c41c3e650ac827ef7e7a650a046079cbd4b56
                                                                            • Opcode Fuzzy Hash: ae225f1ac773ac5f9c1fe2fea1a141108402761e9a2d6cdf13e09e92a9034940
                                                                            • Instruction Fuzzy Hash: D161B4B3A04B02CBD714DF3AD14057D77A5EBA4B68B104236EA5D977A8EB3CE541CB80
                                                                            Function 00007FFDFB8CAE10 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 151stringCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: memcmpstrlen
                                                                            • String ID: mono
                                                                            • API String ID: 3108337309-2381334079
                                                                            • Opcode ID: 4442f9bb683f4af6272261eaf8af414874aa53633c76ffc30400c404e096c1e0
                                                                            • Instruction ID: b1358e513517a52b7dc72cc43352f9fe9d0d1b39350af0ed79807c4271bd56ae
                                                                            • Opcode Fuzzy Hash: 4442f9bb683f4af6272261eaf8af414874aa53633c76ffc30400c404e096c1e0
                                                                            • Instruction Fuzzy Hash: 115181E2B2AA4346FF609B15F860AB96791AB85BC4F894032DD2D477ECDE7CE4458340
                                                                            Function 00007FFE13248F70 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 139COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908676257.00007FFE13241000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE13240000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908661283.00007FFE13240000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908699278.00007FFE13259000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908719036.00007FFE13262000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908735260.00007FFE13263000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908750918.00007FFE13266000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908767541.00007FFE13267000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffe13240000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: abortav_log$av_freep
                                                                            • String ID: Assertion %s failed at %s:%d$a->bps$a->ch_count$src/libswresample/swresample.c
                                                                            • API String ID: 2329147549-2798989596
                                                                            • Opcode ID: 8a6bc04a2563c4ca64b9d2f166cec7721cca9d96160b8b29e1ad9d54915bbd6c
                                                                            • Instruction ID: 3500c6ce1f051e7f213d0b39644eeb4eb7fbeebac5548d20549a646c896767a9
                                                                            • Opcode Fuzzy Hash: 8a6bc04a2563c4ca64b9d2f166cec7721cca9d96160b8b29e1ad9d54915bbd6c
                                                                            • Instruction Fuzzy Hash: 2751F9B2B19E828DEB30AF269844BF96354EFF47A4F105275DE1D67AA5DF389500C600
                                                                            Function 00007FFDFB8CF360 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 170stringCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: _aligned_free$strlen$memcpy$_aligned_realloc
                                                                            • String ID: %lld
                                                                            • API String ID: 3853940031-1962030014
                                                                            • Opcode ID: 8ef0d90d922d738ed908a9e8d1ebc5c3fb02acdd9b45e12231443154cef6d25c
                                                                            • Instruction ID: b7ba4dc679ac3dba464bb2b1e1a9496072c69e3cd4e273342ac5936b59d86e8c
                                                                            • Opcode Fuzzy Hash: 8ef0d90d922d738ed908a9e8d1ebc5c3fb02acdd9b45e12231443154cef6d25c
                                                                            • Instruction Fuzzy Hash: 8861C3A6B2A64381FB249B51E960A7A5290BFC8B94F044532EE6D577EDEF3CE444C340
                                                                            Function 00007FFDFB97AF60 Relevance: 16.7, APIs: 11, Instructions: 159sleepCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: CreateEventSleep
                                                                            • String ID:
                                                                            • API String ID: 3100162736-0
                                                                            • Opcode ID: e5aaf2775736aee3134771c4ec912a0918e928d2149e6c1679b1ab5e8eb6a53e
                                                                            • Instruction ID: c99dbcd24a4d3a31259b203f47eb669deb5f89e771a3521961173efda6288e62
                                                                            • Opcode Fuzzy Hash: e5aaf2775736aee3134771c4ec912a0918e928d2149e6c1679b1ab5e8eb6a53e
                                                                            • Instruction Fuzzy Hash: 42517C76B0A60386E7619B25A868FBB32A4FB457A4F254235DE39473E8DF7CD845C300
                                                                            Function 00007FFE13249B80 Relevance: 16.2, APIs: 2, Strings: 7, Instructions: 426COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908676257.00007FFE13241000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE13240000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908661283.00007FFE13240000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908699278.00007FFE13259000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908719036.00007FFE13262000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908735260.00007FFE13263000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908750918.00007FFE13266000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908767541.00007FFE13267000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffe13240000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: abortav_freepav_log
                                                                            • String ID: ?$Assertion %s failed at %s:%d$s->dither.noise.ch_count == preout->ch_count$s->in.planar$s->midbuf.ch_count == s->out.ch_count$s->midbuf.ch_count == s->used_ch_layout.nb_channels$src/libswresample/swresample.c
                                                                            • API String ID: 3736396223-3190629393
                                                                            • Opcode ID: d26e443fe19845a36fdde429c2a9a759add677dece32294348b5e2c239672df1
                                                                            • Instruction ID: 3448bb9feeb435fc85fa7036597949f02d8eb1e76d8ae1f84b76c13f0ffa61d8
                                                                            • Opcode Fuzzy Hash: d26e443fe19845a36fdde429c2a9a759add677dece32294348b5e2c239672df1
                                                                            • Instruction Fuzzy Hash: 3602D372B08A52CAE720AE2794007AA7791FBE4FA8F540175DE4D67768DF3CE440C750
                                                                            Function 00007FFE1322E350 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 196COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908589897.00007FFE13221000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE13220000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908574862.00007FFE13220000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908610418.00007FFE13231000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908629237.00007FFE13236000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908644951.00007FFE13237000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffe13220000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: `generic-type-$`template-parameter-$generic-type-$template-parameter-
                                                                            • API String ID: 0-3207858774
                                                                            • Opcode ID: 6f458657f8fae6e2f2557f40169539ea56a3e6fb73d2116d9b83691f1491e61c
                                                                            • Instruction ID: f5350c2b1808bdf8689434f83ad64cc6264c31d470f5993ae5848217139699b7
                                                                            • Opcode Fuzzy Hash: 6f458657f8fae6e2f2557f40169539ea56a3e6fb73d2116d9b83691f1491e61c
                                                                            • Instruction Fuzzy Hash: A1916122A18E469DFB30EF26E8901F877A4ABA9B64F4440B1DA4D237B5DF3CE515D340
                                                                            Function 00007FFDFB969990 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 155COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: _errno
                                                                            • String ID: -
                                                                            • API String ID: 2918714741-2547889144
                                                                            • Opcode ID: f978b8ec28ce8a6f9b5e47dd2052fece94246ae97b2b9cc28d4a0647f4bf6175
                                                                            • Instruction ID: b635df6dcf8b3f0a71c8bcbf19abf432dcdc5ce74335d8563c03dbaa7fc09b10
                                                                            • Opcode Fuzzy Hash: f978b8ec28ce8a6f9b5e47dd2052fece94246ae97b2b9cc28d4a0647f4bf6175
                                                                            • Instruction Fuzzy Hash: 1E51A362F0F25749FB654A36D830BBD27C2AF4A7A4F564534DD3E4A2E9DD2CE8408300
                                                                            Function 00007FFDFB969BF0 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 147COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: _errno
                                                                            • String ID: -$ambisonic
                                                                            • API String ID: 2918714741-2876420257
                                                                            • Opcode ID: c1d0ba877cb9a5e33fb598b34b3d9939bb9d6dbd7a5e029ec6c2859871519c45
                                                                            • Instruction ID: ac09b6fcd13289772a817db740f061103ef63161906bfe1ab408532a85d2d4dd
                                                                            • Opcode Fuzzy Hash: c1d0ba877cb9a5e33fb598b34b3d9939bb9d6dbd7a5e029ec6c2859871519c45
                                                                            • Instruction Fuzzy Hash: 5041F362F0E55309FB644A25D970BBD27C7AF0A7A4F554931ED3E4A2ECED2CE8408310
                                                                            Function 00007FFE1322A13C Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 120COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908589897.00007FFE13221000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE13220000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908574862.00007FFE13220000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908610418.00007FFE13231000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908629237.00007FFE13236000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908644951.00007FFE13237000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffe13220000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: Name::operator+$Name::operator+=
                                                                            • String ID: `unknown ecsu'$class $coclass $cointerface $enum $struct $union
                                                                            • API String ID: 179159573-1464470183
                                                                            • Opcode ID: 2fc61dd6c602e97fa3c1e55ca06bd20aebc659b0b394667bc2b1a0081ee2f141
                                                                            • Instruction ID: 2b4690f7e0de16d38be924b629ab00013b2f78aadc9cc3158662624e52a1a8d3
                                                                            • Opcode Fuzzy Hash: 2fc61dd6c602e97fa3c1e55ca06bd20aebc659b0b394667bc2b1a0081ee2f141
                                                                            • Instruction Fuzzy Hash: 03514732E18E128DFB24EB66F8805AC37B0BBA47A4F504175EE0D62A68DF29E551C700
                                                                            Function 00007FFDFB8ED3D0 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 110stringCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: _aligned_free$strlenstrspn
                                                                            • String ID: Key '%s' not found.$Missing key or no key/value separator found after key '%s'$Setting entry with key '%s' to value '%s'
                                                                            • API String ID: 1832283230-2858522012
                                                                            • Opcode ID: 6858625f83de9048fadb2900624906809c4cd63edab14c6c68f5989beb2d347c
                                                                            • Instruction ID: 718e9aecb51fc2242427d974ae55c0c36f432c176b5e5ee92ce9154493e346ae
                                                                            • Opcode Fuzzy Hash: 6858625f83de9048fadb2900624906809c4cd63edab14c6c68f5989beb2d347c
                                                                            • Instruction Fuzzy Hash: D1419555B2A68390EB699B52A820ABA5750BFC5BC8F544431ED6F177F9CE3CE089C340
                                                                            Function 00007FFDFB8E9900 Relevance: 15.3, APIs: 1, Strings: 9, Instructions: 317stringCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: strcmp
                                                                            • String ID: %-15s $ %s%-17s $ %s$ (default $ (from $ I$ to $%-12s $%c%c%c%c%c%c%c%c%c%c%c
                                                                            • API String ID: 1004003707-1704579004
                                                                            • Opcode ID: 2ea16860b3427611d439ee252ee5f1f96aacb857c5cfc9ddd7f0c0fe524bede6
                                                                            • Instruction ID: 40baa81e2f0ecef7e2606a59b8a545f56c9b5cab16b33a719a65b11c5527d4bc
                                                                            • Opcode Fuzzy Hash: 2ea16860b3427611d439ee252ee5f1f96aacb857c5cfc9ddd7f0c0fe524bede6
                                                                            • Instruction Fuzzy Hash: 74C1E272B2A68386EB189B65E860BBA2761FBC1794F544135DA2D477F8DF7CE440C340
                                                                            Function 00007FFDFB8CF640 Relevance: 15.2, APIs: 10, Instructions: 244stringCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: _aligned_free$strlenstrspn
                                                                            • String ID:
                                                                            • API String ID: 1832283230-0
                                                                            • Opcode ID: 26bc88a9fd69d679ea30a0b0f13b4c0f719b999fe5c0e19c8c29863e318b563f
                                                                            • Instruction ID: 4559c662b101aca2efe5c8b84623c1c91648451b33d1ba2f55811a68298186f1
                                                                            • Opcode Fuzzy Hash: 26bc88a9fd69d679ea30a0b0f13b4c0f719b999fe5c0e19c8c29863e318b563f
                                                                            • Instruction Fuzzy Hash: A4A16FA6B2E68381FB149B51E860B7AA790EFC5B84F044432EA9D577EDDE2CE444C740
                                                                            Function 00007FFE132288E4 Relevance: 15.2, APIs: 10, Instructions: 150COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908589897.00007FFE13221000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE13220000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908574862.00007FFE13220000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908610418.00007FFE13231000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908629237.00007FFE13236000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908644951.00007FFE13237000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffe13220000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: Name::operator+
                                                                            • String ID:
                                                                            • API String ID: 2943138195-0
                                                                            • Opcode ID: 28d39e64d2900046752fe00e0d170ae61e4b908a297697eb59c3c366de5be272
                                                                            • Instruction ID: 00d5945b969373c334d01c97b74f35c223540d803dedd2db4735ab29de3990ee
                                                                            • Opcode Fuzzy Hash: 28d39e64d2900046752fe00e0d170ae61e4b908a297697eb59c3c366de5be272
                                                                            • Instruction Fuzzy Hash: F8616062B04B529CF720EBA6EC811EC27B1BB947A8F404475EE4D3BA69DFB8D545C340
                                                                            Function 00007FFDFB8D09B0 Relevance: 15.1, APIs: 10, Instructions: 135COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: _aligned_free
                                                                            • String ID:
                                                                            • API String ID: 2229574080-0
                                                                            • Opcode ID: 5319d01e5d1025e7fc0068ae3d94082f79af11993daff4612deb7ef89ba06dda
                                                                            • Instruction ID: b0e0495f8a656254725795922f0c894cab520682d8a558ec94ee705097abb8af
                                                                            • Opcode Fuzzy Hash: 5319d01e5d1025e7fc0068ae3d94082f79af11993daff4612deb7ef89ba06dda
                                                                            • Instruction Fuzzy Hash: E0417626B2A60781EB55AB55D875E7F225AEFCCB84F050636DD2D073E9DE78E840C340
                                                                            Function 00007FFDFB979840 Relevance: 15.1, APIs: 10, Instructions: 100COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: Value
                                                                            • String ID:
                                                                            • API String ID: 3702945584-0
                                                                            • Opcode ID: de550876fdf94b650e17a9c6284cbc8fe7517bb1ab88a7b2ec8df1b363e153e6
                                                                            • Instruction ID: 17e61736e2d03f3d442526bc4021b58f4fd399c5e541062804846b7f29d371ec
                                                                            • Opcode Fuzzy Hash: de550876fdf94b650e17a9c6284cbc8fe7517bb1ab88a7b2ec8df1b363e153e6
                                                                            • Instruction Fuzzy Hash: CC3149A2B0AA0386EB509F25E824B7937A0FB44B99F544275DD2C073E8EF7CE444C700
                                                                            Function 00007FF63DD92030 Relevance: 15.0, APIs: 5, Strings: 5, Instructions: 41stringCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF63DD923A2), ref: 00007FF63DD9204A
                                                                            • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF63DD923A2), ref: 00007FF63DD92065
                                                                            • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF63DD923A2), ref: 00007FF63DD92080
                                                                            • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF63DD923A2), ref: 00007FF63DD9209B
                                                                            • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF63DD923A2), ref: 00007FF63DD920B6
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1903087180.00007FF63DD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF63DD90000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1903060811.00007FF63DD90000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1903107554.00007FF63DD95000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1903135413.00007FF63DD96000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1903225542.00007FF63DD99000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ff63dd90000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: strncmp
                                                                            • String ID: http$rist$srt$tcp$udp
                                                                            • API String ID: 1114863663-504309389
                                                                            • Opcode ID: d2521f5543573ed7a9b47c763349208ce3ea302e6d5c14a99d4cb2250db2cd2e
                                                                            • Instruction ID: 9eb4167a39e2e92e045b598f3ea01936ac8c4244695e0ac7d87c7dcf4a393941
                                                                            • Opcode Fuzzy Hash: d2521f5543573ed7a9b47c763349208ce3ea302e6d5c14a99d4cb2250db2cd2e
                                                                            • Instruction Fuzzy Hash: 61010990B1450B80FBA19FA2E4617283764AF45F95F845239C90DCB390EF3FE649E760
                                                                            Function 00007FFE13245C20 Relevance: 14.3, APIs: 4, Strings: 4, Instructions: 341COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908676257.00007FFE13241000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE13240000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908661283.00007FFE13240000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908699278.00007FFE13259000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908719036.00007FFE13262000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908735260.00007FFE13263000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908750918.00007FFE13266000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908767541.00007FFE13267000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffe13240000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: Assertion %s failed at %s:%d$s-> in_ch_layout.order == AV_CHANNEL_ORDER_UNSPEC || in ->ch_count == s->in_ch_layout.nb_channels$s->out_ch_layout.order == AV_CHANNEL_ORDER_UNSPEC || out->ch_count == s->out_ch_layout.nb_channels$src/libswresample/rematrix.c
                                                                            • API String ID: 0-729179064
                                                                            • Opcode ID: 497491d05170ef8247b869581e7d03bb9a59682df4ab4db83a46a576b33f8865
                                                                            • Instruction ID: 4c6a72426482c3a3701b6222c19e621d9949f4c205b808e740cd0a9db020e085
                                                                            • Opcode Fuzzy Hash: 497491d05170ef8247b869581e7d03bb9a59682df4ab4db83a46a576b33f8865
                                                                            • Instruction Fuzzy Hash: 9BE1E573A08E82CAD7249F16D0447BE7765FBA4B94F564232DA8D27B64DF38E145CB00
                                                                            Function 00007FFE132231A0 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 314COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908589897.00007FFE13221000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE13220000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908574862.00007FFE13220000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908610418.00007FFE13231000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908629237.00007FFE13236000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908644951.00007FFE13237000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffe13220000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: abortterminate$Is_bad_exception_allowedstd::bad_alloc::bad_alloc
                                                                            • String ID: csm$csm$csm
                                                                            • API String ID: 211107550-393685449
                                                                            • Opcode ID: 1f2c6e9c8ad6c1917ecaa8d6efe9c468c91fc9baef10e6d9588306a72b9f3ebc
                                                                            • Instruction ID: f16f90ee7fbe4ce9d6ebda48f75598b0065420a67499700250cbddbe1be42ebc
                                                                            • Opcode Fuzzy Hash: 1f2c6e9c8ad6c1917ecaa8d6efe9c468c91fc9baef10e6d9588306a72b9f3ebc
                                                                            • Instruction Fuzzy Hash: 56E1A673908A818EE770AF26E8806BD77A0FBA4B68F144175DB8D67765CF38E585C700
                                                                            Function 00007FFDFB8E1E20 Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 248COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: memcpy
                                                                            • String ID: ((dst_linesize) >= 0 ? (dst_linesize) : (-(dst_linesize))) >= bytewidth$((src_linesize) >= 0 ? (src_linesize) : (-(src_linesize))) >= bytewidth$Assertion %s failed at %s:%d$av_image_get_linesize failed$src/libavutil/imgutils.c
                                                                            • API String ID: 3510742995-882259572
                                                                            • Opcode ID: 0f20995bfb48e77148fec557d5fbaa226202661854b0129ced2db76bb94dc692
                                                                            • Instruction ID: 4cda4c8bbc8c02326ecbf2b7fe0ec6d1c8194ce9ed067afea9ef5209706d58fe
                                                                            • Opcode Fuzzy Hash: 0f20995bfb48e77148fec557d5fbaa226202661854b0129ced2db76bb94dc692
                                                                            • Instruction Fuzzy Hash: 94A1A272B2A78686DB189F51A95056ABBA1FB84BD0F184035EE5D07BE8DF3CF841C700
                                                                            Function 00007FFDFB8E1A70 Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 243COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: memcpy$abort
                                                                            • String ID: ((dst_linesize) >= 0 ? (dst_linesize) : (-(dst_linesize))) >= bytewidth$((src_linesize) >= 0 ? (src_linesize) : (-(src_linesize))) >= bytewidth$Assertion %s failed at %s:%d$av_image_get_linesize failed$src/libavutil/imgutils.c
                                                                            • API String ID: 3629556515-882259572
                                                                            • Opcode ID: 720129b710e5ed98a497ce0c61193de95d3f52df19d8a310f2021f8bda355e19
                                                                            • Instruction ID: 9df0b199e9ee967252d6eb2cc2aacb43dd9289aaf80e901cd3f7884bb36e7db9
                                                                            • Opcode Fuzzy Hash: 720129b710e5ed98a497ce0c61193de95d3f52df19d8a310f2021f8bda355e19
                                                                            • Instruction Fuzzy Hash: C0A19532B1AB8686DB589F55E45066ABBA0FBC5B90F144135DFAD43BA8DF3CE441C700
                                                                            Function 00007FFDFB8ED5B0 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 145COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: _aligned_free$strspn$memcpystrchr
                                                                            • String ID: No option name near '%s'$Option '%s' not found$Setting '%s' to value '%s'$Unable to parse '%s': %s
                                                                            • API String ID: 2931229598-2003673103
                                                                            • Opcode ID: 5496a8e94afb4b653dcbea0521884cd186c85a6990d9a2e756bf1473de833a0d
                                                                            • Instruction ID: db229dc9d3d1082eae3505a95b5bb74fb5f1461f02d8ccbdd834d2aebd789102
                                                                            • Opcode Fuzzy Hash: 5496a8e94afb4b653dcbea0521884cd186c85a6990d9a2e756bf1473de833a0d
                                                                            • Instruction Fuzzy Hash: 8C518322719B8791E7648B91E860BAAA7A0FBC4784F404035EEAD47BF9DF7CD048C740
                                                                            Function 00007FFDFB9444C0 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 142COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: abort
                                                                            • String ID: !"valid element size"$. -_$Assertion %s failed at %s:%d$D$[%d]$src/libavutil/utils.c
                                                                            • API String ID: 4206212132-1952739643
                                                                            • Opcode ID: 8dda062a40ab2f67f05643896e4bd6b922d436051c7bb03a64cbc94b01d14da1
                                                                            • Instruction ID: 9f1c8d833b612185a620bbaf647006b78aac7fc21074133b72c48cec60e8837d
                                                                            • Opcode Fuzzy Hash: 8dda062a40ab2f67f05643896e4bd6b922d436051c7bb03a64cbc94b01d14da1
                                                                            • Instruction Fuzzy Hash: 0751F462F1A25BC5EF208B11A520D793B90FB56B88F55C130CE2D537ECEE3CA695C600
                                                                            Function 00007FFE1322BE24 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 111COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908589897.00007FFE13221000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE13220000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908574862.00007FFE13220000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908610418.00007FFE13231000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908629237.00007FFE13236000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908644951.00007FFE13237000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffe13220000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: Name::operator+
                                                                            • String ID: cli::array<$cli::pin_ptr<$std::nullptr_t$std::nullptr_t $void$void
                                                                            • API String ID: 2943138195-2239912363
                                                                            • Opcode ID: e2dcc5ac231621b7bb9adceaede0f9dd180f9bba2b8fff5e7c5622460418e45f
                                                                            • Instruction ID: 9af774e9af6d8b95ee5d2f6eed76520cc90efa132bad8a2ac397c66eae68bf65
                                                                            • Opcode Fuzzy Hash: e2dcc5ac231621b7bb9adceaede0f9dd180f9bba2b8fff5e7c5622460418e45f
                                                                            • Instruction Fuzzy Hash: 27517D62E18F468CFB21AB62EC812BC77B0BBA8764F4440B5EF4D226A5DF7C9044C710
                                                                            Function 00007FFE13248AB0 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 68COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908676257.00007FFE13241000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE13240000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908661283.00007FFE13240000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908699278.00007FFE13259000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908719036.00007FFE13262000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908735260.00007FFE13263000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908750918.00007FFE13266000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908767541.00007FFE13267000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffe13240000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: abortav_logmemcpy
                                                                            • String ID: Assertion %s failed at %s:%d$out->bps == in->bps$out->ch_count == in->ch_count$out->planar == in->planar$src/libswresample/swresample.c
                                                                            • API String ID: 2496068414-3511948170
                                                                            • Opcode ID: b7f206457b9caba27af6789feee01ca3d186e054d088e26f0222d9f3267d756f
                                                                            • Instruction ID: 9a317ed7a1eb146ee66f8437b1cea6a72785b527d9621ca8cf3451f3cfbe2060
                                                                            • Opcode Fuzzy Hash: b7f206457b9caba27af6789feee01ca3d186e054d088e26f0222d9f3267d756f
                                                                            • Instruction Fuzzy Hash: 1721BCF2A18E42DEE620AB12E8441E977A4EBA4374F5443B1DE5C53671EF3DE644CA00
                                                                            Function 00007FFE1A4663B0 Relevance: 13.7, APIs: 9, Instructions: 230COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908801755.00007FFE1A461000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908785930.00007FFE1A460000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908817635.00007FFE1A468000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908834726.00007FFE1A46C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffe1a460000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                            • String ID:
                                                                            • API String ID: 349153199-0
                                                                            • Opcode ID: 05d8b91213d8a4974e84562f7c7d5bb031e6d637f96e7ddce6b44401f1817edf
                                                                            • Instruction ID: 0f72f9cebdee551c135a957439cfaf34b682d4c5ec23650f322099302ad1bdbb
                                                                            • Opcode Fuzzy Hash: 05d8b91213d8a4974e84562f7c7d5bb031e6d637f96e7ddce6b44401f1817edf
                                                                            • Instruction Fuzzy Hash: 64819261F08E4385FA58AB67A441279A2B0AF85FA4F1440F7D92D437B6EE3CE8658700
                                                                            Function 00007FFDFB8CFAD0 Relevance: 13.7, APIs: 9, Instructions: 221COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: _aligned_free
                                                                            • String ID:
                                                                            • API String ID: 2229574080-0
                                                                            • Opcode ID: bb8437b69a084f07a8ed3204e31c2741436194e29f9f638b4584538b28a8ba08
                                                                            • Instruction ID: 509b66dcee3f3ed5d22527db46572fbf1ec4ab717e155df22a19e0eaa49f6475
                                                                            • Opcode Fuzzy Hash: bb8437b69a084f07a8ed3204e31c2741436194e29f9f638b4584538b28a8ba08
                                                                            • Instruction Fuzzy Hash: DA817DB6B2A68381FB149B52E460A7A67A0FBC5780F144436EE6D47BE9DF3CE444C740
                                                                            Function 00007FFDFB8CF080 Relevance: 13.7, APIs: 9, Instructions: 181COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: _aligned_free
                                                                            • String ID:
                                                                            • API String ID: 2229574080-0
                                                                            • Opcode ID: 01f721f6df29f9dd6bf7ef2f97b91fefc10836ccc23b581315bb421e2c98f023
                                                                            • Instruction ID: a7dc1f365f168d144386565afa7d7c3d1b20ee47ff0ff70fd4c3777e7607859c
                                                                            • Opcode Fuzzy Hash: 01f721f6df29f9dd6bf7ef2f97b91fefc10836ccc23b581315bb421e2c98f023
                                                                            • Instruction Fuzzy Hash: 776192A6B2BA4341FB659B51E820A7A5290BFC8B94F044132EEAD477E9DE3CE444C300
                                                                            Function 00007FFDFB8E9D80 Relevance: 13.6, APIs: 2, Strings: 7, Instructions: 146stringCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: strcmp
                                                                            • String ID: %-15s $%lld$I64_MAX$I64_MIN$INT_MAX$INT_MIN$UINT32_MAX
                                                                            • API String ID: 1004003707-1419900426
                                                                            • Opcode ID: 60724dc2eec3de23298e2ae44bcb11fdf03ae2348c3838bc2f08ec1f1516dc3e
                                                                            • Instruction ID: d8df8e9d5a32d02a6ee01f65733cf423737c39017883bfc36ca4c831103e1879
                                                                            • Opcode Fuzzy Hash: 60724dc2eec3de23298e2ae44bcb11fdf03ae2348c3838bc2f08ec1f1516dc3e
                                                                            • Instruction Fuzzy Hash: 68516F61B2A28396EB689F91E530BFA2350AF81B54F544132DA3D576FDCFBDE450C240
                                                                            Function 00007FF63DD92160 Relevance: 13.6, APIs: 9, Instructions: 98COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1903087180.00007FF63DD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF63DD90000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1903060811.00007FF63DD90000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1903107554.00007FF63DD95000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1903135413.00007FF63DD96000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1903225542.00007FF63DD99000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ff63dd90000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: memcpypthread_mutex_lockpthread_mutex_unlock$os_event_resetos_event_signalos_event_wait
                                                                            • String ID:
                                                                            • API String ID: 2918620995-0
                                                                            • Opcode ID: 2ecd02ec26d4cc9ba7addf2ffba6d2c38598a6939d4a4f97ceb40f02c73610ba
                                                                            • Instruction ID: 6c9d35126be2f4313871c049e2b0f157321e693d5d19962a99d98735b12fcdff
                                                                            • Opcode Fuzzy Hash: 2ecd02ec26d4cc9ba7addf2ffba6d2c38598a6939d4a4f97ceb40f02c73610ba
                                                                            • Instruction Fuzzy Hash: 3D419532A08A8581D750DF61E4603AD7764FB85BD8F840232EF8D97B5ADF3DD1A49700
                                                                            Function 00007FFDFB977C30 Relevance: 13.6, APIs: 9, Instructions: 96COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00007FFDFB977B90: EnterCriticalSection.KERNEL32(?,?,?,?,00007FFDFB977EA7,?,?,?,?,?,?,?,?,00007FFDFB901502), ref: 00007FFDFB977BB6
                                                                              • Part of subcall function 00007FFDFB977B90: LeaveCriticalSection.KERNEL32(?,?,00007FFDFB977EA7,?,?,?,?,?,?,?,?,00007FFDFB901502), ref: 00007FFDFB977BDB
                                                                            • TryEnterCriticalSection.KERNEL32 ref: 00007FFDFB977CB0
                                                                            • CloseHandle.KERNEL32(?,?,?,?,?,?,00007FFDFB901817), ref: 00007FFDFB977CF8
                                                                            • CloseHandle.KERNEL32(?,?,?,?,?,?,00007FFDFB901817), ref: 00007FFDFB977D02
                                                                            • LeaveCriticalSection.KERNEL32 ref: 00007FFDFB977D07
                                                                            • DeleteCriticalSection.KERNEL32(?,?,?,?,?,?,00007FFDFB901817), ref: 00007FFDFB977D17
                                                                            • DeleteCriticalSection.KERNEL32(?,?,?,?,?,?,00007FFDFB901817), ref: 00007FFDFB977D1C
                                                                            • DeleteCriticalSection.KERNEL32(?,?,?,?,?,?,00007FFDFB901817), ref: 00007FFDFB977D23
                                                                            • free.MSVCRT ref: 00007FFDFB977D28
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: CriticalSection$Delete$CloseEnterHandleLeave$free
                                                                            • String ID:
                                                                            • API String ID: 3899327206-0
                                                                            • Opcode ID: 2505bcbe3cd4d1a469b291fb81c03ba1909a3890b205137eb9b30536ece67948
                                                                            • Instruction ID: 0829df2c0b4f959def1690ffee447ce2b38f3a81542eab5106cb7024a087154a
                                                                            • Opcode Fuzzy Hash: 2505bcbe3cd4d1a469b291fb81c03ba1909a3890b205137eb9b30536ece67948
                                                                            • Instruction Fuzzy Hash: E5313C21B0A90381EB519722E828FBA2695FF45BA8FA54631DD3D473F9DE3CD542D304
                                                                            Function 00007FF63DD935E4 Relevance: 13.6, APIs: 9, Instructions: 94COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1903087180.00007FF63DD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF63DD90000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1903060811.00007FF63DD90000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1903107554.00007FF63DD95000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1903135413.00007FF63DD96000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1903225542.00007FF63DD99000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ff63dd90000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: __p___argc__p___wargv__scrt_acquire_startup_lock__scrt_initialize_crt__scrt_release_startup_lock_cexit_exit_get_initial_wide_environment_register_thread_local_exe_atexit_callback
                                                                            • String ID:
                                                                            • API String ID: 1184979102-0
                                                                            • Opcode ID: d1267e791b308d50114738cb6d3fcce0682459912f5f90b2ba963487117e6561
                                                                            • Instruction ID: 1dcd74496dbc7f0c1d62dbc85e6734cbcf5737f63d80a1eb2283307be338210f
                                                                            • Opcode Fuzzy Hash: d1267e791b308d50114738cb6d3fcce0682459912f5f90b2ba963487117e6561
                                                                            • Instruction Fuzzy Hash: 44313721E0C64A42EA54BBE5D4713BA3291AF45784F444234EA4EC7BE3FE3FE805A714
                                                                            Function 00007FFDFB9687A0 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 167COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: QueryVirtual
                                                                            • String ID: VirtualProtect failed with code 0x%x$ VirtualQuery failed for %d bytes at address %p$Address %p has no image-section$Mingw-w64 runtime failure:
                                                                            • API String ID: 1804819252-1534286854
                                                                            • Opcode ID: a8cae70abf7ffee8518c3ea9921427e896fff9301f328d805a1cc0052b195cee
                                                                            • Instruction ID: 75a39c212c8dbeb5bf8cfa1b4aeef61bf73512faf2853ccba8a10c3441aea803
                                                                            • Opcode Fuzzy Hash: a8cae70abf7ffee8518c3ea9921427e896fff9301f328d805a1cc0052b195cee
                                                                            • Instruction Fuzzy Hash: AD61B472B16B038AEB109B11E8A4A7977A1FB45790F644236DB7D077E9EE3CE440C700
                                                                            Function 00007FFE13225F0A Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 162COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908589897.00007FFE13221000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE13220000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908574862.00007FFE13220000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908610418.00007FFE13231000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908629237.00007FFE13236000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908644951.00007FFE13237000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffe13220000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: FileHeader$ExceptionFindInstanceRaiseTargetType
                                                                            • String ID: Access violation - no RTTI data!$Attempted a typeid of nullptr pointer!$Bad dynamic_cast!$Bad read pointer - no RTTI data!
                                                                            • API String ID: 1852475696-928371585
                                                                            • Opcode ID: 7f6c35cefbfcfc98e88ebc0aa35afe6c2c6ede9eabcdb344d1914a97fbaad475
                                                                            • Instruction ID: 79be0048a0cad99632c1239617873297ed1659bd1f8022bff56068d0a5adb42d
                                                                            • Opcode Fuzzy Hash: 7f6c35cefbfcfc98e88ebc0aa35afe6c2c6ede9eabcdb344d1914a97fbaad475
                                                                            • Instruction Fuzzy Hash: 12519F63A19E469ADE30EB16E8905B9A360FFE4BB4F508471DA4E27675DF7CE205C300
                                                                            Function 00007FFE1322E148 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 127COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908589897.00007FFE13221000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE13220000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908574862.00007FFE13220000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908610418.00007FFE13231000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908629237.00007FFE13236000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908644951.00007FFE13237000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffe13220000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: Name::operator+$Name::operator+=
                                                                            • String ID: {for
                                                                            • API String ID: 179159573-864106941
                                                                            • Opcode ID: edc966f78679f2c80b6a90da374f91d2d358e76260b44eb27b7c84d8a506cb89
                                                                            • Instruction ID: 88b362a47c00dadf638fa09ac545fecfca143af9f7449f4c10373f1fde88d22f
                                                                            • Opcode Fuzzy Hash: edc966f78679f2c80b6a90da374f91d2d358e76260b44eb27b7c84d8a506cb89
                                                                            • Instruction Fuzzy Hash: DA516272A08E859DE721AF26E8413EC73A0FBA5768F4081B1EA4D27BA5DF7CD550C340
                                                                            Function 00007FFDFB8DD650 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 101COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: FreeLibraryfree
                                                                            • String ID: -> %s: %s$%s failed$Calling %s$cu->cuCtxDestroy(hwctx->cuda_ctx)$cu->cuDevicePrimaryCtxRelease(hwctx->internal->cuda_device)
                                                                            • API String ID: 155010425-3275200884
                                                                            • Opcode ID: 5bf74a7dc137a0c155993daea2b6d87e70908d77a28ad94112a4fe68d911b2e3
                                                                            • Instruction ID: 37c5e486c7d8bf8397f1308fd0d766487707dd580d2b5c5a5f57d3acdd6c18c7
                                                                            • Opcode Fuzzy Hash: 5bf74a7dc137a0c155993daea2b6d87e70908d77a28ad94112a4fe68d911b2e3
                                                                            • Instruction Fuzzy Hash: 25413C25B1AA4791EB589F61E420FBA6350FB84B84F845532DE6E176B8CF3CE455C340
                                                                            Function 00007FFE13246770 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 90COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908676257.00007FFE13241000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE13240000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908661283.00007FFE13240000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908699278.00007FFE13259000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908719036.00007FFE13262000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908735260.00007FFE13263000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908750918.00007FFE13266000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908767541.00007FFE13267000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffe13240000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: av_freep$abortav_logmemcpy
                                                                            • String ID: Assertion %s failed at %s:%d$a->planar$src/libswresample/resample.c
                                                                            • API String ID: 932020481-1037444191
                                                                            • Opcode ID: 2fed7eb9d3f7d8d6d6ab3b2d75b72cd75ee98cc0c08d437b01389e601e0e5f9a
                                                                            • Instruction ID: d309820e60d35d967df2e0b03c3ae020c243a35f207b0e90864b8179de43bf43
                                                                            • Opcode Fuzzy Hash: 2fed7eb9d3f7d8d6d6ab3b2d75b72cd75ee98cc0c08d437b01389e601e0e5f9a
                                                                            • Instruction Fuzzy Hash: 8F31F273F05A82CEEB24EB6698401FD7361EBE4368F498271DE095B665EE38E641C740
                                                                            Function 00007FFDFB8EC1D0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 89stringCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: strspn$memcpystrchr
                                                                            • String ID: $ambisonic
                                                                            • API String ID: 2918080867-3257024572
                                                                            • Opcode ID: 0f5482def2ad202852d1b32bcf54bb77238b5e8d6a621b367dc68f81b01bffa8
                                                                            • Instruction ID: 3bf84bfd115d33780142b410d04d62a9ec7348cf7b65b8435902e1aab24fc578
                                                                            • Opcode Fuzzy Hash: 0f5482def2ad202852d1b32bcf54bb77238b5e8d6a621b367dc68f81b01bffa8
                                                                            • Instruction Fuzzy Hash: FC313822F1A64394EB259FA9E9609BA2791AF897D4F488032DD3C577FDDE3CE441C600
                                                                            Function 00007FFDFB969860 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 89stringCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: _errno$_sopenrandstrlen
                                                                            • String ID: XXXX$abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789
                                                                            • API String ID: 1081397658-1416102993
                                                                            • Opcode ID: 7ac93ad39a8cb676dc86535b40274021b571b1fd82cfda16182900e2eb2af889
                                                                            • Instruction ID: 8555ee9b8f24e0840a69cc88039a13f8d437dbbfbab543ba8b7e9dc98ca71fa5
                                                                            • Opcode Fuzzy Hash: 7ac93ad39a8cb676dc86535b40274021b571b1fd82cfda16182900e2eb2af889
                                                                            • Instruction Fuzzy Hash: BD315822F0A5535AEB219B28DD2097C1BD2AB497A4F498231CE2C477E9EE2DE8018310
                                                                            Function 00007FFE132268AC Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 88libraryloaderCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LoadLibraryExW.KERNEL32(?,?,?,00007FFE13226A6B,?,?,00000000,00007FFE1322689C,?,?,?,?,00007FFE132265E5), ref: 00007FFE13226931
                                                                            • GetLastError.KERNEL32(?,?,?,00007FFE13226A6B,?,?,00000000,00007FFE1322689C,?,?,?,?,00007FFE132265E5), ref: 00007FFE1322693F
                                                                            • wcsncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FFE13226A6B,?,?,00000000,00007FFE1322689C,?,?,?,?,00007FFE132265E5), ref: 00007FFE13226958
                                                                            • LoadLibraryExW.KERNEL32(?,?,?,00007FFE13226A6B,?,?,00000000,00007FFE1322689C,?,?,?,?,00007FFE132265E5), ref: 00007FFE1322696A
                                                                            • FreeLibrary.KERNEL32(?,?,?,00007FFE13226A6B,?,?,00000000,00007FFE1322689C,?,?,?,?,00007FFE132265E5), ref: 00007FFE132269B0
                                                                            • GetProcAddress.KERNEL32(?,?,?,00007FFE13226A6B,?,?,00000000,00007FFE1322689C,?,?,?,?,00007FFE132265E5), ref: 00007FFE132269BC
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908589897.00007FFE13221000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE13220000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908574862.00007FFE13220000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908610418.00007FFE13231000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908629237.00007FFE13236000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908644951.00007FFE13237000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffe13220000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: Library$Load$AddressErrorFreeLastProcwcsncmp
                                                                            • String ID: api-ms-
                                                                            • API String ID: 916704608-2084034818
                                                                            • Opcode ID: 45bb9c456b18d615664943834e4003b355ea3ec7f5874fc1f64106649d67ca5c
                                                                            • Instruction ID: 0b876ea1d8d92596f1b7d9ffb28d53e0f3275c795f3295d28c24ada521c386b0
                                                                            • Opcode Fuzzy Hash: 45bb9c456b18d615664943834e4003b355ea3ec7f5874fc1f64106649d67ca5c
                                                                            • Instruction Fuzzy Hash: C031A722A1AE4199EE31FB03AC005B5A2A4BF98BB0F554575DD1D173A4DF7CF144C740
                                                                            Function 00007FFDFB8D0D30 Relevance: 12.2, APIs: 8, Instructions: 150COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: _aligned_free$memcpy
                                                                            • String ID:
                                                                            • API String ID: 2399556850-0
                                                                            • Opcode ID: 3c9d650dbb13996a3ec22da08a15398705cb45436fe499cb8ebfbe706efbcf1e
                                                                            • Instruction ID: 065a4a91d2b601524991365220af2d6255d852ba083e7f7e973b74067ef9003b
                                                                            • Opcode Fuzzy Hash: 3c9d650dbb13996a3ec22da08a15398705cb45436fe499cb8ebfbe706efbcf1e
                                                                            • Instruction Fuzzy Hash: 4151C526B2A64685DB509B16E464B7D67A0FBCCBC4F144136EE5E07BE9DF3CE4408300
                                                                            Function 00007FFE132225E8 Relevance: 12.1, APIs: 8, Instructions: 148COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908589897.00007FFE13221000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE13220000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908574862.00007FFE13220000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908610418.00007FFE13231000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908629237.00007FFE13236000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908644951.00007FFE13237000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffe13220000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: abort$AdjustPointer
                                                                            • String ID:
                                                                            • API String ID: 1501936508-0
                                                                            • Opcode ID: d386002f74db6febb42ef9b4bac4e43e25a554ab645870d9c47f674d5a84533b
                                                                            • Instruction ID: 0f7dc3df2981447e49cfb0a794804961de4a359e2218ab7008fc58386e0efb95
                                                                            • Opcode Fuzzy Hash: d386002f74db6febb42ef9b4bac4e43e25a554ab645870d9c47f674d5a84533b
                                                                            • Instruction Fuzzy Hash: 9A518022A0DF4289EAB5BF13E94463863A4AFF6FA4F1544B5DA4D267B4DE3DE441C300
                                                                            Function 00007FFE132227CC Relevance: 12.1, APIs: 8, Instructions: 148COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908589897.00007FFE13221000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE13220000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908574862.00007FFE13220000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908610418.00007FFE13231000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908629237.00007FFE13236000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908644951.00007FFE13237000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffe13220000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: abort$AdjustPointer
                                                                            • String ID:
                                                                            • API String ID: 1501936508-0
                                                                            • Opcode ID: ad7bbbe6b4c289a22ae1e43e79ef4439cf3ee9b14764b2eff01f06dd25f3f236
                                                                            • Instruction ID: 507d42a814ea528db20b703f7b3cdc83de16d3b4130b67d33965caa513ba9122
                                                                            • Opcode Fuzzy Hash: ad7bbbe6b4c289a22ae1e43e79ef4439cf3ee9b14764b2eff01f06dd25f3f236
                                                                            • Instruction Fuzzy Hash: A551B321E09F4389EAB5BB03B8446786394AFE6FA0F5944B5DE4D263A4CF2DE441C312
                                                                            Function 00007FFDFB97BC90 Relevance: 12.1, APIs: 8, Instructions: 89timethreadCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: CurrentPerformanceProcessQueryThreadTimeTimes$CounterFileFrequencySystem_errno
                                                                            • String ID:
                                                                            • API String ID: 3786581644-0
                                                                            • Opcode ID: d139243207ebbece3588048b73cc12c1a18ec046571d34b62e2ee2edf8e95ea4
                                                                            • Instruction ID: b96e2c36c9507896e5274e0d1ebb5d9db0207e011e01b6a27c5659e102c80eef
                                                                            • Opcode Fuzzy Hash: d139243207ebbece3588048b73cc12c1a18ec046571d34b62e2ee2edf8e95ea4
                                                                            • Instruction Fuzzy Hash: 4C3192F6B19A4782DF548F25E434A7A73A5FB84B84B109036D69E47BA8DE3CD404CB10
                                                                            Function 00007FFDFB8F1C90 Relevance: 12.1, APIs: 2, Strings: 6, Instructions: 85stringCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: strcmp
                                                                            • String ID: %s%s$bgr32$bgra$rgb32$rgba$yuv420p
                                                                            • API String ID: 1004003707-3566121812
                                                                            • Opcode ID: 98d685d57b4154a566717737cbd7b33df6296256410a4f9ae653ec1de5376476
                                                                            • Instruction ID: 9706c6b48a2e0438451a04d64538443d52da31bba4f430023fb602e565f7597a
                                                                            • Opcode Fuzzy Hash: 98d685d57b4154a566717737cbd7b33df6296256410a4f9ae653ec1de5376476
                                                                            • Instruction Fuzzy Hash: 20319551F1E58354FFA5AB129920AB52B616F81B88F580135CD2E072FCEF6CE901C310
                                                                            Function 00007FFDFB8C6810 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 226COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: Assertion %s failed at %s:%d$src/libavutil/avstring.c$tail_len <= 5
                                                                            • API String ID: 0-789252298
                                                                            • Opcode ID: 329d394584cb3486badaf9e4265f6a7098fb55d9a784c86af4291aec6c9427e0
                                                                            • Instruction ID: 524e546d8e222f175a8470434f3ba0c5dc374aaeccf5b5d29b534679385f58c0
                                                                            • Opcode Fuzzy Hash: 329d394584cb3486badaf9e4265f6a7098fb55d9a784c86af4291aec6c9427e0
                                                                            • Instruction Fuzzy Hash: 397102E3F2EA4302EB634B246D20B796591BF857A4F588233DE3D077E9ED6DA445C200
                                                                            Function 00007FFDFB8DAF20 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 189COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: Assertion %s failed at %s:%d$Failed to map frame into derived frame context: %d.$Invalid mapping found when attempting unmap.$orig_dst_frames == ((void *)0) || orig_dst_frames == dst->hw_frames_ctx$src/libavutil/hwcontext.c
                                                                            • API String ID: 0-1886799933
                                                                            • Opcode ID: 7de98eef6f36daff8acd38367cc58669d168e51f435deb3ddf0eda039419a1c9
                                                                            • Instruction ID: 1e04f711f4bb02b0560dc85894a18e3fc5c6b4882115605f74c1bedad9a04162
                                                                            • Opcode Fuzzy Hash: 7de98eef6f36daff8acd38367cc58669d168e51f435deb3ddf0eda039419a1c9
                                                                            • Instruction Fuzzy Hash: 28719576B1AA4781EB508B16D460E6A27A0FB88BD4F548637DE2D477F8DF38E841C740
                                                                            Function 00007FFDFB8E5366 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 148stringCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: strcmpstrcpystrlen
                                                                            • String ID: Last message repeated %d times$%s%s%s%s$?$[%s] $debug
                                                                            • API String ID: 895318938-486550452
                                                                            • Opcode ID: 1bc9e0b77ceed3842ae2b5e7fb56ecccc4e0069f3b8ae22bfc2df3ac513e0b58
                                                                            • Instruction ID: 7e5463a99bf2cf5f4f531f3957eb27e6945cf689abd13521f19597b8a85deb32
                                                                            • Opcode Fuzzy Hash: 1bc9e0b77ceed3842ae2b5e7fb56ecccc4e0069f3b8ae22bfc2df3ac513e0b58
                                                                            • Instruction Fuzzy Hash: F5618161B1E68745EB689B91A430BFE6791BFC2744F844036EAAD172EEDE3DE404C740
                                                                            Function 00007FFDFB8E535D Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 148stringCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: strcmpstrcpystrlen
                                                                            • String ID: Last message repeated %d times$%s%s%s%s$?$[%s] $trace
                                                                            • API String ID: 895318938-1090435506
                                                                            • Opcode ID: 388eb94d59a67a7935202ee3fbd654646914f8ea13633ebb36aa983399d9d6e5
                                                                            • Instruction ID: b2a5f8e87d7cfa7273305da0f7f0921973dad85d23ec4ab6ba06dae56bb64ada
                                                                            • Opcode Fuzzy Hash: 388eb94d59a67a7935202ee3fbd654646914f8ea13633ebb36aa983399d9d6e5
                                                                            • Instruction Fuzzy Hash: 28617161B1E68745EB689B91A430BFE6791BFC2744F844036EAAD172EEDE3DE404C740
                                                                            Function 00007FFDFB8E5339 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 148stringCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: strcmpstrcpystrlen
                                                                            • String ID: Last message repeated %d times$%s%s%s%s$?$[%s] $fatal
                                                                            • API String ID: 895318938-1232420508
                                                                            • Opcode ID: 5564261fac44c2804085dbb4aa80a2cc84f05d2c4e199730b9fad23d48acbc1c
                                                                            • Instruction ID: abd0266dc8372909b934658411be7359f6d3603a9f2a8191dd16cae36a1f3159
                                                                            • Opcode Fuzzy Hash: 5564261fac44c2804085dbb4aa80a2cc84f05d2c4e199730b9fad23d48acbc1c
                                                                            • Instruction Fuzzy Hash: 31618161B1E68745EB689B91A430BFE6791BFC2744F844036EAAD172EEDE3DE404C740
                                                                            Function 00007FFDFB8E5330 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 148stringCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: strcmpstrcpystrlen
                                                                            • String ID: Last message repeated %d times$%s%s%s%s$?$[%s] $error
                                                                            • API String ID: 895318938-746115170
                                                                            • Opcode ID: 290f8d961d26d619dfad9ec8fbf528cba7d9e151612daada1adc1da91ff29958
                                                                            • Instruction ID: cbab6cad197e1ea616dda5965330eb411299dee54656904c61d91c858adfd4fb
                                                                            • Opcode Fuzzy Hash: 290f8d961d26d619dfad9ec8fbf528cba7d9e151612daada1adc1da91ff29958
                                                                            • Instruction Fuzzy Hash: 7D618161B1E68745EB689B91A430BFE6791BFC2744F844036EAAD172EEDE3DE404C740
                                                                            Function 00007FFDFB8E5327 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 148stringCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: strcmpstrcpystrlen
                                                                            • String ID: Last message repeated %d times$%s%s%s%s$?$[%s] $panic
                                                                            • API String ID: 895318938-4009946497
                                                                            • Opcode ID: 76949ceaf3e161934144b751887d61ea7784a81ae46f4df191c02a4c19fb6b98
                                                                            • Instruction ID: 32246d6f6d43e80a261301f06fc653013e70e722398bc7607af809a6b7e77835
                                                                            • Opcode Fuzzy Hash: 76949ceaf3e161934144b751887d61ea7784a81ae46f4df191c02a4c19fb6b98
                                                                            • Instruction Fuzzy Hash: F6618161B1E68745EB689B91A430BFE6791BFC2744F844036EAAD172EEDE3DE404C740
                                                                            Function 00007FFDFB8E5354 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 148stringCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: strcmpstrcpystrlen
                                                                            • String ID: Last message repeated %d times$%s%s%s%s$?$[%s] $warning
                                                                            • API String ID: 895318938-1705345410
                                                                            • Opcode ID: 08d12eebc39462adb75762280ad986e564744e38b177ed1b8a4005c961454d7e
                                                                            • Instruction ID: 43b46f5a44385d0a4bbeda447f6a93e47364905cb6a1aae0809fd44f030648ce
                                                                            • Opcode Fuzzy Hash: 08d12eebc39462adb75762280ad986e564744e38b177ed1b8a4005c961454d7e
                                                                            • Instruction Fuzzy Hash: 95618161B1E68745EB689B91A430BFE6791BFC2744F844036EAAD172EEDE3DE404C740
                                                                            Function 00007FFDFB8E534B Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 148stringCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: strcmpstrcpystrlen
                                                                            • String ID: Last message repeated %d times$%s%s%s%s$?$[%s] $info
                                                                            • API String ID: 895318938-3747654419
                                                                            • Opcode ID: 94470c2433cdf86f563b52056e8aa694089832e0010874791d716f3e200e382d
                                                                            • Instruction ID: c6470864301b3de7ed2b61c0db30539d419efec3f6f201e08c1716e61b7681ef
                                                                            • Opcode Fuzzy Hash: 94470c2433cdf86f563b52056e8aa694089832e0010874791d716f3e200e382d
                                                                            • Instruction Fuzzy Hash: 82618161B1E68745EB689B91A430BFE6791BFC2744F844036EAAD172EEDE3DE404C740
                                                                            Function 00007FFDFB8E5342 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 148stringCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: strcmpstrcpystrlen
                                                                            • String ID: Last message repeated %d times$%s%s%s%s$?$[%s] $verbose
                                                                            • API String ID: 895318938-125437466
                                                                            • Opcode ID: a2fd106a1c9acae8677d10434890b9ef8f33735a9d1e14c72d708d45250e3eb7
                                                                            • Instruction ID: a9dd3c5b71815268d45f990f785eea151b45a7b42add12a36253db6509128961
                                                                            • Opcode Fuzzy Hash: a2fd106a1c9acae8677d10434890b9ef8f33735a9d1e14c72d708d45250e3eb7
                                                                            • Instruction Fuzzy Hash: 22618161B1E68745EB689B91A430BFE6791BFC2744F844036EAAD172EEDE3DE404C740
                                                                            Function 00007FFE13225520 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 132COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908589897.00007FFE13221000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE13220000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908574862.00007FFE13220000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908610418.00007FFE13231000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908629237.00007FFE13236000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908644951.00007FFE13237000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffe13220000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: FileHeader_local_unwind
                                                                            • String ID: MOC$RCC$csm$csm
                                                                            • API String ID: 2627209546-1441736206
                                                                            • Opcode ID: 385ada566cdd30ad99b7ac5e1d5c8025a7264eea7c22efa234297d7bd0e399d8
                                                                            • Instruction ID: 1b6b26d70ced6109f55435e437b48a6943e5a046a0315d6f5da74e1e0a6b3225
                                                                            • Opcode Fuzzy Hash: 385ada566cdd30ad99b7ac5e1d5c8025a7264eea7c22efa234297d7bd0e399d8
                                                                            • Instruction Fuzzy Hash: 2C517372A09E518EE670BF27A841379B6A0FFE4B64F644071EA4E66365DF3CE441C601
                                                                            Function 00007FFE1322D740 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 89COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908589897.00007FFE13221000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE13220000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908574862.00007FFE13220000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908610418.00007FFE13231000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908629237.00007FFE13236000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908644951.00007FFE13237000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffe13220000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: NameName::atol
                                                                            • String ID: `template-parameter$void
                                                                            • API String ID: 2130343216-4057429177
                                                                            • Opcode ID: 2821a58495c29764098872c6b010649cccddcb6c42941e500fb92a9452cac6b1
                                                                            • Instruction ID: ebc32358b45517d600b1e97263b38a48c8c29044b2af60ebe9dfe90e9c6c0c7e
                                                                            • Opcode Fuzzy Hash: 2821a58495c29764098872c6b010649cccddcb6c42941e500fb92a9452cac6b1
                                                                            • Instruction Fuzzy Hash: 35414B22F08F558CFB20ABA6EC512FC6371BBA8BA4F541175DE0D26A65DF7CA505C340
                                                                            Function 00007FFE13228624 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 85COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908589897.00007FFE13221000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE13220000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908574862.00007FFE13220000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908610418.00007FFE13231000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908629237.00007FFE13236000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908644951.00007FFE13237000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffe13220000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: Name::operator+
                                                                            • String ID: ,...$,<ellipsis>$...$<ellipsis>$void
                                                                            • API String ID: 2943138195-2211150622
                                                                            • Opcode ID: 16d5b7056506ac1aa3be62c87a897449e0af35361c1a5b370ad614f7e7c3f2e7
                                                                            • Instruction ID: 2d7d44482f11391d76cef7b1bc8a0d176e6698f3a7d8553bc155cf545ec38924
                                                                            • Opcode Fuzzy Hash: 16d5b7056506ac1aa3be62c87a897449e0af35361c1a5b370ad614f7e7c3f2e7
                                                                            • Instruction Fuzzy Hash: 95414A72E08F5A8CFB219B26EC801BC7BA4BBA8728F444171EA4D22364DF7CE544C740
                                                                            Function 00007FFE1322A31C Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 83COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908589897.00007FFE13221000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE13220000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908574862.00007FFE13220000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908610418.00007FFE13231000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908629237.00007FFE13236000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908644951.00007FFE13237000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffe13220000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: Name::operator+
                                                                            • String ID: char $int $long $short $unsigned
                                                                            • API String ID: 2943138195-3894466517
                                                                            • Opcode ID: 1a667bf595c3f0eddcec5e75b1b20bf055c895b242c78c01af1086ecda962d52
                                                                            • Instruction ID: 607b3d4f79608c8733bc749e2e7be4dc63ee9330027afced9052e6f01b6276d7
                                                                            • Opcode Fuzzy Hash: 1a667bf595c3f0eddcec5e75b1b20bf055c895b242c78c01af1086ecda962d52
                                                                            • Instruction Fuzzy Hash: 53415B32A18E568DFB21AF6AE8845BC37A1BBA9764F448175DE0C26B68DF3CD544C700
                                                                            Function 00007FFDFB8CAD20 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 80stringCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: strcmp
                                                                            • String ID: AMBI$R$S$U
                                                                            • API String ID: 1004003707-1923686996
                                                                            • Opcode ID: 2c03c1ff48f72caf1a01bafe690d171ef4b5263fdc57e4468dab7bf39da5722a
                                                                            • Instruction ID: 5bc7cab341e6fe0bd1e6b8a78b1950acb11c08440f6db8fed2fc7f117ccd3ab0
                                                                            • Opcode Fuzzy Hash: 2c03c1ff48f72caf1a01bafe690d171ef4b5263fdc57e4468dab7bf39da5722a
                                                                            • Instruction Fuzzy Hash: F2219493B2A54355FB218B28B820AB51750AB813AAF889472DF2D065FDEE7CD584C304
                                                                            Function 00007FFDFB8E1880 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 77COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: memcpy
                                                                            • String ID: ((dst_linesize) >= 0 ? (dst_linesize) : (-(dst_linesize))) >= bytewidth$((src_linesize) >= 0 ? (src_linesize) : (-(src_linesize))) >= bytewidth$Assertion %s failed at %s:%d$src/libavutil/imgutils.c
                                                                            • API String ID: 3510742995-1436408019
                                                                            • Opcode ID: 29eedba0b8a561808ce1373c0d83b9e424659025d8d80de6197fb189af70282f
                                                                            • Instruction ID: fb42e805f1a335d222382592d0e1ef821c126576015cd3fbdaab812dcc875e87
                                                                            • Opcode Fuzzy Hash: 29eedba0b8a561808ce1373c0d83b9e424659025d8d80de6197fb189af70282f
                                                                            • Instruction Fuzzy Hash: D52145A3F0BA5B45FB65AB51BC109EA6645BB887D8F884132DD6C063FDEE3CE141C200
                                                                            Function 00007FFDFB8ED160 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 65COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: Unable to parse option value "%s" as boolean$auto$false,n,no,disable,disabled,off$true,y,yes,enable,enabled,on
                                                                            • API String ID: 0-3796170252
                                                                            • Opcode ID: 80dcf72f5eaf96136f939c22b2c5b1b32456b8058e2967939369524f2b68426d
                                                                            • Instruction ID: 7c734030c9e210b5a71a5303dd722196ce0ca76416ec4c0929f906add325c5de
                                                                            • Opcode Fuzzy Hash: 80dcf72f5eaf96136f939c22b2c5b1b32456b8058e2967939369524f2b68426d
                                                                            • Instruction Fuzzy Hash: 10217156F1AA0355FB469B60A830B765241BFC17D8F504671D83E272F9EF3CE48A9304
                                                                            Function 00007FFDFB8D6860 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 64stringCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: _errnostrlen
                                                                            • String ID: ./%sXXXXXX$/tmp/%sXXXXXX$ff_tempfile: Cannot allocate file name$ff_tempfile: Cannot open temporary file %s
                                                                            • API String ID: 860928405-2152079688
                                                                            • Opcode ID: 0f688c71126fc59946a20c54ec96a80db71b419569075c9b5168e78452e7bea4
                                                                            • Instruction ID: 2dbc230ba24428a1b0908e028ce49b711c4d190852c17a53694ef321e063783e
                                                                            • Opcode Fuzzy Hash: 0f688c71126fc59946a20c54ec96a80db71b419569075c9b5168e78452e7bea4
                                                                            • Instruction Fuzzy Hash: 80214F66B2AA4781EB40DB51E8648AA2364EF88794F844533E96D477F9EE3CE404C700
                                                                            Function 00007FFDFB8E1990 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 61COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: abortmemcpy
                                                                            • String ID: ((dst_linesize) >= 0 ? (dst_linesize) : (-(dst_linesize))) >= bytewidth$((src_linesize) >= 0 ? (src_linesize) : (-(src_linesize))) >= bytewidth$Assertion %s failed at %s:%d$src/libavutil/imgutils.c
                                                                            • API String ID: 985927305-1436408019
                                                                            • Opcode ID: 57f52b22eac4459bf228b66986decd4f74425c1849e3cd511780a932ceefaf11
                                                                            • Instruction ID: 1c2508fc76d4f357ba078700edfe1a0f70ed29e8cc322287de2ed71aaa4d13f0
                                                                            • Opcode Fuzzy Hash: 57f52b22eac4459bf228b66986decd4f74425c1849e3cd511780a932ceefaf11
                                                                            • Instruction Fuzzy Hash: 9E110A62F2B55341EB75EB94A911DF96A90AF89384F880534DE2C06BF9DE3CE540C700
                                                                            Function 00007FF63DD92370 Relevance: 10.6, APIs: 7, Instructions: 55COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • avcodec_free_context.AVCODEC-60 ref: 00007FF63DD92388
                                                                            • avformat_free_context.AVFORMAT-60 ref: 00007FF63DD923CC
                                                                              • Part of subcall function 00007FF63DD92030: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF63DD923A2), ref: 00007FF63DD9204A
                                                                              • Part of subcall function 00007FF63DD92030: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF63DD923A2), ref: 00007FF63DD92065
                                                                              • Part of subcall function 00007FF63DD92030: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF63DD923A2), ref: 00007FF63DD92080
                                                                              • Part of subcall function 00007FF63DD92030: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF63DD923A2), ref: 00007FF63DD9209B
                                                                              • Part of subcall function 00007FF63DD92030: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF63DD923A2), ref: 00007FF63DD920B6
                                                                            • av_free.AVUTIL-58 ref: 00007FF63DD923B1
                                                                            • avio_context_free.AVFORMAT-60 ref: 00007FF63DD923BD
                                                                            • avio_close.AVFORMAT-60 ref: 00007FF63DD923C4
                                                                            • avcodec_free_context.AVCODEC-60 ref: 00007FF63DD92402
                                                                            • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF63DD92415
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1903087180.00007FF63DD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF63DD90000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1903060811.00007FF63DD90000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1903107554.00007FF63DD95000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1903135413.00007FF63DD96000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1903225542.00007FF63DD99000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ff63dd90000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: strncmp$avcodec_free_context$av_freeavformat_free_contextavio_closeavio_context_freefree
                                                                            • String ID:
                                                                            • API String ID: 1086289117-0
                                                                            • Opcode ID: 5750c0e3cd2fb8260dfd87b4c22098c1e8e3cbc363b4994d39577057d30215b3
                                                                            • Instruction ID: c9f29db0e20e9205b74e189a163e94f986a010c8387e4b6b76a197d98332beee
                                                                            • Opcode Fuzzy Hash: 5750c0e3cd2fb8260dfd87b4c22098c1e8e3cbc363b4994d39577057d30215b3
                                                                            • Instruction Fuzzy Hash: A7219F22A0565982EB50EFA5E06137C77A0FF84F88F455636EA4D8738ADF3AD4569300
                                                                            Function 00007FFDFB97A660 Relevance: 10.6, APIs: 7, Instructions: 52COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: CloseHandleValue$_endthreadexlongjmp
                                                                            • String ID:
                                                                            • API String ID: 3990644698-0
                                                                            • Opcode ID: 73060f70dbe4c489cd31e19d1776919e8e936670c78b2bffbe7749b2f46d11de
                                                                            • Instruction ID: 4244422c472406c6a8561bb164fa89c68a7f3133310c4073a82b064ed31e4bcc
                                                                            • Opcode Fuzzy Hash: 73060f70dbe4c489cd31e19d1776919e8e936670c78b2bffbe7749b2f46d11de
                                                                            • Instruction Fuzzy Hash: BB213965A0B68386EB949B11E464B7A36A4FF84B04F168075CE2A073E8EF7CA844C700
                                                                            Function 00007FFDFB8CD810 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 40COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: abort
                                                                            • String ID: Assertion %s failed at %s:%d$av_crc_init(av_crc_table[AV_CRC_16_ANSI_LE], 1, 16, 0xA001, sizeof(av_crc_table[AV_CRC_16_ANSI_LE])) >= 0$av_crc_init(av_crc_table[AV_CRC_32_IEEE_LE], 1, 32, 0xEDB88320, sizeof(av_crc_table[AV_CRC_32_IEEE_LE])) >= 0$src/libavutil/crc.c
                                                                            • API String ID: 4206212132-3869419772
                                                                            • Opcode ID: 96f5f185df5af9d250496bea1b812434c02eec593cc3f23363683570a2ddd386
                                                                            • Instruction ID: 8572e59ca5daf5e9f1af5685ea8cc8ee385aaf88d91dbe963f5b268966b04988
                                                                            • Opcode Fuzzy Hash: 96f5f185df5af9d250496bea1b812434c02eec593cc3f23363683570a2ddd386
                                                                            • Instruction Fuzzy Hash: 39118EA5F1AA0791E704AB60E821AFE2764EF85304FD48136D92D4A6F9DF3DE206C714
                                                                            Function 00007FFDFB8E8E40 Relevance: 9.1, APIs: 1, Strings: 5, Instructions: 136stringCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: strlen
                                                                            • String ID: %d.%06d$%d:%02d.%06d$%lld:%02d:%02d.%06d$INT64_MAX$INT64_MIN
                                                                            • API String ID: 39653677-2240581584
                                                                            • Opcode ID: cf4f16006c1c0a862bb4f663b07b40e742fc65853bf7fc4d11485ba963f2ff38
                                                                            • Instruction ID: 8fd66b8ed76a1ab5c9f6b833c3ca8f0396a6abf8e5f40319c0b09695dcd0e13a
                                                                            • Opcode Fuzzy Hash: cf4f16006c1c0a862bb4f663b07b40e742fc65853bf7fc4d11485ba963f2ff38
                                                                            • Instruction Fuzzy Hash: B5410AD1B2A78B45EF7CCBA668256BD55825BC4BC4F848132DE3D5B7EDDE7CA1048200
                                                                            Function 00007FFE1A461920 Relevance: 9.1, APIs: 6, Instructions: 124COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908801755.00007FFE1A461000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908785930.00007FFE1A460000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908817635.00007FFE1A468000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908834726.00007FFE1A46C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffe1a460000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: _errno$free
                                                                            • String ID:
                                                                            • API String ID: 4247730083-0
                                                                            • Opcode ID: 34b5fe769a158e21acccb4ad1b5a9f683f14a6e55ea9ebd6d8c1efb0b3076924
                                                                            • Instruction ID: d0800cd5503ed5b859e2486a54c7cee4c197c04dcee3bd940e92c76813151db5
                                                                            • Opcode Fuzzy Hash: 34b5fe769a158e21acccb4ad1b5a9f683f14a6e55ea9ebd6d8c1efb0b3076924
                                                                            • Instruction Fuzzy Hash: 6551E722B08F0692EA509B26E54017923B4BB58F74F4446F3DA7D836F6EF68E875C740
                                                                            Function 00007FFE132262D0 Relevance: 9.1, APIs: 6, Instructions: 84stringCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908589897.00007FFE13221000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE13220000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908574862.00007FFE13220000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908610418.00007FFE13231000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908629237.00007FFE13236000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908644951.00007FFE13237000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffe13220000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: free$EntryInterlockedListNamePush__unmallocstrcpy_s
                                                                            • String ID:
                                                                            • API String ID: 3741236498-0
                                                                            • Opcode ID: 6447550c70440ae48e9dc09acfbe7fa3055870e3a5d625089a78ddc05dba8847
                                                                            • Instruction ID: dc61d5a3f16442990878f19d228a861c8ee6e12d27aeb61a0b381da36f9f063c
                                                                            • Opcode Fuzzy Hash: 6447550c70440ae48e9dc09acfbe7fa3055870e3a5d625089a78ddc05dba8847
                                                                            • Instruction Fuzzy Hash: 1431C622B19F9144EB21AB27B8045A963A0FFA8FF4B554675DD1D133A0DE7DE441C340
                                                                            Function 00007FFE1A463AB0 Relevance: 9.1, APIs: 6, Instructions: 66threadCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908801755.00007FFE1A461000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908785930.00007FFE1A460000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908817635.00007FFE1A468000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908834726.00007FFE1A46C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffe1a460000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: Current$ProcessThread$DuplicateHandle
                                                                            • String ID:
                                                                            • API String ID: 4285418203-0
                                                                            • Opcode ID: 122369a1c330d7f29e53f35644df85b62e1c336a8a69c3fc79a39b0e983c8277
                                                                            • Instruction ID: b1f44bf403e018a73b23fbe0a72eb95362315d1b7a4047c837f631284141bfc0
                                                                            • Opcode Fuzzy Hash: 122369a1c330d7f29e53f35644df85b62e1c336a8a69c3fc79a39b0e983c8277
                                                                            • Instruction Fuzzy Hash: 23316271A0CFC186E7219F22A8012BAB7B0FB45FA4F0555B6DA9D07665DF3CE1A58700
                                                                            Function 00007FFE1A465C10 Relevance: 9.0, APIs: 6, Instructions: 44COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908801755.00007FFE1A461000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908785930.00007FFE1A460000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908817635.00007FFE1A468000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908834726.00007FFE1A46C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffe1a460000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: Process_errno$CloseCurrentErrorHandleLastOpen
                                                                            • String ID:
                                                                            • API String ID: 3861255796-0
                                                                            • Opcode ID: e8f9237df677979dc71b34d724e04c16cd4c67e5f51f945e8c435fea502eb581
                                                                            • Instruction ID: e627532b1f5ce1a1aa5263a605d84bf8f0c62fd28a8bcd722247fa608687a6f9
                                                                            • Opcode Fuzzy Hash: e8f9237df677979dc71b34d724e04c16cd4c67e5f51f945e8c435fea502eb581
                                                                            • Instruction Fuzzy Hash: 2B015261B08E0282FB554F6AB48423962B1EF89F70F4545B9DA3E477A5DF3CD8A04740
                                                                            Function 00007FFDFB8C8250 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 196stringCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: strftimestrlen
                                                                            • String ID: [truncated strftime output]
                                                                            • API String ID: 1668665056-4273287863
                                                                            • Opcode ID: 48fee134cde3df212bc8b5240acc974637bc91c92b5dcb55f0befaaa1fd8cc70
                                                                            • Instruction ID: 7836559ade3b776687347c0c45532b781f126a0bbcee1e26af87f8d34f6f95ef
                                                                            • Opcode Fuzzy Hash: 48fee134cde3df212bc8b5240acc974637bc91c92b5dcb55f0befaaa1fd8cc70
                                                                            • Instruction Fuzzy Hash: 5471D7F2B6665346DB15CF29D8A893D2391ABC8794F558236DE39833E8DE3CE845C304
                                                                            Function 00007FFE132238A8 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 189COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908589897.00007FFE13221000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE13220000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908574862.00007FFE13220000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908610418.00007FFE13231000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908629237.00007FFE13236000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908644951.00007FFE13237000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffe13220000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: abort$CallEncodePointerTranslator
                                                                            • String ID: MOC$RCC
                                                                            • API String ID: 2889003569-2084237596
                                                                            • Opcode ID: 63425386b35f735f5eb303e83bfbe55818570f32e5447e3767ff35a3eaf3afb3
                                                                            • Instruction ID: b8595aba6f039ee58d7962536fe63fdbe35309bb5c9f37c5bf8db9fa9943375a
                                                                            • Opcode Fuzzy Hash: 63425386b35f735f5eb303e83bfbe55818570f32e5447e3767ff35a3eaf3afb3
                                                                            • Instruction Fuzzy Hash: AD915E73A08B858AE720DB66E8802ED7BA0F794798F14417AEF8D27765DF38D195C700
                                                                            Function 00007FFDFB8E13C0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 188COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: _aligned_freememset
                                                                            • String ID: Formats with a palette require a minimum alignment of 4$Picture size %ux%u is invalid
                                                                            • API String ID: 4139559148-2772728507
                                                                            • Opcode ID: d2bce35dc7bea88bc8b002da499a7abb22af52d3ac8cced75f3b84996035a56c
                                                                            • Instruction ID: 763a2fde17705e32279c0dde3cde5813f07f5f31653d04afbc70f2336a386c15
                                                                            • Opcode Fuzzy Hash: d2bce35dc7bea88bc8b002da499a7abb22af52d3ac8cced75f3b84996035a56c
                                                                            • Instruction Fuzzy Hash: 19610562B2A68346EB189B95D821B7D6A92BFC57D4F048135DE6E477FCDF3CE4008600
                                                                            Function 00007FFDFB901850 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 172COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: CreateEventSleepabort
                                                                            • String ID: Assertion %s failed at %s:%d$j$nb_threads >= 0$src/libavutil/slicethread.c
                                                                            • API String ID: 723382662-4085466978
                                                                            • Opcode ID: 0dd97ee1e1389a45ab9eeccc6ffecfb3266947cce79cf5f2d17546453878bf81
                                                                            • Instruction ID: d098ef66ee80122a5fc67c71903d5847f9fbaaee92ffa245bbb4a58ca2525dca
                                                                            • Opcode Fuzzy Hash: 0dd97ee1e1389a45ab9eeccc6ffecfb3266947cce79cf5f2d17546453878bf81
                                                                            • Instruction Fuzzy Hash: B971B476B0A78385E7249B21E560BAA72E1FF84784F184131EEAD477E9DF3CE4508740
                                                                            Function 00007FFE1322BB70 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 167COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908589897.00007FFE13221000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE13220000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908574862.00007FFE13220000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908610418.00007FFE13231000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908629237.00007FFE13236000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908644951.00007FFE13237000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffe13220000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: Name::operator+
                                                                            • String ID: std::nullptr_t$std::nullptr_t $volatile$volatile
                                                                            • API String ID: 2943138195-757766384
                                                                            • Opcode ID: 8ec89114dc1e92fb087ff84a90b975bd849231731579a14e6ae3ff20f009c8f1
                                                                            • Instruction ID: be99dd8f957e98a0d0e2f6a9453ed1219838a879f391db309b05c7be6fcb4f08
                                                                            • Opcode Fuzzy Hash: 8ec89114dc1e92fb087ff84a90b975bd849231731579a14e6ae3ff20f009c8f1
                                                                            • Instruction Fuzzy Hash: 77716F71A08F468CEB34AF26ED811BC67A4BBA97A4F4445B5DA4D27A79DF3CE150C300
                                                                            Function 00007FFE13253660 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 166COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            • Requested noise shaping dither not available at this sampling rate, using triangular hp dither, xrefs: 00007FFE132538BF
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908676257.00007FFE13241000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE13240000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908661283.00007FFE13240000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908699278.00007FFE13259000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908719036.00007FFE13262000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908735260.00007FFE13263000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908750918.00007FFE13266000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908767541.00007FFE13267000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffe13240000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: av_get_packed_sample_fmt$av_get_bytes_per_sampleav_log
                                                                            • String ID: Requested noise shaping dither not available at this sampling rate, using triangular hp dither
                                                                            • API String ID: 3201340904-3665241142
                                                                            • Opcode ID: 3aabd3796ad4e8e3c28a21a01194fa0efc64d4ec367513780e46d480d1dae623
                                                                            • Instruction ID: 3d1f7038e5f281c5ad01139f46747a0826f367e084e482ce77bf8d092a81db49
                                                                            • Opcode Fuzzy Hash: 3aabd3796ad4e8e3c28a21a01194fa0efc64d4ec367513780e46d480d1dae623
                                                                            • Instruction Fuzzy Hash: C86138B2D18E454DE356EB3685013F96291BFF97A4F049371DA0E762A0FF3CA685C600
                                                                            Function 00007FFE13223690 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 145COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908589897.00007FFE13221000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE13220000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908574862.00007FFE13220000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908610418.00007FFE13231000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908629237.00007FFE13236000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908644951.00007FFE13237000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffe13220000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: abort$CallEncodePointerTranslator
                                                                            • String ID: MOC$RCC
                                                                            • API String ID: 2889003569-2084237596
                                                                            • Opcode ID: bda6881e4fb6ddd96fb50e60b72b5d1eaa618bcc944dda4a5bc0b193bb5b3b27
                                                                            • Instruction ID: bcbabd47ddb5ba41307e29859710050f9236efd79a92a910656bbefb286702ee
                                                                            • Opcode Fuzzy Hash: bda6881e4fb6ddd96fb50e60b72b5d1eaa618bcc944dda4a5bc0b193bb5b3b27
                                                                            • Instruction Fuzzy Hash: 54614B73A08F858AEB249F66E8403AD77A0F794BA8F144165EF4D27B68CF38E055C700
                                                                            Function 00007FFDFB96D620 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 123COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: _errno
                                                                            • String ID: exp
                                                                            • API String ID: 2918714741-113136155
                                                                            • Opcode ID: e90ec1942e2a92b2f1d0ed0121cc3710e2463ace097223b5873384d11cd1195e
                                                                            • Instruction ID: 87876ba138dcc1afdd08fae46bc2e03238421b7544f6f7422257ed2d873e4149
                                                                            • Opcode Fuzzy Hash: e90ec1942e2a92b2f1d0ed0121cc3710e2463ace097223b5873384d11cd1195e
                                                                            • Instruction Fuzzy Hash: AB51FA52F0DA8686E7025B34E82127A7364FF96344F50E321EA9D345EEFF2DE5948A40
                                                                            Function 00007FFE13253000 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 123COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908676257.00007FFE13241000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE13240000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908661283.00007FFE13240000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908699278.00007FFE13259000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908719036.00007FFE13262000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908735260.00007FFE13263000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908750918.00007FFE13266000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908767541.00007FFE13267000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffe13240000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: _errno
                                                                            • String ID: exp
                                                                            • API String ID: 2918714741-113136155
                                                                            • Opcode ID: e892162a4feb91c5f06d0adc05f7b2a5d8b4b961a27d821f26560dc97cede207
                                                                            • Instruction ID: 5a398edf0f660ecbe682aa4d00efe096b83a6c2e427cfe37ae87033e15e1e96f
                                                                            • Opcode Fuzzy Hash: e892162a4feb91c5f06d0adc05f7b2a5d8b4b961a27d821f26560dc97cede207
                                                                            • Instruction Fuzzy Hash: 0851F692D0CE8586E6026B35D8122BB6320FFE5354F40E361EB89305A6FF2DE6C5CA40
                                                                            Function 00007FFDFB8C9750 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 121COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: Assertion %s failed at %s:%d$pool->alloc || pool->alloc2$src/libavutil/buffer.c
                                                                            • API String ID: 0-4265094632
                                                                            • Opcode ID: d76ba869af0c935bc261349364afef7ac018e203dbb1c970f62eb4bb728a1136
                                                                            • Instruction ID: b6446ba5bfaa755a7f3a9b701206da3d40b74725f94b9dfcfa158b7f2703f0fc
                                                                            • Opcode Fuzzy Hash: d76ba869af0c935bc261349364afef7ac018e203dbb1c970f62eb4bb728a1136
                                                                            • Instruction Fuzzy Hash: 29518CB2716B8681EB559F11E864BBA37A8FB88B88F544176DE6D073E8DF38D444C340
                                                                            Function 00007FFDFB8E6510 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 119COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: abort
                                                                            • String ID: Assertion %s failed at %s:%d$duration >= 0$in_ts != ((int64_t)0x8000000000000000ULL)$src/libavutil/mathematics.c
                                                                            • API String ID: 4206212132-3367517387
                                                                            • Opcode ID: 513caed045a4db0526df902e940f6b02687e0721ee3627fbbd4727eb2fb21fc4
                                                                            • Instruction ID: 49c5d2845a943e1016399199fd08d86698a8ce3e89fbf7c22cb7f5574cb7009d
                                                                            • Opcode Fuzzy Hash: 513caed045a4db0526df902e940f6b02687e0721ee3627fbbd4727eb2fb21fc4
                                                                            • Instruction Fuzzy Hash: A441B42271AB4680EB24CB81FD54AAAA764BB897D4F454036EE9D07BF9DF7CD1418700
                                                                            Function 00007FFDFB9061E0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 85COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: abort
                                                                            • String ID: !dual_stride || !(dual_stride & (dual_stride - 1))$Assertion %s failed at %s:%d$dual_stride <= basis$src/libavutil/tx.c
                                                                            • API String ID: 4206212132-1907613106
                                                                            • Opcode ID: b2d68d41104b27e6dcc2f546f5ee05c62e4ee261660e14a4176fa03e21371bc5
                                                                            • Instruction ID: 9990a19c1faef95be7940b0c632716704901de153855ef613e6e0ec7fab6f323
                                                                            • Opcode Fuzzy Hash: b2d68d41104b27e6dcc2f546f5ee05c62e4ee261660e14a4176fa03e21371bc5
                                                                            • Instruction Fuzzy Hash: 0131AA36B0E68787E3648F64A850FAA76A1FB48394F544135EAAD43BE8DF7CD144CB00
                                                                            Function 00007FFDFB8EE750 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 63stringCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: strcmp
                                                                            • String ID: none$ntsc
                                                                            • API String ID: 1004003707-2486863473
                                                                            • Opcode ID: 6b738e6fadc790c156b69ca33ae2bb0c185686464ba8ef256ca71794a6c641fc
                                                                            • Instruction ID: 61147d194290af26c49a060464518ca21cd46bd392aa77cefce97413b57852e4
                                                                            • Opcode Fuzzy Hash: 6b738e6fadc790c156b69ca33ae2bb0c185686464ba8ef256ca71794a6c641fc
                                                                            • Instruction Fuzzy Hash: B5112962F1A25391F7644F69EC50AB66790AB88BE9F484031DE6C4B3FCDE6CE441C340
                                                                            Function 00007FFDFB979780 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 54threadCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: CurrentDebugOutputStringThread_ultoaabort
                                                                            • String ID: Error cleaning up spin_keys for thread
                                                                            • API String ID: 4191895893-2906507043
                                                                            • Opcode ID: 81378f2af0811eeb7f04898ebd31de8b15f56f487cc7d9f9e4b7e3e7059bb688
                                                                            • Instruction ID: 0908614a1ea35cd465a86ed9b6ed604be43691149ab483d4ba922cd59daddccd
                                                                            • Opcode Fuzzy Hash: 81378f2af0811eeb7f04898ebd31de8b15f56f487cc7d9f9e4b7e3e7059bb688
                                                                            • Instruction Fuzzy Hash: F211E262B0E64391FB604728F424BB92BD1EF46764FA44671DA7C4A7F8DE2CE845C301
                                                                            Function 00007FFE1A462780 Relevance: 7.7, APIs: 5, Instructions: 200synchronizationCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908801755.00007FFE1A461000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908785930.00007FFE1A460000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908817635.00007FFE1A468000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908834726.00007FFE1A46C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffe1a460000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: ObjectSingleWait
                                                                            • String ID:
                                                                            • API String ID: 24740636-0
                                                                            • Opcode ID: 128c7c0c7c4041ad80a73ece8c7e6e0e6db133071bd0854d49eb70ad7e1cdf79
                                                                            • Instruction ID: 6acbf916066e735a88fdb50b686f3f925e03716151f070ba0655a1d22ebf76ea
                                                                            • Opcode Fuzzy Hash: 128c7c0c7c4041ad80a73ece8c7e6e0e6db133071bd0854d49eb70ad7e1cdf79
                                                                            • Instruction Fuzzy Hash: AC914E22F08E8396E7624B26940037A73B0AF94F74F5542F2DA7D872E5EFB8E4558740
                                                                            Function 00007FFDFB9778B0 Relevance: 7.7, APIs: 5, Instructions: 180synchronizationCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: Wait$ObjectSingle$EventMultipleObjectsReset
                                                                            • String ID:
                                                                            • API String ID: 654736092-0
                                                                            • Opcode ID: 34fbc9e2f4b500ec35d71564d19f70a292e06c702ea4cefd25497b8e02179aaa
                                                                            • Instruction ID: e7e2a8f6c19987ee95271c281e5e7ef05e38f9565535299870e077f0aee7565a
                                                                            • Opcode Fuzzy Hash: 34fbc9e2f4b500ec35d71564d19f70a292e06c702ea4cefd25497b8e02179aaa
                                                                            • Instruction Fuzzy Hash: 40514921F0B50381FBA55226B962F7B41D1FF80798F790532DD6E822FAED6CE9818201
                                                                            Function 00007FFDFB978970 Relevance: 7.6, APIs: 5, Instructions: 102threadCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: CurrentThread
                                                                            • String ID:
                                                                            • API String ID: 2882836952-0
                                                                            • Opcode ID: 64ab8e10bfe97489d8a8b5c547ce0e4a8904eff289fa1a41a4582324bccb7b1a
                                                                            • Instruction ID: f2714e1f075f4319a83a05b7a482c06c08ceba01cb2e49b829940c4396ca4b2d
                                                                            • Opcode Fuzzy Hash: 64ab8e10bfe97489d8a8b5c547ce0e4a8904eff289fa1a41a4582324bccb7b1a
                                                                            • Instruction Fuzzy Hash: 0A31E833B0611346FB568B16B9A9F7A26D4EF403A0F254535DE2C862E9EE7CDC81C341
                                                                            Function 00007FFE13229FA4 Relevance: 7.6, APIs: 5, Instructions: 94COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908589897.00007FFE13221000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE13220000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908574862.00007FFE13220000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908610418.00007FFE13231000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908629237.00007FFE13236000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908644951.00007FFE13237000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffe13220000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: NameName::$Name::operator+
                                                                            • String ID:
                                                                            • API String ID: 826178784-0
                                                                            • Opcode ID: 7682a6ebcb32bf14f43659220100a1b4a5a4a6e3db385e7ce84af32120df353b
                                                                            • Instruction ID: f0d90b2898963f3e9fda651f697bf6f9caa79008d27973047d02a6fa4e99b8b9
                                                                            • Opcode Fuzzy Hash: 7682a6ebcb32bf14f43659220100a1b4a5a4a6e3db385e7ce84af32120df353b
                                                                            • Instruction Fuzzy Hash: 61413332B08E568DF720EB22EC812B87764BBA9BA0B5440B1DA5D637A5DF3CE555C300
                                                                            Function 00007FFDFB8EA167 Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 72stringCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: strcmp
                                                                            • String ID: %-15s $auto$false$true
                                                                            • API String ID: 1004003707-1025821387
                                                                            • Opcode ID: fb3527bd10113371e98a9a1ec61775ec9984070070ae132d8b4dc0cee117fe9d
                                                                            • Instruction ID: 5fc0df797176868e49378750614f9ce124320061e80dc369a9a77ea1ab19ee02
                                                                            • Opcode Fuzzy Hash: fb3527bd10113371e98a9a1ec61775ec9984070070ae132d8b4dc0cee117fe9d
                                                                            • Instruction Fuzzy Hash: 7B315B71B2A78396EB689B91E560AFA2361FF80784F440032DA6D47AE9DF7CF450C740
                                                                            Function 00007FFDFB977400 Relevance: 7.6, APIs: 5, Instructions: 57COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: CriticalSection$Leave$EnterReleaseSemaphore
                                                                            • String ID:
                                                                            • API String ID: 2813224205-0
                                                                            • Opcode ID: f1a7a2740e80d1d3259fae1787131c9bb634157a3b26bf56fc66d50a79331669
                                                                            • Instruction ID: 021b29ba4a2d4bed8407c5c7b2d74f39bd7c1ac55e551d8076b5da1b3f17f2ee
                                                                            • Opcode Fuzzy Hash: f1a7a2740e80d1d3259fae1787131c9bb634157a3b26bf56fc66d50a79331669
                                                                            • Instruction Fuzzy Hash: 4D01F963F0611742E7458B277CA5A75A281BF997A6F948976CD2D427E4DD3CD8C28300
                                                                            Function 00007FFE132539E6 Relevance: 7.6, APIs: 5, Instructions: 57COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908676257.00007FFE13241000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE13240000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908661283.00007FFE13240000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908699278.00007FFE13259000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908719036.00007FFE13262000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908735260.00007FFE13263000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908750918.00007FFE13266000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908767541.00007FFE13267000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffe13240000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: av_channel_layout_subset
                                                                            • String ID:
                                                                            • API String ID: 2965862492-0
                                                                            • Opcode ID: ffdd762dd7e7d539b56224ab97a8e7a7bb2a5354903c6b430eecf0b001850afc
                                                                            • Instruction ID: e942ca1333e7436d66f980928b3e767b1c6018aaa8736aac003cc6dc8c6bbd47
                                                                            • Opcode Fuzzy Hash: ffdd762dd7e7d539b56224ab97a8e7a7bb2a5354903c6b430eecf0b001850afc
                                                                            • Instruction Fuzzy Hash: 29118EC2B5BB0288FE567A2240453B902C15FF5760E58A678CA0E2A3D4FE2CEB04C210
                                                                            Function 00007FFE1A465BA0 Relevance: 7.5, APIs: 5, Instructions: 31COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908801755.00007FFE1A461000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908785930.00007FFE1A460000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908817635.00007FFE1A468000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908834726.00007FFE1A46C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffe1a460000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: Process$CloseCurrentErrorHandleLastOpen_errno
                                                                            • String ID:
                                                                            • API String ID: 202612177-0
                                                                            • Opcode ID: 59d5a97e427603bb888d026b8b2610f650cbaf0f5f7bb9ca25a91e49a38cba3c
                                                                            • Instruction ID: 4f9c7a8b8c7bd8b30093cf0a99f1978223d454eef5aab8f5f23f8a5f8941c36c
                                                                            • Opcode Fuzzy Hash: 59d5a97e427603bb888d026b8b2610f650cbaf0f5f7bb9ca25a91e49a38cba3c
                                                                            • Instruction Fuzzy Hash: 13F0F4A0B09A0646FB195BB7549423422A1AF48F36F4544F9C93D477A0DF2C58E54751
                                                                            Function 00007FFDFB8D4910 Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 306stringCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: _aligned_freestrlen
                                                                            • String ID: Invalid chars '%s' at the end of expression '%s'$d
                                                                            • API String ID: 1887580107-3215087449
                                                                            • Opcode ID: 5a1976bc1fae1619cc5837e51ad9f9ceb58bf78b7d192d9c0debe48df1a25819
                                                                            • Instruction ID: 1651ec12c8e2c22abe374865c745da6a0b87b6a34963d41342b528a3d4c814e6
                                                                            • Opcode Fuzzy Hash: 5a1976bc1fae1619cc5837e51ad9f9ceb58bf78b7d192d9c0debe48df1a25819
                                                                            • Instruction Fuzzy Hash: 13E12C2672AA4781DB10EB16E4A0AAA6770FFC9B90F140132EB9D477FADF39D441C740
                                                                            Function 00007FFE13243C60 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 204COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908676257.00007FFE13241000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE13240000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908661283.00007FFE13240000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908699278.00007FFE13259000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908719036.00007FFE13262000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908735260.00007FFE13263000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908750918.00007FFE13266000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908767541.00007FFE13267000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffe13240000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: abort
                                                                            • String ID: Assertion %s failed at %s:%d$ctx->channels == out->ch_count$src/libswresample/audioconvert.c
                                                                            • API String ID: 4206212132-1145592257
                                                                            • Opcode ID: 866e3859ebfbb8229919b961fbf36017d54387b83d359a5ec9b00af1929c4d7d
                                                                            • Instruction ID: a07320e10aeaf99812efda382d397f4830ad406f8ee4734befbdd1c77938d569
                                                                            • Opcode Fuzzy Hash: 866e3859ebfbb8229919b961fbf36017d54387b83d359a5ec9b00af1929c4d7d
                                                                            • Instruction Fuzzy Hash: 5361C272B19A06CAEA28EA07D444B7A6295FFF4BA4F458175CF4D177A4EE3CE450C700
                                                                            Function 00007FFE1324AFA0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 193COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908676257.00007FFE13241000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE13240000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908661283.00007FFE13240000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908699278.00007FFE13259000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908719036.00007FFE13262000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908735260.00007FFE13263000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908750918.00007FFE13266000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908767541.00007FFE13267000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffe13240000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: Failed to compensate for timestamp delta of %f$compensating audio timestamp drift:%f compensation:%d in:%d
                                                                            • API String ID: 0-3137371971
                                                                            • Opcode ID: 9453577323ccaac385d38161161e3fdd902f05c07b8afe89a999298048375f23
                                                                            • Instruction ID: dd905e540f43548d0d6cc7f735496ba089043be4e5423fcc437cce8cccf41928
                                                                            • Opcode Fuzzy Hash: 9453577323ccaac385d38161161e3fdd902f05c07b8afe89a999298048375f23
                                                                            • Instruction Fuzzy Hash: 3E714922E19F9AC9E712AE3744013796260AFE5FD4F089372DD4E777A4EF38A541C200
                                                                            Function 00007FFE13224044 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 163COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00007FFE13226710: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FFE1322239E), ref: 00007FFE1322671E
                                                                            • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE132241C3
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908589897.00007FFE13221000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE13220000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908574862.00007FFE13220000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908610418.00007FFE13231000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908629237.00007FFE13236000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908644951.00007FFE13237000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffe13220000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: abort
                                                                            • String ID: $csm$csm
                                                                            • API String ID: 4206212132-1512788406
                                                                            • Opcode ID: a1e41bd14f4dc8a012b9b6851bae8dba3a2639313cd67671a1d4b299b7556132
                                                                            • Instruction ID: 4a05172f3f2e21d109d2654aefd1aff5fee617e9d72fdb39c4d289022dcbcbbe
                                                                            • Opcode Fuzzy Hash: a1e41bd14f4dc8a012b9b6851bae8dba3a2639313cd67671a1d4b299b7556132
                                                                            • Instruction Fuzzy Hash: 05719232508A918AD7749F13E8407B97BB0FBA4FA4F148275DF8C27AA9CB2CD591C741
                                                                            Function 00007FFE13223E1C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 144COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00007FFE13226710: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FFE1322239E), ref: 00007FFE1322671E
                                                                            • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE13223F13
                                                                            • __FrameHandler3::FrameUnwindToEmptyState.LIBVCRUNTIME ref: 00007FFE13223F23
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908589897.00007FFE13221000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE13220000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908574862.00007FFE13220000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908610418.00007FFE13231000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908629237.00007FFE13236000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908644951.00007FFE13237000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffe13220000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: Frameabort$EmptyHandler3::StateUnwind
                                                                            • String ID: csm$csm
                                                                            • API String ID: 4108983575-3733052814
                                                                            • Opcode ID: 723d316c6bb1492db26d318ced58129fbbb71e04f86aecbd325fb3d3c805e488
                                                                            • Instruction ID: 9a4eb5bd61afc291cb8c0a9423d231502cf4c3e3944cab04454ebca2d456c49e
                                                                            • Opcode Fuzzy Hash: 723d316c6bb1492db26d318ced58129fbbb71e04f86aecbd325fb3d3c805e488
                                                                            • Instruction Fuzzy Hash: C5517432908A428AEB74AF17B94427876A0FBE4BA4F144176DB8D67BE5CF3CE550C700
                                                                            Function 00007FFDFB9015C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 122COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: abort
                                                                            • String ID: Assertion %s failed at %s:%d$nb_jobs > 0$src/libavutil/slicethread.c
                                                                            • API String ID: 4206212132-1031856425
                                                                            • Opcode ID: 6ee0518d565bae88eeec7544e1c0ff8f03f36ef7bb88ca07a7aea4a2878acd5c
                                                                            • Instruction ID: 8166d3d74a71c78f03f907fc5b2e77c1a91fd629cf3880120828cfe648381d13
                                                                            • Opcode Fuzzy Hash: 6ee0518d565bae88eeec7544e1c0ff8f03f36ef7bb88ca07a7aea4a2878acd5c
                                                                            • Instruction Fuzzy Hash: 4741C637B0660286EB24CF26E850A6A77A1FB84B98F5C8135DE5D036A8DF3DE442C740
                                                                            Function 00007FFDFB8C5FB0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 98stringCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: strspn$strlen
                                                                            • String ID:
                                                                            • API String ID: 697951671-596783616
                                                                            • Opcode ID: c2f3e75c8f79a9c271b989593eea45416c26161b9ab45691b9c7843e23effee5
                                                                            • Instruction ID: 6529ce789c8628fb1e252f4d57388c30d4f2e7d5bca6b04864f93f30f0174d3b
                                                                            • Opcode Fuzzy Hash: c2f3e75c8f79a9c271b989593eea45416c26161b9ab45691b9c7843e23effee5
                                                                            • Instruction Fuzzy Hash: 433173D1B1E29350EF964B115E20A795AA25F85BC8F488472DE7D6B2EECE2DE4428301
                                                                            Function 00007FFDFB8E8990 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 94stringCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: strtol
                                                                            • String ID: Unable to parse option value "%s" as %s$Value %d for parameter '%s' out of %s format range [%d - %d]$none
                                                                            • API String ID: 76114499-2908652078
                                                                            • Opcode ID: 3dc9da589c42dd02856a593b1258d03a0b292f87372d4db75a7a8f83acead3ae
                                                                            • Instruction ID: 6e5815f02fa47af6ec48967329570fc7c82d9e15c9a911f379666e0bff55015b
                                                                            • Opcode Fuzzy Hash: 3dc9da589c42dd02856a593b1258d03a0b292f87372d4db75a7a8f83acead3ae
                                                                            • Instruction Fuzzy Hash: BF310962B1EA8345E7658B71A820AAE6251ABC17E8F144331ED7D536FCDF3CD4408701
                                                                            Function 00007FFE1322A714 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 74COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908589897.00007FFE13221000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE13220000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908574862.00007FFE13220000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908610418.00007FFE13231000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908629237.00007FFE13236000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908644951.00007FFE13237000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffe13220000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: NameName::
                                                                            • String ID: %lf
                                                                            • API String ID: 1333004437-2891890143
                                                                            • Opcode ID: f37b8968dc856f8c22d72c120ca4476383f363961e161f929d9d255907aecf6d
                                                                            • Instruction ID: dd178193e16a0fc64718596aba7946f699fba62687ea1e5675754d908f99a733
                                                                            • Opcode Fuzzy Hash: f37b8968dc856f8c22d72c120ca4476383f363961e161f929d9d255907aecf6d
                                                                            • Instruction Fuzzy Hash: A331822290CE8589EB30EB26FC5027A6364FBE9BA4F5481B1E99D67665CF3CD501C740
                                                                            Function 00007FF63DD92990 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 36COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • avformat_new_stream.AVFORMAT-60(?,?,?,00007FF63DD912F1), ref: 00007FF63DD929AD
                                                                            • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,00007FF63DD912F1), ref: 00007FF63DD929C0
                                                                            • fprintf.MSPDB140-MSVCRT ref: 00007FF63DD929D3
                                                                              • Part of subcall function 00007FF63DD92320: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,00007FF63DD929D8,?,?,?,00007FF63DD912F1), ref: 00007FF63DD92357
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1903087180.00007FF63DD91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF63DD90000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1903060811.00007FF63DD90000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1903107554.00007FF63DD95000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1903135413.00007FF63DD96000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1903225542.00007FF63DD99000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ff63dd90000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: __acrt_iob_func__stdio_common_vfprintfavformat_new_streamfprintf
                                                                            • String ID: Couldn't create stream for encoder '%s'
                                                                            • API String ID: 306180413-3485626053
                                                                            • Opcode ID: 97d36ac62344db8522675eb32487dc47749b1acbad2880230df25e82e6eb689d
                                                                            • Instruction ID: 450a47dc8d77cfd7cd9a20f943f0ff5e6ad126231e358f49409c320ffd4ad7c8
                                                                            • Opcode Fuzzy Hash: 97d36ac62344db8522675eb32487dc47749b1acbad2880230df25e82e6eb689d
                                                                            • Instruction Fuzzy Hash: 42F06D32A19B8481EA44CB56F461069B7A0FB8CBD0B489135EE4D43719EE3DD551CB00
                                                                            Function 00007FFDFB8DD880 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 31stringCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: strtol
                                                                            • String ID: Disabling use of CUDA primary device context$Using CUDA primary device context$primary_ctx
                                                                            • API String ID: 76114499-1919470267
                                                                            • Opcode ID: 3c091e27e2dbc98c8e65e12db3f15324b02cb9e40d48561a3b36329f0690444e
                                                                            • Instruction ID: 9b8da95a43497ce93ab342f2b3affbbed700549d974a281c76f505daeacdf91b
                                                                            • Opcode Fuzzy Hash: 3c091e27e2dbc98c8e65e12db3f15324b02cb9e40d48561a3b36329f0690444e
                                                                            • Instruction Fuzzy Hash: 60F03655F2A60350FB54A76AA831FB913405FC9791FD06932DC2D4A7F9DD2CE445C340
                                                                            Function 00007FFE13222400 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 28COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00007FFE13226710: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FFE1322239E), ref: 00007FFE1322671E
                                                                            • terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE1322243E
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908589897.00007FFE13221000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE13220000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908574862.00007FFE13220000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908610418.00007FFE13231000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908629237.00007FFE13236000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908644951.00007FFE13237000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffe13220000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: abortterminate
                                                                            • String ID: MOC$RCC$csm
                                                                            • API String ID: 661698970-2671469338
                                                                            • Opcode ID: b838753ef247b2fc749e3877e0128dea9035de62b0ba29f15289213c97603889
                                                                            • Instruction ID: 64734214bf257fa4e4f01f67737969b98f12b8fd444d186fff84ea961fdee7ec
                                                                            • Opcode Fuzzy Hash: b838753ef247b2fc749e3877e0128dea9035de62b0ba29f15289213c97603889
                                                                            • Instruction Fuzzy Hash: B3F04F36918E8689EBB07F62F9810693674FBE8B60F0950F1D74827276CF7CE4A0C641
                                                                            Function 00007FFDFB8C9960 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 27COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: abort
                                                                            • String ID: Assertion %s failed at %s:%d$buf$src/libavutil/buffer.c
                                                                            • API String ID: 4206212132-2693306993
                                                                            • Opcode ID: 6a1729c8ae82779914f64dfb9c10cf82327e2bfa5a8fbcb130779104fee64848
                                                                            • Instruction ID: ce5e8dd60dc07fab81b4cb6a57a6db8e6471ebce604fddf0f2945c4274fda336
                                                                            • Opcode Fuzzy Hash: 6a1729c8ae82779914f64dfb9c10cf82327e2bfa5a8fbcb130779104fee64848
                                                                            • Instruction Fuzzy Hash: 8BE06DA1B1AB4780EF149F65E8208E927A0EF88744FD48036DA6C033F8DF3CE105C604
                                                                            Function 00007FFE1322E9E0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 22COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • __C_specific_handler.LIBVCRUNTIME ref: 00007FFE1322E9F0
                                                                              • Part of subcall function 00007FFE1322EC30: _IsNonwritableInCurrentImage.LIBCMT ref: 00007FFE1322ECF0
                                                                              • Part of subcall function 00007FFE1322EC30: RtlUnwindEx.KERNEL32(?,?,?,?,?,?,?,00007FFE1322E9F5), ref: 00007FFE1322ED3F
                                                                              • Part of subcall function 00007FFE13226710: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FFE1322239E), ref: 00007FFE1322671E
                                                                            • terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE1322EA1A
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908589897.00007FFE13221000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE13220000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908574862.00007FFE13220000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908610418.00007FFE13231000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908629237.00007FFE13236000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908644951.00007FFE13237000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffe13220000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: C_specific_handlerCurrentImageNonwritableUnwindabortterminate
                                                                            • String ID: csm$f
                                                                            • API String ID: 2451123448-629598281
                                                                            • Opcode ID: c9fb23446a5b638453e0304dd207887769bfaeb8010eb75ee95ffcfd07f137de
                                                                            • Instruction ID: d388dc25b3dd93795b73a7dfcb2ea5f0a54baa98fed7ef1d3010785c6e94c150
                                                                            • Opcode Fuzzy Hash: c9fb23446a5b638453e0304dd207887769bfaeb8010eb75ee95ffcfd07f137de
                                                                            • Instruction Fuzzy Hash: 71E0E532D18E8284E7307BA2B58113C26A0FFB4B70F2580B4DA4C2726ACE7CE490C201
                                                                            Function 00007FFDFB8E7500 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 14COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: abort
                                                                            • String ID: Assertion %s failed at %s:%d$src/libavutil/mem.c$val || !min_size
                                                                            • API String ID: 4206212132-3343232236
                                                                            • Opcode ID: 9f2d832eee8a386a6791954090d46eb0d2479cb7aefd3148675639f8814a35ca
                                                                            • Instruction ID: 6a4e9dcc6333d0ccb5fc1177ef05a1bb4784895f44139c2dfb74a3db51d45a26
                                                                            • Opcode Fuzzy Hash: 9f2d832eee8a386a6791954090d46eb0d2479cb7aefd3148675639f8814a35ca
                                                                            • Instruction Fuzzy Hash: CEE04661A0BB4381EB18AF50A824AF937A4FB89308F954236D46E16AB8CF3CE1058744
                                                                            Function 00007FFDFB8D55A0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 12COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: abort
                                                                            • String ID: Assertion %s failed at %s:%d$cur_size >= size$src/libavutil/fifo.c
                                                                            • API String ID: 4206212132-2007657860
                                                                            • Opcode ID: 88a5e5efd281f7ab3c7b4b2a72e72c85cd5da5ff7f8b021ecd333fd393f9dcb8
                                                                            • Instruction ID: 267e952129f9b6ee796a93447c8e16edd027dc1900928e28282d812eb37238d8
                                                                            • Opcode Fuzzy Hash: 88a5e5efd281f7ab3c7b4b2a72e72c85cd5da5ff7f8b021ecd333fd393f9dcb8
                                                                            • Instruction Fuzzy Hash: 5DD0E272B1AE4794E715EF60A831AE967A1EB89304FD08536D56D022B9CF3CE209C604
                                                                            Function 00007FFE13229CC0 Relevance: 6.2, APIs: 4, Instructions: 193COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908589897.00007FFE13221000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE13220000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908574862.00007FFE13220000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908610418.00007FFE13231000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908629237.00007FFE13236000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908644951.00007FFE13237000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffe13220000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: Name::operator+
                                                                            • String ID:
                                                                            • API String ID: 2943138195-0
                                                                            • Opcode ID: f50f9f5b0f4c072e52125a456639a7d4e2bd829a5a5137cb56b4f6bb80237050
                                                                            • Instruction ID: eaaed3de982a26725e8470b2e3e59d3a0afe2638e7c9a7a8d9fda55eedebeab9
                                                                            • Opcode Fuzzy Hash: f50f9f5b0f4c072e52125a456639a7d4e2bd829a5a5137cb56b4f6bb80237050
                                                                            • Instruction Fuzzy Hash: 53917D22E08F568DFB21AB66E8403EC27A4BBA4764F5040B6DA4D376B5DF7CA855C340
                                                                            Function 00007FFE1322A44C Relevance: 6.1, APIs: 4, Instructions: 134COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908589897.00007FFE13221000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE13220000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908574862.00007FFE13220000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908610418.00007FFE13231000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908629237.00007FFE13236000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908644951.00007FFE13237000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffe13220000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: Name::operator+$NameName::
                                                                            • String ID:
                                                                            • API String ID: 168861036-0
                                                                            • Opcode ID: fdc850366a52cc8509fdc883a27d076c67a20e363f2b2ed3a2a440fa302089d7
                                                                            • Instruction ID: 0049794a6d99e5017d713d38565daaea5de47dfd6d92d947d4a61950cd8b6a4a
                                                                            • Opcode Fuzzy Hash: fdc850366a52cc8509fdc883a27d076c67a20e363f2b2ed3a2a440fa302089d7
                                                                            • Instruction Fuzzy Hash: 17514A72E18A568DFB20AF62EC803BD37A0BBA4B64F544071DA0D67AA5DF39D451C740
                                                                            Function 00007FFE1A463BE0 Relevance: 6.1, APIs: 4, Instructions: 126synchronizationCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908801755.00007FFE1A461000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908785930.00007FFE1A460000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908817635.00007FFE1A468000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908834726.00007FFE1A46C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffe1a460000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: ObjectSingleWait$EventReset
                                                                            • String ID:
                                                                            • API String ID: 466820088-0
                                                                            • Opcode ID: 23d1a419ce0311e38330c9e7fff77312c1ba9e2a20c5924deb88d3609af00be2
                                                                            • Instruction ID: cf1a264f750f0beb6dcc70284157323363cab9aa142a9661e88c44049b4ec94c
                                                                            • Opcode Fuzzy Hash: 23d1a419ce0311e38330c9e7fff77312c1ba9e2a20c5924deb88d3609af00be2
                                                                            • Instruction Fuzzy Hash: 54415472B08A8182EB51DF22E4502BD7371EB84F64F4840B6EB6D476A9DF3CE455CB50
                                                                            Function 00007FFDFB8C1010 Relevance: 6.1, APIs: 4, Instructions: 124sleepCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: Sleep_amsg_exit
                                                                            • String ID:
                                                                            • API String ID: 1015461914-0
                                                                            • Opcode ID: 3224bf86eb5cef696b33d2aba6a83138660028b8981cd15249a10f7ce29e597b
                                                                            • Instruction ID: b438eb01c644cc03dcc6961d4fc2eda778038a51badd02beea6b8ef6967916f2
                                                                            • Opcode Fuzzy Hash: 3224bf86eb5cef696b33d2aba6a83138660028b8981cd15249a10f7ce29e597b
                                                                            • Instruction Fuzzy Hash: 48414AB2B1B54385F752AB16ECA1A7926A5AF84B90F545433DD3C473F9DE3CE9818300
                                                                            Function 00007FFE13241010 Relevance: 6.1, APIs: 4, Instructions: 124sleepCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908676257.00007FFE13241000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE13240000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908661283.00007FFE13240000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908699278.00007FFE13259000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908719036.00007FFE13262000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908735260.00007FFE13263000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908750918.00007FFE13266000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908767541.00007FFE13267000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffe13240000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: Sleep_amsg_exit
                                                                            • String ID:
                                                                            • API String ID: 1015461914-0
                                                                            • Opcode ID: b553eb0038be5d07e6e415a4f5416fb2498995f0916b4543aad5407793640784
                                                                            • Instruction ID: f4ada50e567fb6d77b9d8ef0b27f634f59237b30385f27d67afb979658309260
                                                                            • Opcode Fuzzy Hash: b553eb0038be5d07e6e415a4f5416fb2498995f0916b4543aad5407793640784
                                                                            • Instruction Fuzzy Hash: 98414272B09D4289F7526B17E8503752291AFE4BA4F6451B2CE0C673B4EE3CF981D340
                                                                            Function 00007FFDFB8C66B0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 104stringCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: strlen$strchr
                                                                            • String ID: ALL
                                                                            • API String ID: 3013107155-2914988887
                                                                            • Opcode ID: fcefe4586e90ed2a4975fb323870bf9105dc7dc9ba43fdb0f7cef785815bcb23
                                                                            • Instruction ID: 98e8e5c4d9c6b768d6389cbd7a984e2da3fda18f20e50ee997f4f9e738359f7a
                                                                            • Opcode Fuzzy Hash: fcefe4586e90ed2a4975fb323870bf9105dc7dc9ba43fdb0f7cef785815bcb23
                                                                            • Instruction Fuzzy Hash: 9831D6D6B2B16780FF66CB316E24F7909D21B85780F684932CD2917AEDDE6C98868300
                                                                            Function 00007FFE1A461CF0 Relevance: 6.1, APIs: 4, Instructions: 102threadCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908801755.00007FFE1A461000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908785930.00007FFE1A460000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908817635.00007FFE1A468000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908834726.00007FFE1A46C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffe1a460000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: CloseHandle$ResumeThread_beginthreadexfreemalloc
                                                                            • String ID:
                                                                            • API String ID: 1141387253-0
                                                                            • Opcode ID: 66f779a04675420d10c3e0e1a40261c3780ffcd5451449fc6e1faf9f36e06287
                                                                            • Instruction ID: 7861895d365ec42d175d6b3a75a6c6646c8f1da5db3a2d267172ddbb59cd032c
                                                                            • Opcode Fuzzy Hash: 66f779a04675420d10c3e0e1a40261c3780ffcd5451449fc6e1faf9f36e06287
                                                                            • Instruction Fuzzy Hash: 1A419132B08F8186E7618F16E4006BA73B0FB98BA4F5551B6EE9D03764DF38E561C740
                                                                            Function 00007FFE1A461AE0 Relevance: 6.1, APIs: 4, Instructions: 99COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908801755.00007FFE1A461000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908785930.00007FFE1A460000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908817635.00007FFE1A468000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908834726.00007FFE1A46C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffe1a460000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a5ed3023e85355d8c7d662a5ea9ebd51d1dc57e461f8a813a7e81e918f6af5b3
                                                                            • Instruction ID: fad35d9bd9f6702aaa8f5f4407efdc3a21e84df588bfe7415312a5a8e0ecce66
                                                                            • Opcode Fuzzy Hash: a5ed3023e85355d8c7d662a5ea9ebd51d1dc57e461f8a813a7e81e918f6af5b3
                                                                            • Instruction Fuzzy Hash: 40411772B08F4282EA51DF26A84017963B1BF84F64B5844F2CA6D433A5EF3CE866C740
                                                                            Function 00007FFE1A461790 Relevance: 6.1, APIs: 4, Instructions: 96threadsynchronizationinjectionCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908801755.00007FFE1A461000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908785930.00007FFE1A460000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908817635.00007FFE1A468000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908834726.00007FFE1A46C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffe1a460000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: Thread$ObjectResumeSingleSuspendWait
                                                                            • String ID:
                                                                            • API String ID: 879609812-0
                                                                            • Opcode ID: e0952a9e7b9d2dd58eff9cf88d52fd7236f715f562f819b9b31cf785f32f6f21
                                                                            • Instruction ID: 6b7f0f11d38ee017d85364e42cf91b3127079505b17f164772a91ed35938141d
                                                                            • Opcode Fuzzy Hash: e0952a9e7b9d2dd58eff9cf88d52fd7236f715f562f819b9b31cf785f32f6f21
                                                                            • Instruction Fuzzy Hash: DC419472B08A8582FB218B26D0403B963B1FF94F68F5450B2DB5D476A5DF3CE999CB40
                                                                            Function 00007FFDFB976900 Relevance: 6.1, APIs: 4, Instructions: 92COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: Byte$CharLeadMultiWide
                                                                            • String ID:
                                                                            • API String ID: 2561704868-0
                                                                            • Opcode ID: 1a996603528365f6f637cd234a293156ba757802906f7287cb03bbb997d6b298
                                                                            • Instruction ID: 1aebfb71f347ebd747abc5d97085a4e97103277f714e48d063ff2343fe9d92fa
                                                                            • Opcode Fuzzy Hash: 1a996603528365f6f637cd234a293156ba757802906f7287cb03bbb997d6b298
                                                                            • Instruction Fuzzy Hash: 9831A5B2B0D28286EB608F24B820B6D76D0FB95794F648135DAB8477EDDF3DD5848B00
                                                                            Function 00007FFE1322C87C Relevance: 6.1, APIs: 4, Instructions: 85COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908589897.00007FFE13221000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE13220000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908574862.00007FFE13220000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908610418.00007FFE13231000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908629237.00007FFE13236000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908644951.00007FFE13237000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffe13220000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: Name::operator+
                                                                            • String ID:
                                                                            • API String ID: 2943138195-0
                                                                            • Opcode ID: 010c9cc7b649f2daabbc83b7255f351f4a32df461fe661a6f710ba75eaae01a6
                                                                            • Instruction ID: 2c1e1ebadd98d2b3e573bab0ba59e3f5a5dff10cf0feb395562d812af31e95f3
                                                                            • Opcode Fuzzy Hash: 010c9cc7b649f2daabbc83b7255f351f4a32df461fe661a6f710ba75eaae01a6
                                                                            • Instruction Fuzzy Hash: 1F418972A08B558DFB11DFAAE8813BC37B0BBA8B68F548065DA4D67769CF7C9441C310
                                                                            Function 00007FFDFB97BF60 Relevance: 6.1, APIs: 4, Instructions: 84timeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: Time$FileSystem_errno
                                                                            • String ID:
                                                                            • API String ID: 3586254970-0
                                                                            • Opcode ID: 49a1365162b2beb6e2a3ccfb8f5b0d34ed3bda1431d8c2c1350c42e5770df44f
                                                                            • Instruction ID: b33c9f5868c442ef30d866c77ff7962bcf8cab3ccdcf5633926ead741ddebcf1
                                                                            • Opcode Fuzzy Hash: 49a1365162b2beb6e2a3ccfb8f5b0d34ed3bda1431d8c2c1350c42e5770df44f
                                                                            • Instruction Fuzzy Hash: 5D31A272B0A64B86EF549B25EA1057963E1EB95B94F288231DD2D47BF8EE3CE4018240
                                                                            Function 00007FFE1A462670 Relevance: 6.1, APIs: 4, Instructions: 79COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908801755.00007FFE1A461000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908785930.00007FFE1A460000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908817635.00007FFE1A468000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908834726.00007FFE1A46C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffe1a460000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 199528771ef270659c4c603ab843dedc8cd56cbcb61e71196821b80f414cc4d2
                                                                            • Instruction ID: 5db7cf8e5b4f3b905323bcf3c9861d4d9cb9a878f3c32c0caaaa59f8031cf75c
                                                                            • Opcode Fuzzy Hash: 199528771ef270659c4c603ab843dedc8cd56cbcb61e71196821b80f414cc4d2
                                                                            • Instruction Fuzzy Hash: 0C315676B09F41C6EB698F16E44057877B0EB48FA4B6980BADB6C03764DF38E860C740
                                                                            Function 00007FFDFB97B1F0 Relevance: 6.1, APIs: 4, Instructions: 69synchronizationCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: Handle$Close$InformationObjectSingleValueWait
                                                                            • String ID:
                                                                            • API String ID: 3336430066-0
                                                                            • Opcode ID: 549c524895db14aa5244f77738d71316e65da89358fac4c80a16bd5f07bf5018
                                                                            • Instruction ID: 124a010cb6d788af860097c34e3ee9a13ebca341393aea424f765e2dc538aa17
                                                                            • Opcode Fuzzy Hash: 549c524895db14aa5244f77738d71316e65da89358fac4c80a16bd5f07bf5018
                                                                            • Instruction Fuzzy Hash: 06212A26B0B60341FB519B61E478FBE63D4EF54BA0F680231DE3D462E8DE28D842C304
                                                                            Function 00007FFDFB8E81C0 Relevance: 6.1, APIs: 4, Instructions: 69COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: _aligned_free_aligned_mallocmemset
                                                                            • String ID:
                                                                            • API String ID: 881591362-0
                                                                            • Opcode ID: cb9fa4dfdc566d95d76ac6a2519e6b12bbd1fac9c9e4a918d491552342bc60f3
                                                                            • Instruction ID: 2e5e6690de4ac29756b56bd0750391a75656d3db708c933ad84e9a40bc250357
                                                                            • Opcode Fuzzy Hash: cb9fa4dfdc566d95d76ac6a2519e6b12bbd1fac9c9e4a918d491552342bc60f3
                                                                            • Instruction Fuzzy Hash: C3217FA2B1AB4385FB555F95F92077C73E1AB84BD4F448130CA6C177E8EE7C94858300
                                                                            Function 00007FFDFB8F2150 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 69stringCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: strlen$strchrstrcmp
                                                                            • String ID: yuv420p
                                                                            • API String ID: 3490844034-503634524
                                                                            • Opcode ID: 633ea0c1e1550fd14e7121fbcdf51e94ec169c277e73b1c36fc1efad037321a4
                                                                            • Instruction ID: cd26b9c8f0c60f1c2ef6d84fef149e9281134e12ccaa790515c45a83da17b05a
                                                                            • Opcode Fuzzy Hash: 633ea0c1e1550fd14e7121fbcdf51e94ec169c277e73b1c36fc1efad037321a4
                                                                            • Instruction Fuzzy Hash: 5921E751F2E1C301FF25AB20A431AB99A906F81B84F444235DA3D066FDDD6CE995C311
                                                                            Function 00007FFE1A465E70 Relevance: 6.1, APIs: 4, Instructions: 61COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00007FFE1A461B64,?,?,?,?,?,00000002,00000000,00007FFE1A464983), ref: 00007FFE1A465F1E
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908801755.00007FFE1A461000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908785930.00007FFE1A460000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908817635.00007FFE1A468000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908834726.00007FFE1A46C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffe1a460000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: _errno
                                                                            • String ID:
                                                                            • API String ID: 2918714741-0
                                                                            • Opcode ID: 96d3de31802f6f9abf018a6055aabe2c4eb702216a45d5bc26d38f291c6951f2
                                                                            • Instruction ID: 5ac77cfe2b80da998b3fc10631d9afced47560342768c7e0ecec7329fed652b3
                                                                            • Opcode Fuzzy Hash: 96d3de31802f6f9abf018a6055aabe2c4eb702216a45d5bc26d38f291c6951f2
                                                                            • Instruction Fuzzy Hash: D8216032B18F4282F764DB22E44057A77B1AB88B60F5445B2DB7D43BA4EF3CE8218741
                                                                            Function 00007FFDFB8D05F0 Relevance: 6.1, APIs: 4, Instructions: 57COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: _aligned_free
                                                                            • String ID:
                                                                            • API String ID: 2229574080-0
                                                                            • Opcode ID: d8a117b9735c8cceecb487bba0c084549c0ddfc89fe5e4f491a561c101f37a0f
                                                                            • Instruction ID: f5485675b7458937fc6eae1088a833bb312a450a8fcc9c1f745283b509ca373f
                                                                            • Opcode Fuzzy Hash: d8a117b9735c8cceecb487bba0c084549c0ddfc89fe5e4f491a561c101f37a0f
                                                                            • Instruction Fuzzy Hash: C111E726F2770342EB5AA749E879E6A119AEFCC790F400635DE1D073E6DE389C40C384
                                                                            Function 00007FFE1A4658A0 Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908801755.00007FFE1A461000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908785930.00007FFE1A460000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908817635.00007FFE1A468000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908834726.00007FFE1A46C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffe1a460000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: _endthreadex$Valuefree
                                                                            • String ID:
                                                                            • API String ID: 1763976194-0
                                                                            • Opcode ID: ad5126445cb35a49f1ec9a11fd8a50259baa29f677a2b30741e53d48839e9ca9
                                                                            • Instruction ID: 3419d07b3c8a8cf9abe23ebdc5d57bae3ec1494b74c63d7fcba0056fba5e1000
                                                                            • Opcode Fuzzy Hash: ad5126445cb35a49f1ec9a11fd8a50259baa29f677a2b30741e53d48839e9ca9
                                                                            • Instruction Fuzzy Hash: 14211D72744E4182DB509F2AE89017D6370EB88F74B2402B5DA6E473B5DF3DD8A9C710
                                                                            Function 00007FFE1A465CF0 Relevance: 6.1, APIs: 4, Instructions: 52sleepCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CloseHandle.KERNEL32(?,?,?,00007FFE1A461BA8,?,?,?,?,?,00000002,00000000,00007FFE1A464983), ref: 00007FFE1A465D3C
                                                                              • Part of subcall function 00007FFE1A462F10: SetEvent.KERNEL32(?,?,?,?,?,?,?,?,00000018,00007FFE1A4625B8), ref: 00007FFE1A462FFF
                                                                            • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00007FFE1A461BA8,?,?,?,?,?,00000002,00000000,00007FFE1A464983), ref: 00007FFE1A465D54
                                                                            • Sleep.KERNEL32(?,?,?,00007FFE1A461BA8,?,?,?,?,?,00000002,00000000,00007FFE1A464983), ref: 00007FFE1A465D92
                                                                            • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFE1A461BA8,?,?,?,?,?,00000002,00000000,00007FFE1A464983), ref: 00007FFE1A465DA9
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908801755.00007FFE1A461000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908785930.00007FFE1A460000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908817635.00007FFE1A468000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908834726.00007FFE1A46C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffe1a460000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: CloseEventHandleSleep_errnofree
                                                                            • String ID:
                                                                            • API String ID: 1909294951-0
                                                                            • Opcode ID: fb46983425866d5872816068a530570fbf95f67e655fb18db1a897369a563da2
                                                                            • Instruction ID: e40007f904293f4189416396be71a9a7c5f984ba1cfd2f7708b6227b1ef2ca03
                                                                            • Opcode Fuzzy Hash: fb46983425866d5872816068a530570fbf95f67e655fb18db1a897369a563da2
                                                                            • Instruction Fuzzy Hash: 83113B31B08E4392EA249F22E44427A63B0EF44F64F5484F2DAAE476F5DF3CE4618781
                                                                            Function 00007FFE13224710 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 116COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908589897.00007FFE13221000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE13220000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908574862.00007FFE13220000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908610418.00007FFE13231000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908629237.00007FFE13236000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908644951.00007FFE13237000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffe13220000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: abort$CreateFrameInfo
                                                                            • String ID: csm
                                                                            • API String ID: 2697087660-1018135373
                                                                            • Opcode ID: f6943bea1c78c8542bb5a279c29cdd6a6ec40214996e776607272464948ef889
                                                                            • Instruction ID: 8a91cbbe69c518fcfa79c272c9239af1aa8651cd4b18534b6828ea8a2b28f3b9
                                                                            • Opcode Fuzzy Hash: f6943bea1c78c8542bb5a279c29cdd6a6ec40214996e776607272464948ef889
                                                                            • Instruction Fuzzy Hash: 4B512C37618B818AD670AB16F84026E77B4FB98BA0F140575DF8D27B65CF38E461CB01
                                                                            Function 00007FFE13229BAC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 68COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908589897.00007FFE13221000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE13220000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908574862.00007FFE13220000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908610418.00007FFE13231000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908629237.00007FFE13236000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908644951.00007FFE13237000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffe13220000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: Name::operator+
                                                                            • String ID: void$void
                                                                            • API String ID: 2943138195-3746155364
                                                                            • Opcode ID: ff67bb32e799e4a453516f5f2b265aba841f0c9d9f12838b8a28f15594d75a10
                                                                            • Instruction ID: c200820c71cb436d897d1e766a3a92f46b8db9597fcd82e03b1f2d50e07eb56d
                                                                            • Opcode Fuzzy Hash: ff67bb32e799e4a453516f5f2b265aba841f0c9d9f12838b8a28f15594d75a10
                                                                            • Instruction Fuzzy Hash: 9F312862F18F558CFB20EB65EC410EC37B4BBA8768B440176EE4E22B69DF389154C750
                                                                            Function 00007FFDFB96D8E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: _errno
                                                                            • String ID: log
                                                                            • API String ID: 2918714741-2403297477
                                                                            • Opcode ID: fa12abfb3e14b30e677fb45da5cfe9a9bbeb6b1c1569a3c707cd0e3862981db9
                                                                            • Instruction ID: f1b229419998d3c3a1e82917d704ea4c3fc4d3825d0f2b7ea890ffc2d615a775
                                                                            • Opcode Fuzzy Hash: fa12abfb3e14b30e677fb45da5cfe9a9bbeb6b1c1569a3c707cd0e3862981db9
                                                                            • Instruction Fuzzy Hash: E7210562F1EA4786E7019F24A82077B6765FFD6344F20A334E9AD155FEDF2DE0808600
                                                                            Function 00007FFDFB96E120 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: _errno
                                                                            • String ID: sin
                                                                            • API String ID: 2918714741-3083047850
                                                                            • Opcode ID: 1712686245d460706722795bac48a202a04de283def8482a719af71ef36c7ef1
                                                                            • Instruction ID: 2beb50c34da5ea6f8f2137e9490b50885a8724ed94cd1c5609fa7a0fb4da5c53
                                                                            • Opcode Fuzzy Hash: 1712686245d460706722795bac48a202a04de283def8482a719af71ef36c7ef1
                                                                            • Instruction Fuzzy Hash: 3F210462F0EB8682EB025B35A81027B6761FFD6304F14A334FAA9155EDDF2DE1D08700
                                                                            Function 00007FFDFB96D4E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: _errno
                                                                            • String ID: cos
                                                                            • API String ID: 2918714741-2662988677
                                                                            • Opcode ID: 903857df638d29162f1127ec14efd8d82056fcd9a594b0710213474096d9e04a
                                                                            • Instruction ID: c9cca8ef105a41da0922817a855bbff181edcb0bb652cbc99b194f265d835a52
                                                                            • Opcode Fuzzy Hash: 903857df638d29162f1127ec14efd8d82056fcd9a594b0710213474096d9e04a
                                                                            • Instruction Fuzzy Hash: 0C21F562F1EB8642FB025B34A45027B6765FFD2304F24A335FAA9155EDDF2DE0D08604
                                                                            Function 00007FFDFB8CFFF0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 59stringCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: strftime
                                                                            • String ID: %Y-%m-%dT%H:%M:%S$.%06dZ
                                                                            • API String ID: 1100141660-930656424
                                                                            • Opcode ID: 6197a247b2b8d8ceb3bdce396f44f74d54b797a4093b4ad4865344da7c3ecd53
                                                                            • Instruction ID: 9f3686e24f2cd32c43c0e06510463409571149cbbf5a6a433074ee3f5b02d139
                                                                            • Opcode Fuzzy Hash: 6197a247b2b8d8ceb3bdce396f44f74d54b797a4093b4ad4865344da7c3ecd53
                                                                            • Instruction Fuzzy Hash: 4311E59271AA4324EB518B167D30DE65651AB89BF4F889332ED3D5BBE9DE3CE0418240
                                                                            Function 00007FFE1322604F Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908589897.00007FFE13221000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE13220000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908574862.00007FFE13220000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908610418.00007FFE13231000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908629237.00007FFE13236000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908644951.00007FFE13237000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffe13220000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: FileHeader$ExceptionRaise
                                                                            • String ID: Access violation - no RTTI data!$Bad dynamic_cast!
                                                                            • API String ID: 3685223789-3176238549
                                                                            • Opcode ID: d06b4d24d7aa4607bffac334420f89fbd77c373aef9fdd9199db5b082a62258c
                                                                            • Instruction ID: 1d8009d4071bea93c398b7cb2f1b73edea5c547c195e35480f8f7ed5fd081779
                                                                            • Opcode Fuzzy Hash: d06b4d24d7aa4607bffac334420f89fbd77c373aef9fdd9199db5b082a62258c
                                                                            • Instruction Fuzzy Hash: 6F017566A29D4699EE60BB16F850178A320FFF4B74F4054B1E54E27675DFBCE504C700
                                                                            Function 00007FFE13253940 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908676257.00007FFE13241000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE13240000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908661283.00007FFE13240000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908699278.00007FFE13259000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908719036.00007FFE13262000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908735260.00007FFE13263000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908750918.00007FFE13266000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908767541.00007FFE13267000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffe13240000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: av_channel_layout_describeav_log
                                                                            • String ID: Treating %s as mono
                                                                            • API String ID: 2946648090-2429896034
                                                                            • Opcode ID: 25249c404e77cebffcfa5134640f119eef46f531f346a7abaed1bc42c180491e
                                                                            • Instruction ID: 47b8050fdd1fdb220e1155d4c7edb684f6c39047b83fcddc8fb7ed51a1d45a2a
                                                                            • Opcode Fuzzy Hash: 25249c404e77cebffcfa5134640f119eef46f531f346a7abaed1bc42c180491e
                                                                            • Instruction Fuzzy Hash: 4A01F4E3719B4544EB51E603F8087AB5104B7A67E8F848171EE886B390FE3ED28EC300
                                                                            Function 00007FFE132263F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908589897.00007FFE13221000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE13220000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908574862.00007FFE13220000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908610418.00007FFE13231000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908629237.00007FFE13236000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908644951.00007FFE13237000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffe13220000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: ExceptionFileHeaderRaise
                                                                            • String ID: csm
                                                                            • API String ID: 2573137834-1018135373
                                                                            • Opcode ID: 04e89f2c23f7d49b97199698fdfbf86ccf7878464e1c577e170b006b6ea557c8
                                                                            • Instruction ID: e043c6f94acd788e23a5b21de39c2627564d0ae12fd2ba0cb5e4ee5a58a4ea48
                                                                            • Opcode Fuzzy Hash: 04e89f2c23f7d49b97199698fdfbf86ccf7878464e1c577e170b006b6ea557c8
                                                                            • Instruction Fuzzy Hash: 4E112B32618B8186EB719F16F840269B7A5FB98BA4F284271DECC17B68DF7CD551C700
                                                                            Function 00007FFDFB8E7870 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: _aligned_malloc
                                                                            • String ID: Microsoft Primitive Provider
                                                                            • API String ID: 175129771-4132848957
                                                                            • Opcode ID: 61d24a781ba67f0d1d7f4682cf0f95fd41d5d8f035c987dadc3b785e5cf7c726
                                                                            • Instruction ID: bb08837aeb1ae5942f7f969bde5822aa58106fa8f42bbf3cafe7419b0be45712
                                                                            • Opcode Fuzzy Hash: 61d24a781ba67f0d1d7f4682cf0f95fd41d5d8f035c987dadc3b785e5cf7c726
                                                                            • Instruction Fuzzy Hash: 46F06D45F2B52700FE9A93C36821EB041915FA8BD4F484435DE2C5B7E9EC3CA881C308
                                                                            Function 00007FFDFB8CDDB0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 20COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: abort
                                                                            • String ID: Assertion %s failed at %s:%d$src/libavutil/crc.c
                                                                            • API String ID: 4206212132-3600904276
                                                                            • Opcode ID: bba2b5a7149953d7c06390e03a8456bfcd7d5d25b4af83ad1be5f4adfa0ba47c
                                                                            • Instruction ID: d47c5799c8c81f700379cdf7ef6db139e7d4eb274000a17434281a88766757ca
                                                                            • Opcode Fuzzy Hash: bba2b5a7149953d7c06390e03a8456bfcd7d5d25b4af83ad1be5f4adfa0ba47c
                                                                            • Instruction Fuzzy Hash: 5CE0E5B5B0AA0791EB049F50E4616FD63A1FF48300F848136D62C063F9CF3CE2058700
                                                                            Function 00007FFDFB977F10 Relevance: 5.1, APIs: 4, Instructions: 84COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: CriticalSection$EnterLeave
                                                                            • String ID:
                                                                            • API String ID: 3168844106-0
                                                                            • Opcode ID: dbaf99fa4423a1f3adf368dfeb11cd1e5322a0253855be351de1d8e7fc337a2b
                                                                            • Instruction ID: ed0496ef84a2ab8e9bd0947232e03b1d4f0dfc6ab3f721754034e9e809dd83c7
                                                                            • Opcode Fuzzy Hash: dbaf99fa4423a1f3adf368dfeb11cd1e5322a0253855be351de1d8e7fc337a2b
                                                                            • Instruction Fuzzy Hash: C9314D72B1564386E7848F31A460B7A77D0FB40B6CF688236DD394A2E8DB7CD845C750
                                                                            Function 00007FFDFB977DD0 Relevance: 5.1, APIs: 4, Instructions: 81COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: CriticalSection$EnterLeave
                                                                            • String ID:
                                                                            • API String ID: 3168844106-0
                                                                            • Opcode ID: 3daa023327df31125aad0ab46ab992fec0b38e9f634fe2131313756e927dbfc2
                                                                            • Instruction ID: 757082f6c4dcf1e9bd8a4b4559ec2089051881271c1ebba3f020f1eff0cf6264
                                                                            • Opcode Fuzzy Hash: 3daa023327df31125aad0ab46ab992fec0b38e9f634fe2131313756e927dbfc2
                                                                            • Instruction Fuzzy Hash: 4B314EB2B092038AEB55CF35E410A6937E1FB44B58F688635CD294A7ECDA3CD845CB51
                                                                            Function 00007FFE1322672C Relevance: 5.1, APIs: 4, Instructions: 53COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetLastError.KERNEL32(?,?,?,00007FFE132265B9,?,?,?,?,00007FFE1322FB22,?,?,?,?,?), ref: 00007FFE1322674B
                                                                            • SetLastError.KERNEL32(?,?,?,00007FFE132265B9,?,?,?,?,00007FFE1322FB22,?,?,?,?,?), ref: 00007FFE132267D4
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908589897.00007FFE13221000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE13220000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908574862.00007FFE13220000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908610418.00007FFE13231000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908629237.00007FFE13236000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908644951.00007FFE13237000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffe13220000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: ErrorLast
                                                                            • String ID:
                                                                            • API String ID: 1452528299-0
                                                                            • Opcode ID: c7aaac8a80d8b30c274ca3e3b7c59e83a4e0092024cc1b5b0b7c72c8c7be0031
                                                                            • Instruction ID: c83650567457c190254701ed108fbe68a963b083bc727529fa9ad3d537f647cc
                                                                            • Opcode Fuzzy Hash: c7aaac8a80d8b30c274ca3e3b7c59e83a4e0092024cc1b5b0b7c72c8c7be0031
                                                                            • Instruction Fuzzy Hash: 5C114F25A09E5289FA34B723BC4417462A1EFE8BB0F1446B4D96E267F5DF7CB841C600
                                                                            Function 00007FFDFB977B90 Relevance: 5.1, APIs: 4, Instructions: 52COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • EnterCriticalSection.KERNEL32(?,?,?,?,00007FFDFB977EA7,?,?,?,?,?,?,?,?,00007FFDFB901502), ref: 00007FFDFB977BB6
                                                                            • LeaveCriticalSection.KERNEL32(?,?,00007FFDFB977EA7,?,?,?,?,?,?,?,?,00007FFDFB901502), ref: 00007FFDFB977BDB
                                                                            • EnterCriticalSection.KERNEL32(?,?,00007FFDFB977EA7,?,?,?,?,?,?,?,?,00007FFDFB901502), ref: 00007FFDFB977C0C
                                                                            • LeaveCriticalSection.KERNEL32(?,?,00007FFDFB977EA7,?,?,?,?,?,?,?,?,00007FFDFB901502), ref: 00007FFDFB977C16
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.1908353580.00007FFDFB8C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDFB8C0000, based on PE: true
                                                                            • Associated: 0000000A.00000002.1908336743.00007FFDFB8C0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908423399.00007FFDFB985000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908442113.00007FFDFB986000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908497039.00007FFDFBAC3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908510808.00007FFDFBAC8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBAC9000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908526999.00007FFDFBACC000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 0000000A.00000002.1908559562.00007FFDFBACD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_10_2_7ffdfb8c0000_obs-ffmpeg-mux.jbxd
                                                                            Similarity
                                                                            • API ID: CriticalSection$EnterLeave
                                                                            • String ID:
                                                                            • API String ID: 3168844106-0
                                                                            • Opcode ID: 3a1490edba09e3a7becc86b2e09e5672a663190b4e9fac5deeb906d35fe4d6c1
                                                                            • Instruction ID: edc214e8990bb334c75c00d7fe8a81155ddfa0060d5d69b23d7bb1095eb95170
                                                                            • Opcode Fuzzy Hash: 3a1490edba09e3a7becc86b2e09e5672a663190b4e9fac5deeb906d35fe4d6c1
                                                                            • Instruction Fuzzy Hash: 5B01DF22B0A65699E625AB33BC50E3A6790BB88FD9F995431DD2E073A4CD3CE4418300