Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
fideo-1.0.5.exe

Overview

General Information

Sample name:fideo-1.0.5.exe
Analysis ID:1521415
MD5:ba835cdf19310218103f9596c0e5ab4e
SHA1:3435fe83a01d637c2ea001bdf9c17eb1a99bc760
SHA256:68b2c094a9db953e19588e032c462de9070d8370fe909dfd4ccefc9557f7993c
Tags:exeuser-likeastar20
Infos:

Detection

Score:30
Range:0 - 100
Whitelisted:false
Confidence:0%

Signatures

Drops large PE files
Contains functionality for read data from the clipboard
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to shutdown / reboot the system
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables security privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
IP address seen in connection with other malware
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries keyboard layouts
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Stores files to the Windows start menu directory
Uses 32bit PE files
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

  • System is w10x64
  • fideo-1.0.5.exe (PID: 5396 cmdline: "C:\Users\user\Desktop\fideo-1.0.5.exe" MD5: BA835CDF19310218103F9596C0E5AB4E)
  • fideo.exe (PID: 5580 cmdline: "C:\Program Files\fideo\fideo.exe" MD5: F877855851D8A48ADC29431B6B46A3B7)
    • fideo.exe (PID: 7148 cmdline: "C:\Program Files\fideo\fideo.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\fideo" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1800,i,17151387384183765936,16765276755101112878,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1768 /prefetch:2 MD5: F877855851D8A48ADC29431B6B46A3B7)
    • explorer.exe (PID: 1028 cmdline: C:\Windows\Explorer.EXE MD5: 662F4F92FDE3557E86D110526BB578D5)
    • fideo.exe (PID: 5404 cmdline: "C:\Program Files\fideo\fideo.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\fideo" --field-trial-handle=3108,i,17151387384183765936,16765276755101112878,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3228 /prefetch:3 MD5: F877855851D8A48ADC29431B6B46A3B7)
    • fideo.exe (PID: 5792 cmdline: "C:\Program Files\fideo\fideo.exe" --type=renderer --user-data-dir="C:\Users\user\AppData\Roaming\fideo" --app-user-model-id=site.fideo.app --app-path="C:\Program Files\fideo\resources\app.asar" --no-sandbox --no-zygote --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --time-ticks-at-unix-epoch=-1727506034100756 --launch-time-ticks=5606445806 --field-trial-handle=3376,i,17151387384183765936,16765276755101112878,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3260 /prefetch:1 MD5: F877855851D8A48ADC29431B6B46A3B7)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results
Source: fideo-1.0.5.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideoJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\chrome_100_percent.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\chrome_200_percent.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\d3dcompiler_47.dllJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\ffmpeg.dllJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\fideo.exeJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\icudtl.datJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\libEGL.dllJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\libGLESv2.dllJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\LICENSE.electron.txtJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\LICENSES.chromium.htmlJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\resources.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\snapshot_blob.binJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\v8_context_snapshot.binJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\vk_swiftshader.dllJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\vk_swiftshader_icd.jsonJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\vulkan-1.dllJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\localesJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\af.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\am.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\ar.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\bg.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\bn.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\ca.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\cs.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\da.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\de.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\el.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\en-GB.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\en-US.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\es-419.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\es.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\et.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\fa.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\fi.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\fil.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\fr.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\gu.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\he.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\hi.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\hr.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\hu.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\id.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\it.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\ja.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\kn.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\ko.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\lt.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\lv.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\ml.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\mr.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\ms.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\nb.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\nl.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\pl.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\pt-BR.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\pt-PT.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\ro.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\ru.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\sk.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\sl.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\sr.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\sv.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\sw.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\ta.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\te.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\th.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\tr.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\uk.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\ur.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\vi.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\zh-CN.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\zh-TW.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\resourcesJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\resources\app-update.ymlJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\resources\app.asarJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\resources\elevate.exeJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\Uninstall fideo.exeJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\0c537e61-f110-51ad-b451-32e3d3ff1b96Jump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeFile created: C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\LICENSE.electron.txtJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeFile created: C:\Program Files\fideo\LICENSE.electron.txtJump to behavior
Source: fideo-1.0.5.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: out\Default\libEGL.dll.pdb source: fideo-1.0.5.exe, 00000000.00000003.2299986435.0000000002F01000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Dev\elevate\bin\x86\Release\Elevate.pdb source: fideo-1.0.5.exe, 00000000.00000003.2299487517.0000000002F1D000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D3DCompiler_47.pdb source: fideo-1.0.5.exe, 00000000.00000003.2246286668.00000000051A6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\ffmpeg.dll.pdb source: fideo-1.0.5.exe, 00000000.00000003.2247953318.00000000051A6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D3DCompiler_47.pdbGCTL source: fideo-1.0.5.exe, 00000000.00000003.2246286668.00000000051A6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\vk_swiftshader.dll.pdb source: fideo-1.0.5.exe, 00000000.00000003.2243088065.0000000006160000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296994507.00000000051B3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\libGLESv2.dll.pdb source: fideo-1.0.5.exe, 00000000.00000003.2243088065.0000000006160000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\vulkan-1.dll.pdb source: fideo-1.0.5.exe, 00000000.00000003.2240560265.0000000005BE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2297215121.0000000005662000.00000004.00000020.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2242788723.0000000005C20000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2240403483.0000000005400000.00000004.00001000.00020000.00000000.sdmp
Source: C:\Users\user\Desktop\fideo-1.0.5.exeCode function: 0_2_004059CC GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_004059CC
Source: C:\Users\user\Desktop\fideo-1.0.5.exeCode function: 0_2_004065FD FindFirstFileW,FindClose,0_2_004065FD
Source: C:\Users\user\Desktop\fideo-1.0.5.exeCode function: 0_2_00402868 FindFirstFileW,0_2_00402868
Source: C:\Program Files\fideo\fideo.exeFile opened: C:\Users\user\AppData\Roaming\fideo\Network\a95d87e4-4214-4898-b535-e90e33495b42.tmpJump to behavior
Source: C:\Program Files\fideo\fideo.exeFile opened: C:\Users\user\AppData\Jump to behavior
Source: C:\Program Files\fideo\fideo.exeFile opened: C:\Users\user\Jump to behavior
Source: C:\Program Files\fideo\fideo.exeFile opened: C:\Users\user\AppData\Roaming\fideo\Network\Network Persistent StateJump to behavior
Source: C:\Program Files\fideo\fideo.exeFile opened: C:\Users\user\AppData\Roaming\fideo\Jump to behavior
Source: C:\Program Files\fideo\fideo.exeFile opened: C:\Users\user\AppData\Roaming\Jump to behavior
Source: Joe Sandbox ViewIP Address: 162.159.61.3 162.159.61.3
Source: Joe Sandbox ViewIP Address: 172.65.251.78 172.65.251.78
Source: Joe Sandbox ViewIP Address: 140.82.121.5 140.82.121.5
Source: Joe Sandbox ViewIP Address: 172.64.41.3 172.64.41.3
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: fideo-1.0.5.exe, 00000000.00000003.2141380953.000000000639E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: [Video](https://www.youtube.com/watch?v=N2UNk_UCVyA) equals www.youtube.com (Youtube)
Source: fideo-1.0.5.exe, 00000000.00000003.2141380953.000000000639E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: [Video](https://www.youtube.com/watch?v=RkXv4AXXC_4) equals www.youtube.com (Youtube)
Source: global trafficDNS traffic detected: DNS query: gitlab.com
Source: global trafficDNS traffic detected: DNS query: api.github.com
Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cldr.unicode.org/index/downloads
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://code.google.com/p/python-gflags/
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://code.google.com/p/smhasher/
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://developer.android.com/tools/extras/support-library.html
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://git.linuxtv.org/v4l-utils.git
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.github.io/snappy/
Source: fideo-1.0.5.exe, 00000000.00000003.2299487517.0000000002F1D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://int3.de/
Source: fideo-1.0.5.exe, 00000000.00000003.2243616901.00000000073E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://narwhaljs.org)
Source: fideo-1.0.5.exe, 00000000.00000000.2012357852.000000000040A000.00000008.00000001.01000000.00000003.sdmp, fideo-1.0.5.exe, 00000000.00000002.2386013280.000000000040A000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://opensource.perlig.de/rjsmin/
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://source.android.com/
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://source.android.com/compatibility)
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tukaani.org/xz/
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tukaani.org/xz/>.
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://valgrind.org
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://website-archive.mozilla.org/www.mozilla.org/mpl/MPL/NPL/1.1/):
Source: fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/
Source: fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2243616901.00000000073E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.apple.com/legal/guidelinesfor3rdparties.html.
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ecma-international.org/memento/codeofconduct.htm
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.finesse.demon.co.uk/steven/sqrt.html.
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.freedesktop.org/wiki/Software/xdg-user-dirs
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.gutenberg.org/ebooks/53).
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.linux-usb.org/usb-ids.html
Source: fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/MPL/
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/NPL/
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.opensource.apple.com/apsl/
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.opensource.org/licenses/bsd-license.php
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.pertinentdetail.org/sqrt
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ploscompbiol.org/static/license
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.polymer-project.org
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.portaudio.com
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.softsynth.com
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.suitable.com
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.suitable.com/tools/smslib.html
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.suitable.com/tools/smslib.html>
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.webrtc.org
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://zlib.net/
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://android.googlesource.com/platform/external/puffin
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://android.googlesource.com/platform/external/setupdesign/
Source: fideo-1.0.5.exe, 00000000.00000003.2297278104.0000000002F15000.00000004.00000020.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2299456884.0000000005662000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromestatus.com/features#browsers.chrome.status%3A%22Deprecated%22
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromium.googlesource.com/chromium/src/
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromium.googlesource.com/external/github.com/intel/tinycbor.git
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromium.googlesource.com/vulkan-deps/
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromium.googlesource.com/webm/libwebm
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromium.googlesource.com/webm/libwebp
Source: fideo-1.0.5.exe, 00000000.00000003.2243616901.00000000073E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://console.spec.whatwg.org/#console-namespace
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://creativecommons.org/licenses/by/3.0/
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://developers.google.com/android/guides/setup
Source: fideo-1.0.5.exe, 00000000.00000003.2243616901.00000000073E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://esdiscuss.org/topic/isconstructor#content-11
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Cyan4973/xxHash
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/GPUOpen-LibrariesAndSDKs/VulkanMemoryAllocator
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/GoogleChromeLabs/text-fragments-polyfill
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/KhronosGroup/SPIRV-Headers
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/KhronosGroup/SPIRV-Headers.git
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/KhronosGroup/SPIRV-Tools
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/KhronosGroup/SPIRV-Tools.git
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/KhronosGroup/Vulkan-Headers
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/KhronosGroup/Vulkan-Loader
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Maratyszcza/pthreadpool
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/PortAudio/portaudio/tree/master/src/common
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/ReactiveX/rxjs
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/SeleniumHQ/selenium/tree/trunk
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Squirrel/Squirrel.Mac
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/WebAssembly/wasm-c-api/
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/aawc/unrar.git
Source: fideo-1.0.5.exe, 00000000.00000003.2243616901.00000000073E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/addaleax/eventemitter-asyncresource
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/brailcom/speechd
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/dpranke/typ.git
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/etingof/pyasn1
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/facebook/zstd
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/diff-match-patch/tree/master/javascript
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/distributed_point_functions
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/google-api-cpp-client/
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/pprof/tree/master/proto
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/private-join-and-compute
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/protobuf
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/re2
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/ruy
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/securemessage
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/sentencepiece
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/shell-encryption
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/ukey2
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/wicked-good-xpath
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/woff2
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/wuffs-mirror-release-c
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/xnnpack
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/intel/libva
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/jrmuizel/qcms/tree/v4
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/kenchris/urlpattern-polyfill
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2140943015.00000000058E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/lucide-icons/lucide/issues/670.
Source: fideo-1.0.5.exe, 00000000.00000003.2243616901.00000000073E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mysticatea/abort-controller
Source: fideo-1.0.5.exe, 00000000.00000003.2243616901.00000000073E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/commit/f7620fb96d339f704932f9bb9a0dceb9952df2d4
Source: fideo-1.0.5.exe, 00000000.00000003.2243616901.00000000073E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/19009
Source: fideo-1.0.5.exe, 00000000.00000003.2243616901.00000000073E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/26334.
Source: fideo-1.0.5.exe, 00000000.00000003.2243616901.00000000073E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/30380#issuecomment-552948364
Source: fideo-1.0.5.exe, 00000000.00000003.2243616901.00000000073E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/34010
Source: fideo-1.0.5.exe, 00000000.00000003.2243616901.00000000073E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/38433#issuecomment-828426932
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/protocolbuffers/protobuf-javascript
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/protocolbuffers/protobuf/blob/master/java/lite.md
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/puppeteer/puppeteer/tree/main/packages/puppeteer-core
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/requests/toolbelt
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/simplejson/simplejson
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/models
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/tensorflow
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/text.git
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/tflite-support
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/test262-utils/test262-harness-py
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/wasdk/wasmparser
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/xiph/rnnoise
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/zeux/volk
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/zorkow/speech-rule-engine
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitlab.freedesktop.org/xorg/proto/xproto/
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hg.mozilla.org/mozilla-central/file/tip/netwerk/base/nsURLParsers.cpp
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2140943015.00000000058E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/guide/packages/lucide-react
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/ruler
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/russian-ruble
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/sailboat
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/salad
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/sandwich
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/satellite
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/satellite-dish
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/save
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/save-all
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/scale
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/scale-3d
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/scaling
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/scan
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/scan-barcode
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/scan-eye
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/scan-face
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/scan-line
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/scan-search
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/scan-text
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/scatter-chart
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/school
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/scissors
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/scissors-line-dashed
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/screen-share
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/screen-share-off
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/scroll
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/scroll-text
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/search
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/search-check
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/search-code
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/search-slash
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/search-x
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/section
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/send
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/send-horizontal
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/send-to-back
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/separator-horizontal
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/separator-vertical
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/server
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/server-crash
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/server-off
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/settings-2
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/shapes
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/share
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/share-2
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/sheet
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/shell
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/shield
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/shield-alert
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/shield-ban
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/shield-check
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/shield-ellipsis
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/shield-half
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/shield-minus
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/shield-off
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/shield-plus
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/shield-question
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/shield-x
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/ship
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/ship-wheel
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/shirt
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/shopping-bag
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/shopping-basket
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/shopping-cart
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/shovel
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/shower-head
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/shrink
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/shrub
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/shuffle
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/sigma
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/signal
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/signal-high
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/signal-low
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/signal-medium
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/signal-zero
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/signpost
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/signpost-big
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/siren
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/skip-back
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/skip-forward
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/skull
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/slash
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/slice
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/sliders-vertical
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/smartphone
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/smartphone-charging
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/smartphone-nfc
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/smile
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/smile-plus
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/snail
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/snowflake
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/sofa
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/soup
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/space
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/spade
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/sparkle
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/sparkles
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/speaker
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/speech
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/spell-check
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/spell-check-2
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/spline
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/split
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/spray-can
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/sprout
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/square
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/square-activity
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/square-arrow-down
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/square-arrow-down-left
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/square-arrow-down-right
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/square-arrow-left
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/square-arrow-out-down-left
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/square-arrow-out-down-right
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/square-arrow-out-up-left
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/square-arrow-out-up-right
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/square-arrow-right
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/square-arrow-up
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/square-arrow-up-left
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/square-arrow-up-right
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/square-asterisk
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/square-bottom-dashed-scissors
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/square-check
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/square-check-big
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/square-chevron-down
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/square-chevron-left
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/square-chevron-right
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/square-chevron-up
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/square-code
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/square-dashed-bottom
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/square-dashed-bottom-code
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/square-dashed-mouse-pointer
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/square-divide
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/square-dot
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/square-equal
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/square-function
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/square-gantt-chart
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/square-kanban
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/square-library
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/square-m
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/square-menu
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/square-minus
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/square-mouse-pointer
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/square-parking
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/square-parking-off
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/square-pen
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/square-percent
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/square-pi
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/square-pilcrow
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/square-play
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/square-plus
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/square-power
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/square-radical
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/square-scissors
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/square-sigma
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/square-slash
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/square-split-horizontal
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/square-split-vertical
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/square-stack
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/square-terminal
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/square-user
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/square-user-round
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/square-x
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/squircle
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/squirrel
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/stamp
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/star
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/star-half
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/star-off
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/step-back
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/step-forward
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/stethoscope
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/sticker
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/sticky-note
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/stretch-horizontal
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/stretch-vertical
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/strikethrough
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/subscript
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/sun
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/sun-dim
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/sun-medium
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/sun-moon
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/sun-snow
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/sunrise
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/sunset
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/superscript
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/swatch-book
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/swiss-franc
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/switch-camera
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/sword
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/swords
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/syringe
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/table
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/table-2
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/table-cells-merge
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/table-cells-split
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/table-columns-split
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/table-properties
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/table-rows-split
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/tablet
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/tablet-smartphone
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/tablets
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/tag
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/tags
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/tally-1
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/tally-2
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/tally-3
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/tally-4
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/tally-5
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/tangent
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/target
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/tent
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/tent-tree
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/terminal
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/test-tube
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/test-tube-diagonal
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/test-tubes
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/text
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/text-cursor
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/text-cursor-input
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/text-quote
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/text-search
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/theater
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/thermometer
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/thermometer-snowflake
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/thermometer-sun
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/thumbs-down
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/thumbs-up
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/ticket
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/ticket-check
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/ticket-minus
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/ticket-percent
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/ticket-plus
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/ticket-slash
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/ticket-x
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/timer
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/timer-off
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/timer-reset
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/toggle-left
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/toggle-right
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/tornado
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/torus
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/touchpad
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/touchpad-off
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/tower-control
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/toy-brick
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/tractor
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/traffic-cone
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/train-front
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/train-front-tunnel
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/train-track
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/tram-front
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/trash
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/trash-2
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/tree-deciduous
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/tree-palm
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/tree-pine
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/trees
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/trello
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/trending-down
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/trending-up
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/triangle
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/triangle-alert
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/triangle-right
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/trophy
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/truck
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/turtle
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/tv
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/tv-2
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/twitch
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/twitter
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/type
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/umbrella
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/umbrella-off
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/underline
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/undo
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/undo-2
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/undo-dot
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/unfold-horizontal
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/unfold-vertical
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/ungroup
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/university
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/unlink
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/unlink-2
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/unplug
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/upload
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/usb
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/user
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/user-check
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/user-cog
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/user-minus
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/user-plus
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/user-round
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/user-round-check
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/user-round-cog
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/user-round-minus
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/user-round-plus
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/user-round-search
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/user-round-x
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/user-search
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/user-x
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/users
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/users-round
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/utensils
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/utensils-crossed
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/utility-pole
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/variable
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/vegan
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/venetian-mask
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/vibrate
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/vibrate-off
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/video
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/video-off
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/videotape
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/view
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/voicemail
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/volume
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/volume-1
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/volume-2
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/volume-x
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/vote
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/wallet
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/wallet-cards
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/wallet-minimal
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/wallpaper
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/wand
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/wand-sparkles
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/warehouse
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/washing-machine
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/watch
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/waves
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/waypoints
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/webcam
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/webhook
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/webhook-off
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/weight
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/whole-word
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/wifi
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/wifi-off
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/wind
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/wine
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/wine-off
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/workflow
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/worm
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/wrap-text
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/wrench
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/x
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/youtube
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/zap
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/zap-off
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/zoom-in
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lucide.dev/icons/zoom-out
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://opensource.apple.com/source/xnu/
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://polymer-library.polymer-project.org
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pypi.org/project/pyparsing
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pypi.org/project/six/
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pypi.python.org/pypi/pyfakefs
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pypi.python.org/pypi/webapp2
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://quiche.googlesource.com/quiche
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://redux.js.org/
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://simpleicons.org/?q=trello
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://simpleicons.org/?q=twitch
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://simpleicons.org/?q=twitter
Source: fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://simpleicons.org/?q=youtube
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sites.google.com/site/gaviotachessengine/Home/endgame-tablebases-1
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sizzlejs.com/
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://skia.org/
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2243616901.00000000073E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://source.chromium.org/chromium/chromium/src/
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://source.corp.google.com/piper///depot/google3/third_party/tamachiyomi/README.md
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sourceforge.net/projects/wtl/files/WTL%2010/
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sqlite.org/
Source: fideo-1.0.5.exe, 00000000.00000003.2243616901.00000000073E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://streams.spec.whatwg.org/#example-rbs-pull
Source: fideo-1.0.5.exe, 00000000.00000003.2297278104.0000000002F15000.00000004.00000020.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2299456884.0000000005662000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/a/answer/9122284
Source: fideo-1.0.5.exe, 00000000.00000003.2297278104.0000000002F15000.00000004.00000020.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2299456884.0000000005662000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/answer/6098869
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://swiftshader.googlesource.com/SwiftShader
Source: fideo-1.0.5.exe, 00000000.00000003.2243616901.00000000073E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.github.io/ecma262/#sec-%typedarray%.of
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v8.dev/
Source: fideo-1.0.5.exe, 00000000.00000003.2243616901.00000000073E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://webidl.spec.whatwg.org/#Exposed.
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://webkit.org/
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.apache.org/licenses/
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.apache.org/licenses/LICENSE-2.0
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.chromium.org
Source: fideo-1.0.5.exe, 00000000.00000003.2243616901.00000000073E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.iana.org/assignments/tls-extensiontype-values
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.khronos.org/registry/
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.unicode.org/copyright.html.
Source: fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2299305801.00000000051B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://zod.dev
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: C:\Users\user\Desktop\fideo-1.0.5.exeCode function: 0_2_00405461 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_00405461

System Summary

barindex
Drops large PE files
Source: C:\Users\user\Desktop\fideo-1.0.5.exeFile dump: fideo.exe.0.dr 180356608Jump to dropped file
Source: C:\Users\user\Desktop\fideo-1.0.5.exeFile dump: fideo.exe0.0.dr 180356608Jump to dropped file
Source: C:\Users\user\Desktop\fideo-1.0.5.exeCode function: 0_2_04FC10D0 GetVersionExW,LoadLibraryW,GetProcAddress,LocalAlloc,LocalAlloc,NtQuerySystemInformation,LocalFree,LocalAlloc,FreeLibrary,lstrcpynW,lstrcmpiW,LocalFree,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,lstrlenW,lstrlenA,MultiByteToWideChar,lstrcmpiW,CloseHandle,FreeLibrary,0_2_04FC10D0
Source: C:\Users\user\Desktop\fideo-1.0.5.exeCode function: 0_2_0040338F EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,ExitProcess,CoUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040338F
Source: C:\Users\user\Desktop\fideo-1.0.5.exeCode function: 0_2_00406B150_2_00406B15
Source: C:\Users\user\Desktop\fideo-1.0.5.exeCode function: 0_2_004072EC0_2_004072EC
Source: C:\Users\user\Desktop\fideo-1.0.5.exeCode function: 0_2_00404C9E0_2_00404C9E
Source: C:\Users\user\Desktop\fideo-1.0.5.exeProcess token adjusted: SecurityJump to behavior
Source: fideo.exe.0.drStatic PE information: Number of sections : 15 > 10
Source: fideo.exe0.0.drStatic PE information: Number of sections : 15 > 10
Source: fideo-1.0.5.exe, 00000000.00000003.2299487517.0000000002F1D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameElevate.exeH vs fideo-1.0.5.exe
Source: fideo-1.0.5.exe, 00000000.00000003.2246286668.00000000051A6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamed3dcompiler_47.dllj% vs fideo-1.0.5.exe
Source: fideo-1.0.5.exe, 00000000.00000003.2243616901.00000000073E0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename, vs fideo-1.0.5.exe
Source: fideo-1.0.5.exe, 00000000.00000003.2243088065.0000000006160000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevk_swiftshader.dll, vs fideo-1.0.5.exe
Source: fideo-1.0.5.exe, 00000000.00000003.2243088065.0000000006160000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibGLESv2.dllb! vs fideo-1.0.5.exe
Source: fideo-1.0.5.exe, 00000000.00000003.2249877884.00000000051A4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename, vs fideo-1.0.5.exe
Source: fideo-1.0.5.exe, 00000000.00000003.2296994507.00000000051B3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevk_swiftshader.dll, vs fideo-1.0.5.exe
Source: fideo-1.0.5.exe, 00000000.00000003.2149604673.0000000006186000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamed3dcompiler_47.dllj% vs fideo-1.0.5.exe
Source: fideo-1.0.5.exe, 00000000.00000003.2295944352.00000000051B9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibGLESv2.dllb! vs fideo-1.0.5.exe
Source: fideo-1.0.5.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: classification engineClassification label: sus30.winEXE@8/141@6/4
Source: C:\Users\user\Desktop\fideo-1.0.5.exeCode function: 0_2_0040338F EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,ExitProcess,CoUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040338F
Source: C:\Users\user\Desktop\fideo-1.0.5.exeCode function: 0_2_00404722 GetDlgItem,SetWindowTextW,SHAutoComplete,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceExW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_00404722
Source: C:\Users\user\Desktop\fideo-1.0.5.exeCode function: 0_2_00402104 CoCreateInstance,0_2_00402104
Source: C:\Users\user\Desktop\fideo-1.0.5.exeFile created: C:\Program Files\fideoJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeFile created: C:\Users\user\AppData\Local\fideo-updaterJump to behavior
Source: C:\Program Files\fideo\fideo.exeMutant created: NULL
Source: C:\Program Files\fideo\fideo.exeMutant created: \Sessions\1\BaseNamedObjects\mfx_d3d_mutex
Source: C:\Users\user\Desktop\fideo-1.0.5.exeMutant created: \Sessions\1\BaseNamedObjects\0c537e61-f110-51ad-b451-32e3d3ff1b96
Source: C:\Users\user\Desktop\fideo-1.0.5.exeFile created: C:\Users\user\AppData\Local\Temp\nsuE640.tmpJump to behavior
Source: fideo-1.0.5.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\fideo-1.0.5.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Program Files\fideo\fideo.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Program Files\fideo\fideo.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeFile read: C:\Users\user\Desktop\fideo-1.0.5.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\fideo-1.0.5.exe "C:\Users\user\Desktop\fideo-1.0.5.exe"
Source: unknownProcess created: C:\Program Files\fideo\fideo.exe "C:\Program Files\fideo\fideo.exe"
Source: C:\Program Files\fideo\fideo.exeProcess created: C:\Program Files\fideo\fideo.exe "C:\Program Files\fideo\fideo.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\fideo" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1800,i,17151387384183765936,16765276755101112878,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1768 /prefetch:2
Source: C:\Program Files\fideo\fideo.exeProcess created: C:\Program Files\fideo\fideo.exe "C:\Program Files\fideo\fideo.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\fideo" --field-trial-handle=3108,i,17151387384183765936,16765276755101112878,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3228 /prefetch:3
Source: C:\Program Files\fideo\fideo.exeProcess created: C:\Program Files\fideo\fideo.exe "C:\Program Files\fideo\fideo.exe" --type=renderer --user-data-dir="C:\Users\user\AppData\Roaming\fideo" --app-user-model-id=site.fideo.app --app-path="C:\Program Files\fideo\resources\app.asar" --no-sandbox --no-zygote --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --time-ticks-at-unix-epoch=-1727506034100756 --launch-time-ticks=5606445806 --field-trial-handle=3376,i,17151387384183765936,16765276755101112878,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3260 /prefetch:1
Source: C:\Program Files\fideo\fideo.exeProcess created: C:\Program Files\fideo\fideo.exe "C:\Program Files\fideo\fideo.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\fideo" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1800,i,17151387384183765936,16765276755101112878,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1768 /prefetch:2Jump to behavior
Source: C:\Program Files\fideo\fideo.exeProcess created: C:\Program Files\fideo\fideo.exe "C:\Program Files\fideo\fideo.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\fideo" --field-trial-handle=3108,i,17151387384183765936,16765276755101112878,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3228 /prefetch:3Jump to behavior
Source: C:\Program Files\fideo\fideo.exeProcess created: C:\Program Files\fideo\fideo.exe "C:\Program Files\fideo\fideo.exe" --type=renderer --user-data-dir="C:\Users\user\AppData\Roaming\fideo" --app-user-model-id=site.fideo.app --app-path="C:\Program Files\fideo\resources\app.asar" --no-sandbox --no-zygote --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --time-ticks-at-unix-epoch=-1727506034100756 --launch-time-ticks=5606445806 --field-trial-handle=3376,i,17151387384183765936,16765276755101112878,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3260 /prefetch:1Jump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeSection loaded: shfolder.dllJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeSection loaded: iconcodecservice.dllJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeSection loaded: riched20.dllJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeSection loaded: usp10.dllJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeSection loaded: msls31.dllJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeSection loaded: ntshrui.dllJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeSection loaded: linkinfo.dllJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeSection loaded: sxs.dllJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeSection loaded: netutils.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: ffmpeg.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: winmm.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: userenv.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: version.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: secur32.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: dbgcore.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: kbdus.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: wldp.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: windows.ui.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: windowmanagementapi.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: inputhost.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: propsys.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: profapi.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: winsta.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: mscms.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: coloradapterclient.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: mmdevapi.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: devobj.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: iconcodecservice.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: dataexchange.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: d3d11.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: dcomp.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: windows.globalization.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: bcp47mrm.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: twinapi.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: atlthunk.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: directmanipulation.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: msspellcheckingfacility.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: ffmpeg.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: winmm.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: userenv.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: version.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: secur32.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: dbgcore.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: resourcepolicyclient.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: mf.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: mfplat.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: rtworkq.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: dcomp.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.cloudstore.schema.shell.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: mfsrcsnk.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: vcruntime140_1.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: msvcp140.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.internal.shell.broker.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: ffmpeg.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: winmm.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: userenv.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: version.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: secur32.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: dbgcore.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: kbdus.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Program Files\fideo\fideo.exeSection loaded: ffmpeg.dll
Source: C:\Program Files\fideo\fideo.exeSection loaded: dbghelp.dll
Source: C:\Program Files\fideo\fideo.exeSection loaded: winmm.dll
Source: C:\Program Files\fideo\fideo.exeSection loaded: iphlpapi.dll
Source: C:\Program Files\fideo\fideo.exeSection loaded: userenv.dll
Source: C:\Program Files\fideo\fideo.exeSection loaded: version.dll
Source: C:\Program Files\fideo\fideo.exeSection loaded: dwrite.dll
Source: C:\Program Files\fideo\fideo.exeSection loaded: secur32.dll
Source: C:\Program Files\fideo\fideo.exeSection loaded: winhttp.dll
Source: C:\Program Files\fideo\fideo.exeSection loaded: dhcpcsvc.dll
Source: C:\Program Files\fideo\fideo.exeSection loaded: dbgcore.dll
Source: C:\Program Files\fideo\fideo.exeSection loaded: dpapi.dll
Source: C:\Program Files\fideo\fideo.exeSection loaded: sspicli.dll
Source: C:\Program Files\fideo\fideo.exeSection loaded: powrprof.dll
Source: C:\Program Files\fideo\fideo.exeSection loaded: umpdc.dll
Source: C:\Program Files\fideo\fideo.exeSection loaded: uxtheme.dll
Source: C:\Program Files\fideo\fideo.exeSection loaded: mswsock.dll
Source: C:\Program Files\fideo\fideo.exeSection loaded: ntmarta.dll
Source: C:\Program Files\fideo\fideo.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\Desktop\fideo-1.0.5.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideoJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\chrome_100_percent.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\chrome_200_percent.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\d3dcompiler_47.dllJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\ffmpeg.dllJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\fideo.exeJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\icudtl.datJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\libEGL.dllJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\libGLESv2.dllJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\LICENSE.electron.txtJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\LICENSES.chromium.htmlJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\resources.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\snapshot_blob.binJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\v8_context_snapshot.binJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\vk_swiftshader.dllJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\vk_swiftshader_icd.jsonJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\vulkan-1.dllJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\localesJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\af.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\am.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\ar.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\bg.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\bn.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\ca.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\cs.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\da.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\de.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\el.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\en-GB.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\en-US.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\es-419.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\es.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\et.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\fa.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\fi.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\fil.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\fr.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\gu.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\he.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\hi.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\hr.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\hu.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\id.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\it.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\ja.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\kn.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\ko.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\lt.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\lv.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\ml.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\mr.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\ms.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\nb.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\nl.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\pl.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\pt-BR.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\pt-PT.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\ro.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\ru.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\sk.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\sl.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\sr.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\sv.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\sw.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\ta.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\te.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\th.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\tr.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\uk.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\ur.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\vi.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\zh-CN.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\locales\zh-TW.pakJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\resourcesJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\resources\app-update.ymlJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\resources\app.asarJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\resources\elevate.exeJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDirectory created: C:\Program Files\fideo\Uninstall fideo.exeJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\0c537e61-f110-51ad-b451-32e3d3ff1b96Jump to behavior
Source: fideo-1.0.5.exeStatic file information: File size 83114406 > 1048576
Source: fideo-1.0.5.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: out\Default\libEGL.dll.pdb source: fideo-1.0.5.exe, 00000000.00000003.2299986435.0000000002F01000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Dev\elevate\bin\x86\Release\Elevate.pdb source: fideo-1.0.5.exe, 00000000.00000003.2299487517.0000000002F1D000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D3DCompiler_47.pdb source: fideo-1.0.5.exe, 00000000.00000003.2246286668.00000000051A6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\ffmpeg.dll.pdb source: fideo-1.0.5.exe, 00000000.00000003.2247953318.00000000051A6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D3DCompiler_47.pdbGCTL source: fideo-1.0.5.exe, 00000000.00000003.2246286668.00000000051A6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\vk_swiftshader.dll.pdb source: fideo-1.0.5.exe, 00000000.00000003.2243088065.0000000006160000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296994507.00000000051B3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\libGLESv2.dll.pdb source: fideo-1.0.5.exe, 00000000.00000003.2243088065.0000000006160000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\vulkan-1.dll.pdb source: fideo-1.0.5.exe, 00000000.00000003.2240560265.0000000005BE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2297215121.0000000005662000.00000004.00000020.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2242788723.0000000005C20000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2240403483.0000000005400000.00000004.00001000.00020000.00000000.sdmp
Source: C:\Users\user\Desktop\fideo-1.0.5.exeCode function: 0_2_04FC10D0 GetVersionExW,LoadLibraryW,GetProcAddress,LocalAlloc,LocalAlloc,NtQuerySystemInformation,LocalFree,LocalAlloc,FreeLibrary,lstrcpynW,lstrcmpiW,LocalFree,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,lstrlenW,lstrlenA,MultiByteToWideChar,lstrcmpiW,CloseHandle,FreeLibrary,0_2_04FC10D0
Source: ffmpeg.dll.0.drStatic PE information: section name: .gxfg
Source: ffmpeg.dll.0.drStatic PE information: section name: .retplne
Source: ffmpeg.dll.0.drStatic PE information: section name: _RDATA
Source: fideo.exe.0.drStatic PE information: section name: .gxfg
Source: fideo.exe.0.drStatic PE information: section name: .retplne
Source: fideo.exe.0.drStatic PE information: section name: .rodata
Source: fideo.exe.0.drStatic PE information: section name: CPADinfo
Source: fideo.exe.0.drStatic PE information: section name: LZMADEC
Source: fideo.exe.0.drStatic PE information: section name: _RDATA
Source: fideo.exe.0.drStatic PE information: section name: malloc_h
Source: fideo.exe.0.drStatic PE information: section name: prot
Source: ffmpeg.dll0.0.drStatic PE information: section name: .gxfg
Source: ffmpeg.dll0.0.drStatic PE information: section name: .retplne
Source: ffmpeg.dll0.0.drStatic PE information: section name: _RDATA
Source: fideo.exe0.0.drStatic PE information: section name: .gxfg
Source: fideo.exe0.0.drStatic PE information: section name: .retplne
Source: fideo.exe0.0.drStatic PE information: section name: .rodata
Source: fideo.exe0.0.drStatic PE information: section name: CPADinfo
Source: fideo.exe0.0.drStatic PE information: section name: LZMADEC
Source: fideo.exe0.0.drStatic PE information: section name: _RDATA
Source: fideo.exe0.0.drStatic PE information: section name: malloc_h
Source: fideo.exe0.0.drStatic PE information: section name: prot
Source: libEGL.dll.0.drStatic PE information: section name: .gxfg
Source: libEGL.dll.0.drStatic PE information: section name: .retplne
Source: libEGL.dll.0.drStatic PE information: section name: _RDATA
Source: libGLESv2.dll.0.drStatic PE information: section name: .gxfg
Source: libGLESv2.dll.0.drStatic PE information: section name: .retplne
Source: libGLESv2.dll.0.drStatic PE information: section name: _RDATA
Source: vk_swiftshader.dll.0.drStatic PE information: section name: .gxfg
Source: vk_swiftshader.dll.0.drStatic PE information: section name: .retplne
Source: vk_swiftshader.dll.0.drStatic PE information: section name: _RDATA
Source: vulkan-1.dll.0.drStatic PE information: section name: .gxfg
Source: vulkan-1.dll.0.drStatic PE information: section name: .retplne
Source: vulkan-1.dll.0.drStatic PE information: section name: _RDATA
Source: C:\Users\user\Desktop\fideo-1.0.5.exeFile created: C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\vulkan-1.dllJump to dropped file
Source: C:\Users\user\Desktop\fideo-1.0.5.exeFile created: C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\System.dllJump to dropped file
Source: C:\Users\user\Desktop\fideo-1.0.5.exeFile created: C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\vk_swiftshader.dllJump to dropped file
Source: C:\Users\user\Desktop\fideo-1.0.5.exeFile created: C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\fideo.exeJump to dropped file
Source: C:\Users\user\Desktop\fideo-1.0.5.exeFile created: C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\libGLESv2.dllJump to dropped file
Source: C:\Users\user\Desktop\fideo-1.0.5.exeFile created: C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\d3dcompiler_47.dllJump to dropped file
Source: C:\Users\user\Desktop\fideo-1.0.5.exeFile created: C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\ffmpeg.dllJump to dropped file
Source: C:\Users\user\Desktop\fideo-1.0.5.exeFile created: C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\libEGL.dllJump to dropped file
Source: C:\Users\user\Desktop\fideo-1.0.5.exeFile created: C:\Program Files\fideo\fideo.exeJump to dropped file
Source: C:\Users\user\Desktop\fideo-1.0.5.exeFile created: C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\UAC.dllJump to dropped file
Source: C:\Users\user\Desktop\fideo-1.0.5.exeFile created: C:\Program Files\fideo\d3dcompiler_47.dllJump to dropped file
Source: C:\Users\user\Desktop\fideo-1.0.5.exeFile created: C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\StdUtils.dllJump to dropped file
Source: C:\Users\user\Desktop\fideo-1.0.5.exeFile created: C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\nsis7z.dllJump to dropped file
Source: C:\Users\user\Desktop\fideo-1.0.5.exeFile created: C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\nsProcess.dllJump to dropped file
Source: C:\Users\user\Desktop\fideo-1.0.5.exeFile created: C:\Program Files\fideo\ffmpeg.dllJump to dropped file
Source: C:\Users\user\Desktop\fideo-1.0.5.exeFile created: C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\resources\elevate.exeJump to dropped file
Source: C:\Users\user\Desktop\fideo-1.0.5.exeFile created: C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\LICENSE.electron.txtJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeFile created: C:\Program Files\fideo\LICENSE.electron.txtJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\fideo.lnkJump to behavior
Source: C:\Program Files\fideo\fideo.exeRegistry key monitored for changes: HKEY_CURRENT_USER\SOFTWARE\Microsoft\SpellingJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\fideo\fideo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\fideo\fideo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\fideo\fideo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\fideo\fideo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\fideo\fideo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\fideo\fideo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\fideo\fideo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\fideo\fideo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\fideo\fideo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\fideo\fideo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\fideo\fideo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\fideo\fideo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\fideo\fideo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\fideo\fideo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\fideo\fideo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\fideo\fideo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\fideo\fideo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\fideo\fideo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\fideo\fideo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\fideo\fideo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\fideo\fideo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\fideo\fideo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\fideo\fideo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\fideo\fideo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\fideo\fideo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\fideo\fideo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\fideo\fideo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\fideo\fideo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\fideo\fideo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\fideo\fideo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\fideo\fideo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\fideo\fideo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 804Jump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\vulkan-1.dllJump to dropped file
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\System.dllJump to dropped file
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\vk_swiftshader.dllJump to dropped file
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\libGLESv2.dllJump to dropped file
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\d3dcompiler_47.dllJump to dropped file
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\libEGL.dllJump to dropped file
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\UAC.dllJump to dropped file
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDropped PE file which has not been started: C:\Program Files\fideo\d3dcompiler_47.dllJump to dropped file
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\nsis7z.dllJump to dropped file
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\StdUtils.dllJump to dropped file
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\nsProcess.dllJump to dropped file
Source: C:\Users\user\Desktop\fideo-1.0.5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\resources\elevate.exeJump to dropped file
Source: C:\Program Files\fideo\fideo.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809Jump to behavior
Source: C:\Program Files\fideo\fideo.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809Jump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeFile Volume queried: C:\Program Files FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeFile Volume queried: C:\Program Files FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Program Files\fideo\fideo.exeFile Volume queried: C:\Users\user\AppData\Roaming\fideo\Code Cache\js FullSizeInformationJump to behavior
Source: C:\Program Files\fideo\fideo.exeFile Volume queried: C:\Users\user\AppData\Roaming\fideo\Code Cache\wasm FullSizeInformationJump to behavior
Source: C:\Program Files\fideo\fideo.exeFile Volume queried: C:\Users\user\AppData\Roaming\fideo\blob_storage\44d9c4de-a48c-40c9-9b9c-6d408b900b1e FullSizeInformationJump to behavior
Source: C:\Program Files\fideo\fideo.exeFile Volume queried: C:\Users\user\AppData\Roaming\fideo FullSizeInformationJump to behavior
Source: C:\Program Files\fideo\fideo.exeFile Volume queried: C:\Users\user\AppData\Roaming\fideo FullSizeInformationJump to behavior
Source: C:\Program Files\fideo\fideo.exeFile Volume queried: C:\Users\user\AppData\Roaming\fideo FullSizeInformationJump to behavior
Source: C:\Program Files\fideo\fideo.exeFile Volume queried: C:\Users\user\AppData\Roaming\fideo FullSizeInformationJump to behavior
Source: C:\Program Files\fideo\fideo.exeFile Volume queried: C:\Users\user\AppData\Roaming\fideo\Cache\Cache_Data FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeCode function: 0_2_004059CC GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_004059CC
Source: C:\Users\user\Desktop\fideo-1.0.5.exeCode function: 0_2_004065FD FindFirstFileW,FindClose,0_2_004065FD
Source: C:\Users\user\Desktop\fideo-1.0.5.exeCode function: 0_2_00402868 FindFirstFileW,0_2_00402868
Source: C:\Program Files\fideo\fideo.exeFile opened: C:\Users\user\AppData\Roaming\fideo\Network\a95d87e4-4214-4898-b535-e90e33495b42.tmpJump to behavior
Source: C:\Program Files\fideo\fideo.exeFile opened: C:\Users\user\AppData\Jump to behavior
Source: C:\Program Files\fideo\fideo.exeFile opened: C:\Users\user\Jump to behavior
Source: C:\Program Files\fideo\fideo.exeFile opened: C:\Users\user\AppData\Roaming\fideo\Network\Network Persistent StateJump to behavior
Source: C:\Program Files\fideo\fideo.exeFile opened: C:\Users\user\AppData\Roaming\fideo\Jump to behavior
Source: C:\Program Files\fideo\fideo.exeFile opened: C:\Users\user\AppData\Roaming\Jump to behavior
Source: fideo-1.0.5.exe, 00000000.00000003.2243088065.0000000006160000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: VMware
Source: explorer.exe, 00000007.00000000.2391153216.0000000009B41000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b},
Source: explorer.exe, 00000007.00000000.2388229673.00000000076F8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}99105f770555d7dd
Source: explorer.exe, 00000007.00000000.2391153216.0000000009B0B000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Prod_VMware_SATAa
Source: explorer.exe, 00000007.00000000.2391153216.0000000009B41000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
Source: explorer.exe, 00000007.00000000.2391153216.0000000009B41000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: NXTcaVMWare
Source: explorer.exe, 00000007.00000000.2391153216.0000000009B41000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 00000007.00000000.2391153216.0000000009B41000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000%
Source: explorer.exe, 00000007.00000000.2385790188.0000000003530000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware, Inc.
Source: explorer.exe, 00000007.00000000.2391153216.0000000009B41000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware SATA CD00
Source: fideo-1.0.5.exe, 00000000.00000003.2243088065.0000000006160000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: (IsLinux() && isVMWare) || (IsAndroid() && isNvidia) || (IsAndroid() && GetAndroidSDKVersion() < 27 && IsAdreno5xxOrOlder(functions)) || (!isMesa && IsMaliT8xxOrOlder(functions)) || (!isMesa && IsMaliG31OrOlder(functions))
Source: explorer.exe, 00000007.00000000.2385790188.0000000003530000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware-42 27 d9 2e dc 89 72 dX
Source: explorer.exe, 00000007.00000000.2388229673.00000000076F8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}^
Source: fideo-1.0.5.exe, 00000000.00000003.2247953318.00000000051A6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vmncVMware Screen Codec / VMware Videovp5On2 VP5vp6On2 VP6vp6fOn2 VP6 (Flash version)targaTruevision Targa imageimage/x-targaimage/x-tga
Source: fideo-1.0.5.exe, 00000000.00000003.2243088065.0000000006160000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: IIAMDARMAppleBroadcomGoogleIntelMesaMicrosoftNVIDIAImagination TechnologiesQualcommSamsung Electronics Co., Ltd.VivanteVMwareVirtIOTest:
Source: explorer.exe, 00000007.00000000.2385790188.0000000003530000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware, Inc.NoneVMware-42 27 d9 2e dc 89 72 dX
Source: explorer.exe, 00000007.00000000.2385790188.0000000003530000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware,p
Source: explorer.exe, 00000007.00000000.2391153216.0000000009B41000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000_
Source: fideo-1.0.5.exe, 00000000.00000003.2299909854.0000000002F05000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224fxx
Source: fideo-1.0.5.exe, 00000000.00000003.2247953318.00000000051A6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware Screen Codec / VMware Video
Source: explorer.exe, 00000007.00000000.2391153216.0000000009B41000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 00000007.00000000.2388229673.000000000769A000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: C:\Users\user\Desktop\fideo-1.0.5.exeAPI call chain: ExitProcess graph end nodegraph_0-3668
Source: C:\Users\user\Desktop\fideo-1.0.5.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\Desktop\fideo-1.0.5.exeCode function: 0_2_04FC10D0 GetVersionExW,LoadLibraryW,GetProcAddress,LocalAlloc,LocalAlloc,NtQuerySystemInformation,LocalFree,LocalAlloc,FreeLibrary,lstrcpynW,lstrcmpiW,LocalFree,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,lstrlenW,lstrlenA,MultiByteToWideChar,lstrcmpiW,CloseHandle,FreeLibrary,0_2_04FC10D0
Source: C:\Program Files\fideo\fideo.exeProcess created: C:\Program Files\fideo\fideo.exe "C:\Program Files\fideo\fideo.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\fideo" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1800,i,17151387384183765936,16765276755101112878,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1768 /prefetch:2Jump to behavior
Source: C:\Program Files\fideo\fideo.exeProcess created: C:\Program Files\fideo\fideo.exe "C:\Program Files\fideo\fideo.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\fideo" --field-trial-handle=3108,i,17151387384183765936,16765276755101112878,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3228 /prefetch:3Jump to behavior
Source: C:\Program Files\fideo\fideo.exeProcess created: C:\Program Files\fideo\fideo.exe "C:\Program Files\fideo\fideo.exe" --type=renderer --user-data-dir="C:\Users\user\AppData\Roaming\fideo" --app-user-model-id=site.fideo.app --app-path="C:\Program Files\fideo\resources\app.asar" --no-sandbox --no-zygote --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --time-ticks-at-unix-epoch=-1727506034100756 --launch-time-ticks=5606445806 --field-trial-handle=3376,i,17151387384183765936,16765276755101112878,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3260 /prefetch:1Jump to behavior
Source: C:\Program Files\fideo\fideo.exeProcess created: C:\Program Files\fideo\fideo.exe "c:\program files\fideo\fideo.exe" --type=gpu-process --user-data-dir="c:\users\user\appdata\roaming\fideo" --gpu-preferences=waaaaaaaaadgaaamaaaaaaaaaaaaaaaaaabgaaeaaaa4aaaaaaaaaaaaaaaeaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaagaaaaaaaaaayaaaaaaaaaagaaaaaaaaacaaaaaaaaaaiaaaaaaaaaa== --field-trial-handle=1800,i,17151387384183765936,16765276755101112878,262144 --disable-features=sparerendererforsiteperprocess,windelayspellcheckserviceinit,winretrievesuggestionsonlyondemand --variations-seed-version --mojo-platform-channel-handle=1768 /prefetch:2
Source: C:\Program Files\fideo\fideo.exeProcess created: C:\Program Files\fideo\fideo.exe "c:\program files\fideo\fideo.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --user-data-dir="c:\users\user\appdata\roaming\fideo" --field-trial-handle=3108,i,17151387384183765936,16765276755101112878,262144 --disable-features=sparerendererforsiteperprocess,windelayspellcheckserviceinit,winretrievesuggestionsonlyondemand --variations-seed-version --mojo-platform-channel-handle=3228 /prefetch:3
Source: C:\Program Files\fideo\fideo.exeProcess created: C:\Program Files\fideo\fideo.exe "c:\program files\fideo\fideo.exe" --type=renderer --user-data-dir="c:\users\user\appdata\roaming\fideo" --app-user-model-id=site.fideo.app --app-path="c:\program files\fideo\resources\app.asar" --no-sandbox --no-zygote --lang=en-gb --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --time-ticks-at-unix-epoch=-1727506034100756 --launch-time-ticks=5606445806 --field-trial-handle=3376,i,17151387384183765936,16765276755101112878,262144 --disable-features=sparerendererforsiteperprocess,windelayspellcheckserviceinit,winretrievesuggestionsonlyondemand --variations-seed-version --mojo-platform-channel-handle=3260 /prefetch:1
Source: C:\Program Files\fideo\fideo.exeProcess created: C:\Program Files\fideo\fideo.exe "c:\program files\fideo\fideo.exe" --type=gpu-process --user-data-dir="c:\users\user\appdata\roaming\fideo" --gpu-preferences=waaaaaaaaadgaaamaaaaaaaaaaaaaaaaaabgaaeaaaa4aaaaaaaaaaaaaaaeaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaagaaaaaaaaaayaaaaaaaaaagaaaaaaaaacaaaaaaaaaaiaaaaaaaaaa== --field-trial-handle=1800,i,17151387384183765936,16765276755101112878,262144 --disable-features=sparerendererforsiteperprocess,windelayspellcheckserviceinit,winretrievesuggestionsonlyondemand --variations-seed-version --mojo-platform-channel-handle=1768 /prefetch:2Jump to behavior
Source: C:\Program Files\fideo\fideo.exeProcess created: C:\Program Files\fideo\fideo.exe "c:\program files\fideo\fideo.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --user-data-dir="c:\users\user\appdata\roaming\fideo" --field-trial-handle=3108,i,17151387384183765936,16765276755101112878,262144 --disable-features=sparerendererforsiteperprocess,windelayspellcheckserviceinit,winretrievesuggestionsonlyondemand --variations-seed-version --mojo-platform-channel-handle=3228 /prefetch:3Jump to behavior
Source: C:\Program Files\fideo\fideo.exeProcess created: C:\Program Files\fideo\fideo.exe "c:\program files\fideo\fideo.exe" --type=renderer --user-data-dir="c:\users\user\appdata\roaming\fideo" --app-user-model-id=site.fideo.app --app-path="c:\program files\fideo\resources\app.asar" --no-sandbox --no-zygote --lang=en-gb --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --time-ticks-at-unix-epoch=-1727506034100756 --launch-time-ticks=5606445806 --field-trial-handle=3376,i,17151387384183765936,16765276755101112878,262144 --disable-features=sparerendererforsiteperprocess,windelayspellcheckserviceinit,winretrievesuggestionsonlyondemand --variations-seed-version --mojo-platform-channel-handle=3260 /prefetch:1Jump to behavior
Source: explorer.exe, 00000007.00000000.2391153216.0000000009B41000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd=
Source: C:\Program Files\fideo\fideo.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Program Files\fideo\fideo.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Program Files\fideo\fideo.exeQueries volume information: C:\Windows\System32\spool\drivers\color\sRGB Color Space Profile.icm VolumeInformationJump to behavior
Source: C:\Program Files\fideo\fideo.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Program Files\fideo\fideo.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\Desktop\fideo-1.0.5.exeCode function: 0_2_0040338F EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,ExitProcess,CoUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040338F

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Command and Scripting Interpreter		1
Windows Service		1
Access Token Manipulation		3
Masquerading		OS Credential Dumping1
Query Registry		Remote Services1
Archive Collected Data		12
Encrypted Channel		Exfiltration Over Other Network Medium1
System Shutdown/Reboot
CredentialsDomainsDefault Accounts1
Native API		1
Registry Run Keys / Startup Folder		1
Windows Service		1
Access Token Manipulation		LSASS Memory1
Security Software Discovery		Remote Desktop Protocol1
Clipboard Data		1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt1
DLL Side-Loading		12
Process Injection		12
Process Injection		Security Account Manager2
Process Discovery		SMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
Registry Run Keys / Startup Folder		1
DLL Side-Loading		NTDS1
Application Window Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script1
DLL Side-Loading		Software PackingLSA Secrets1
Remote System Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC ScriptsSteganographyCached Domain Credentials3
File and Directory Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync24
System Information Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

SourceDetectionScannerLabelLink
C:\Program Files\fideo\d3dcompiler_47.dll0%ReversingLabs
C:\Program Files\fideo\ffmpeg.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\d3dcompiler_47.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\ffmpeg.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\libEGL.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\libGLESv2.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\resources\elevate.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\vk_swiftshader.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\vulkan-1.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\StdUtils.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\System.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\UAC.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\nsProcess.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\nsis7z.dll0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://sizzlejs.com/0%URL Reputationsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
chrome.cloudflare-dns.com
162.159.61.3
truefalse
    		unknown
    gitlab.com
    		172.65.251.78
    		truefalse
      		unknown
      api.github.com
      		140.82.121.5
      		truefalse
        		unknown

        URLs from Memory and Binaries

        NameSourceMaliciousAntivirus DetectionReputation
        https://lucide.dev/icons/square-arrow-leftfideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
          		unknown
          https://lucide.dev/icons/send-horizontalfideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
            		unknown
            https://lucide.dev/icons/tabletsfideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
              		unknown
              https://lucide.dev/icons/timer-resetfideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                		unknown
                https://github.com/simplejson/simplejsonfideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpfalse
                  		unknown
                  https://lucide.dev/icons/ticket-slashfideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                    		unknown
                    https://support.google.com/chrome/answer/6098869fideo-1.0.5.exe, 00000000.00000003.2297278104.0000000002F15000.00000004.00000020.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2299456884.0000000005662000.00000004.00000020.00020000.00000000.sdmpfalse
                      		unknown
                      https://lucide.dev/icons/share-2fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                        		unknown
                        https://lucide.dev/icons/signal-highfideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                          		unknown
                          https://lucide.dev/icons/square-codefideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                            		unknown
                            https://lucide.dev/icons/swiss-francfideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                              		unknown
                              https://lucide.dev/icons/sunfideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                		unknown
                                https://lucide.dev/icons/shufflefideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                  		unknown
                                  https://lucide.dev/icons/snowflakefideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                    		unknown
                                    https://lucide.dev/icons/user-round-checkfideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                      		unknown
                                      https://lucide.dev/icons/toggle-rightfideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                        		unknown
                                        https://lucide.dev/icons/stampfideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                          		unknown
                                          https://lucide.dev/icons/thumbs-downfideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                            		unknown
                                            https://lucide.dev/icons/targetfideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                              		unknown
                                              https://lucide.dev/icons/toggle-leftfideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                		unknown
                                                https://lucide.dev/icons/square-activityfideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  https://lucide.dev/icons/user-round-searchfideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    https://lucide.dev/icons/signal-mediumfideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                      		unknown
                                                      https://simpleicons.org/?q=trellofideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                        		unknown
                                                        https://lucide.dev/icons/square-arrow-down-leftfideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                          		unknown
                                                          http://tukaani.org/xz/&gt;.fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		unknown
                                                            https://lucide.dev/icons/zapfideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                              		unknown
                                                              https://lucide.dev/icons/unplugfideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                		unknown
                                                                https://github.com/google/pprof/tree/master/protofideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		unknown
                                                                  https://github.com/jrmuizel/qcms/tree/v4fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		unknown
                                                                    https://lucide.dev/icons/tablefideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                      		unknown
                                                                      https://lucide.dev/icons/trophyfideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                        		unknown
                                                                        https://chromium.googlesource.com/chromium/src/fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		unknown
                                                                          https://lucide.dev/icons/separator-verticalfideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                            		unknown
                                                                            https://lucide.dev/icons/tornadofideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                              		unknown
                                                                              https://lucide.dev/icons/user-plusfideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                		unknown
                                                                                https://lucide.dev/icons/scan-linefideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                  		unknown
                                                                                  https://lucide.dev/icons/train-front-tunnelfideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                    		unknown
                                                                                    https://github.com/tensorflow/modelsfideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		unknown
                                                                                      https://github.com/KhronosGroup/SPIRV-Headers.gitfideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		unknown
                                                                                        https://lucide.dev/icons/square-plusfideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                          		unknown
                                                                                          http://narwhaljs.org)fideo-1.0.5.exe, 00000000.00000003.2243616901.00000000073E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                            		unknown
                                                                                            https://github.com/tensorflow/tflite-supportfideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		unknown
                                                                                              https://pypi.org/project/pyparsingfideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		unknown
                                                                                                https://sqlite.org/fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		unknown
                                                                                                  https://lucide.dev/icons/satellite-dishfideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                    		unknown
                                                                                                    https://lucide.dev/icons/undofideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                      		unknown
                                                                                                      https://lucide.dev/icons/speakerfideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                        		unknown
                                                                                                        https://simpleicons.org/?q=youtubefideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                          		unknown
                                                                                                          https://lucide.dev/icons/sun-moonfideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                            		unknown
                                                                                                            https://lucide.dev/icons/shopping-bagfideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                              		unknown
                                                                                                              https://sizzlejs.com/fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              https://lucide.dev/icons/scan-eyefideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                		unknown
                                                                                                                https://lucide.dev/icons/strikethroughfideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                  		unknown
                                                                                                                  https://lucide.dev/icons/square-mouse-pointerfideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                    		unknown
                                                                                                                    https://lucide.dev/icons/star-halffideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                      		unknown
                                                                                                                      https://lucide.dev/icons/square-chevron-leftfideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                        		unknown
                                                                                                                        https://lucide.dev/icons/square-menufideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                          		unknown
                                                                                                                          https://lucide.dev/icons/trashfideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                            		unknown
                                                                                                                            http://www.portaudio.comfideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		unknown
                                                                                                                              https://lucide.dev/icons/ticket-checkfideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                		unknown
                                                                                                                                https://lucide.dev/icons/thermometer-sunfideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                  		unknown
                                                                                                                                  https://lucide.dev/icons/screen-sharefideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                    		unknown
                                                                                                                                    https://lucide.dev/icons/smartphone-chargingfideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                      		unknown
                                                                                                                                      https://lucide.dev/icons/shrubfideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                        		unknown
                                                                                                                                        https://lucide.dev/icons/swatch-bookfideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                          		unknown
                                                                                                                                          https://lucide.dev/icons/square-parkingfideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                            		unknown
                                                                                                                                            https://github.com/google/shell-encryptionfideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		unknown
                                                                                                                                              https://github.com/wasdk/wasmparserfideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		unknown
                                                                                                                                                https://lucide.dev/icons/stretch-verticalfideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                  		unknown
                                                                                                                                                  https://lucide.dev/icons/video-offfideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                    		unknown
                                                                                                                                                    https://lucide.dev/icons/thumbs-upfideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                      		unknown
                                                                                                                                                      https://lucide.dev/icons/timerfideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                        		unknown
                                                                                                                                                        https://lucide.dev/icons/wrap-textfideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                          		unknown
                                                                                                                                                          https://github.com/dpranke/typ.gitfideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		unknown
                                                                                                                                                            https://lucide.dev/icons/spell-check-2fideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                              		unknown
                                                                                                                                                              https://lucide.dev/icons/umbrellafideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                		unknown
                                                                                                                                                                https://lucide.dev/icons/ticket-minusfideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                  		unknown
                                                                                                                                                                  https://github.com/nodejs/node/pull/30380#issuecomment-552948364fideo-1.0.5.exe, 00000000.00000003.2243616901.00000000073E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                    		unknown
                                                                                                                                                                    https://www.khronos.org/registry/fideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      		unknown
                                                                                                                                                                      https://lucide.dev/icons/scan-barcodefideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                        		unknown
                                                                                                                                                                        https://lucide.dev/icons/sharefideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                          		unknown
                                                                                                                                                                          https://lucide.dev/icons/skullfideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                            		unknown
                                                                                                                                                                            https://github.com/requests/toolbeltfideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		unknown
                                                                                                                                                                              https://lucide.dev/guide/packages/lucide-reactfideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2140943015.00000000058E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                		unknown
                                                                                                                                                                                https://lucide.dev/icons/trianglefideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		unknown
                                                                                                                                                                                  https://lucide.dev/icons/square-dashed-mouse-pointerfideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		unknown
                                                                                                                                                                                    https://lucide.dev/icons/splinefideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		unknown
                                                                                                                                                                                      https://lucide.dev/icons/wine-offfideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		unknown
                                                                                                                                                                                        https://github.com/nodejs/node/issues/19009fideo-1.0.5.exe, 00000000.00000003.2243616901.00000000073E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		unknown
                                                                                                                                                                                          https://lucide.dev/icons/server-crashfideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		unknown
                                                                                                                                                                                            https://tc39.github.io/ecma262/#sec-%typedarray%.offideo-1.0.5.exe, 00000000.00000003.2243616901.00000000073E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		unknown
                                                                                                                                                                                              https://pypi.python.org/pypi/pyfakefsfideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		unknown
                                                                                                                                                                                                https://lucide.dev/icons/zoom-infideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                  https://github.com/GPUOpen-LibrariesAndSDKs/VulkanMemoryAllocatorfideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                    https://lucide.dev/icons/tent-treefideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                      https://lucide.dev/icons/square-arrow-up-leftfideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                        https://lucide.dev/icons/wand-sparklesfideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://developer.android.com/tools/extras/support-library.htmlfideo-1.0.5.exe, 00000000.00000003.2122352122.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp, fideo-1.0.5.exe, 00000000.00000003.2296145971.00000000051B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            https://lucide.dev/icons/russian-rublefideo-1.0.5.exe, 00000000.00000003.2141162223.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		unknown

                                                                                                                                                                                                              World Map of Contacted IPs

                                                                                                                                                                                                              • No. of IPs < 25%
                                                                                                                                                                                                              • 25% < No. of IPs < 50%
                                                                                                                                                                                                              • 50% < No. of IPs < 75%
                                                                                                                                                                                                              • 75% < No. of IPs

                                                                                                                                                                                                              Public IPs

                                                                                                                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                              162.159.61.3
                                                                                                                                                                                                              		chrome.cloudflare-dns.comUnited States
                                                                                                                                                                                                              		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                              172.65.251.78
                                                                                                                                                                                                              		gitlab.comUnited States
                                                                                                                                                                                                              		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                              140.82.121.5
                                                                                                                                                                                                              		api.github.comUnited States
                                                                                                                                                                                                              		36459GITHUBUSfalse
                                                                                                                                                                                                              172.64.41.3
                                                                                                                                                                                                              		unknownUnited States
                                                                                                                                                                                                              		13335CLOUDFLARENETUSfalse

                                                                                                                                                                                                              General Information

                                                                                                                                                                                                              Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                              Analysis ID:1521415
                                                                                                                                                                                                              Start date and time:2024-09-28 10:19:10 +02:00
                                                                                                                                                                                                              Joe Sandbox product:CloudBasic
                                                                                                                                                                                                              Overall analysis duration:0h 8m 27s
                                                                                                                                                                                                              Hypervisor based Inspection enabled:false
                                                                                                                                                                                                              Report type:full
                                                                                                                                                                                                              Cookbook file name:default.jbs
                                                                                                                                                                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                              Number of analysed new started processes analysed:11
                                                                                                                                                                                                              Number of new started drivers analysed:0
                                                                                                                                                                                                              Number of existing processes analysed:0
                                                                                                                                                                                                              Number of existing drivers analysed:0
                                                                                                                                                                                                              Number of injected processes analysed:1
                                                                                                                                                                                                              Technologies:
                                                                                                                                                                                                              • HCA enabled
                                                                                                                                                                                                              • EGA enabled
                                                                                                                                                                                                              • AMSI enabled
                                                                                                                                                                                                              Analysis Mode:default
                                                                                                                                                                                                              Analysis stop reason:Timeout
                                                                                                                                                                                                              Sample name:fideo-1.0.5.exe
                                                                                                                                                                                                              Detection:SUS
                                                                                                                                                                                                              Classification:sus30.winEXE@8/141@6/4
                                                                                                                                                                                                              EGA Information:
                                                                                                                                                                                                              • Successful, ratio: 100%
                                                                                                                                                                                                              HCA Information:
                                                                                                                                                                                                              • Successful, ratio: 100%
                                                                                                                                                                                                              • Number of executed functions: 49
                                                                                                                                                                                                              • Number of non-executed functions: 23
                                                                                                                                                                                                              Cookbook Comments:
                                                                                                                                                                                                              • Found application associated with file extension: .exe

                                                                                                                                                                                                              Warnings

                                                                                                                                                                                                              • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                                                                                                                                                                                              • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                              • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                              • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                                                                                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                              • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                                                                                                                                                                                                              • VT rate limit hit for: fideo-1.0.5.exe

                                                                                                                                                                                                              Simulations

                                                                                                                                                                                                              Behavior and APIs

                                                                                                                                                                                                              TimeTypeDescription
                                                                                                                                                                                                              04:20:41API Interceptor523x Sleep call for process: explorer.exe modified

                                                                                                                                                                                                              Joe Sandbox View / Context

                                                                                                                                                                                                              IPs

                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                              162.159.61.3file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                                https://pdf-online.on-fleek.app/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  Final_Contract_Copy-532392974.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    Contract_Agreement_Wednesday September 2024.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      64.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        Cbequipment-Voice Audio Interface.pdfGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                          https://www.google.fr/url?q=38pQvvq6xRyj7Y00xDjnlx9kIHOSozurMOiaAkImPuQJnOIWtJjqJLi6stjtDz3yh&rct=tTPSrMOiaAkImPuQJnOIWtJjqJLi6stjtFX08pQvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp%2F%63%61%73%61%64%65%72%65%73%74%61%75%72%61%63%69%6F%6E%6F%6E%6C%69%6E%65%2E%63%6F%6D%2F%68%6F%6C%79%2F%69%6E%64%65%78%73%79%6E%31%2E%68%74%6D%6C%23c2FyYWhsQGNkYXRhLmNvbQ==Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            http://rkanet.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              https://seedsmarket.org/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                tftpd32.464.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  172.65.251.78build_setup.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                  • gitlab.com/greg201/ppi3/-/raw/main/Setup.exe?inline=false
                                                                                                                                                                                                                                  140.82.121.5https://telagremn.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    http://auth-blockchain.vercel.app/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                      SecuriteInfo.com.Win32.MalwareX-gen.27131.14737.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                        FXcw9nHQyP.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                          https://soygmail.pythonanywhere.com/login/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            https://aptos-web-git-chore-shows-the-staking-token-website.pancake.run/liquidityGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              https://geminnilogiin.gitbook.io/usGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                https://github.com/valinet/ExplorerPatcherGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  https://pancake.swap-web3.xyz/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                    https://github.com/Azure/review-checklists/releases/latest/download/review_checklist.xlsmGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                      172.64.41.3http://usa-gemminilogiu.godaddysites.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                        file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                                                                          HPDeskJet_043_SCAN.pdfGet hashmaliciousPhisherBrowse
                                                                                                                                                                                                                                                            https://atpscan.global.hornetsecurity.com/?d=r7jv6mGLSFUWnAoVoWKJDiF7kKGt3Fw5kKbn5s5sfcpNyTRbK79Zci2IH8Nl2g5X&f=qvzVe-8YAX4Dy6XefosXpr9xe6cUPxuD05v5wTHFNiMjrMs6M0fDbIikzhduev0q&i=&k=3x5s&m=iAkhIt0HvpR1Oh2_h6Q0O4Hzfyk0g3SV3EvnL7Z4VUDMO-lWq1KA94UsI2rIZoVyTUZY62kGnDiHyWJGH-7ewwHTHsNEmZuBPXaeTQvRVKfNDkV8Z7LfIWxRCCZdooZC&n=ZEhYBDFv208HJKEkNw5PqFObkm08aq7YeFB_fsGRbHtm2gx4mSx3JSwYkGZ1WU18bxwJPkfxXGKYv_KHdz1U8g&r=jfqeskceaKp8lH_i6JGe3T3xyBa6G7cbOCXOc4EPK3XMqLBHJqWBZEP0B9-qih8i&s=7226c2d05f1feec1a62ae2af2728e02cdefac54ea37a3a7665785b4a5864d360&u=https%3A%2F%2Fpitstop.powellind.com%2Fxfer%2Fbhub.cgi%3Fact%3Ddirect_download_file%26package_id%3Dpowelldocmanager%2540powellind%252Ecom%255FO8FN5TMSR40O4R6VOBEQREUV86%26file_name%3Dpowelldocmanager%2540powellind%252Ecom%255FO8FN5TMSR40O4R6VOBEQREUV86%252Ezip%26username%3Ddlarue%2540schmidt%252Delectric%252Ecom%26direct_token%3DB175D31C2AE80D9A572ED101DA29F438%26file_type%3DzipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                              electrum-hmstr-3.2.5-portable.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                https://ebanksg.spdb.com.cn/sgbank/#/HomeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                  HogWarp.exe.bin.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                    http://yg5sjx5kzy.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                      DocScan_20244841.jsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        DocScan_20244841.jsGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                                                                                          Domains

                                                                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                          gitlab.com2plugin27724.exeGet hashmaliciousXmrigBrowse
                                                                                                                                                                                                                                                                          • 172.65.251.78
                                                                                                                                                                                                                                                                          SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          • 172.65.251.78
                                                                                                                                                                                                                                                                          SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          • 172.65.251.78
                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          • 172.65.251.78
                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          • 172.65.251.78
                                                                                                                                                                                                                                                                          Doc1.docmGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                                                                          • 172.65.251.78
                                                                                                                                                                                                                                                                          check.batGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                                                                          • 172.65.251.78
                                                                                                                                                                                                                                                                          66b09d7d34310_DefragManager.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          • 172.65.251.78
                                                                                                                                                                                                                                                                          66b09d7d34310_DefragManager.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          • 172.65.251.78
                                                                                                                                                                                                                                                                          LisectAVT_2403002A_328.exeGet hashmaliciousPetite VirusBrowse
                                                                                                                                                                                                                                                                          • 172.65.251.78
                                                                                                                                                                                                                                                                          api.github.comhttps://telagremn.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          • 140.82.121.5
                                                                                                                                                                                                                                                                          http://tokenpuzz1le.com/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                          • 140.82.121.6
                                                                                                                                                                                                                                                                          https://tokenp0kczt.net/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                          • 140.82.121.6
                                                                                                                                                                                                                                                                          http://tokenpblket.com/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                          • 140.82.121.6
                                                                                                                                                                                                                                                                          http://bafybeid2klgyiphng6ifws5s35aor57wfi3so6koe2w4ggoacn6gqghegm.ipfs.dweb.link/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          • 140.82.121.6
                                                                                                                                                                                                                                                                          http://auth-blockchain.vercel.app/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          • 140.82.121.5
                                                                                                                                                                                                                                                                          SecuriteInfo.com.Win32.MalwareX-gen.27131.14737.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          • 140.82.121.5
                                                                                                                                                                                                                                                                          SecuriteInfo.com.Win32.MalwareX-gen.27131.14737.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          • 140.82.121.6
                                                                                                                                                                                                                                                                          qA1McIzJ2M.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          • 140.82.121.6
                                                                                                                                                                                                                                                                          FXcw9nHQyP.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          • 140.82.121.5
                                                                                                                                                                                                                                                                          chrome.cloudflare-dns.comhttp://usa-gemminilogiu.godaddysites.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          • 172.64.41.3
                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                          • 162.159.61.3
                                                                                                                                                                                                                                                                          https://pdf-online.on-fleek.app/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          • 162.159.61.3
                                                                                                                                                                                                                                                                          64.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          • 162.159.61.3
                                                                                                                                                                                                                                                                          https://www.google.fr/url?q=38pQvvq6xRyj7Y00xDjnlx9kIHOSozurMOiaAkImPuQJnOIWtJjqJLi6stjtDz3yh&rct=tTPSrMOiaAkImPuQJnOIWtJjqJLi6stjtFX08pQvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp%2F%63%61%73%61%64%65%72%65%73%74%61%75%72%61%63%69%6F%6E%6F%6E%6C%69%6E%65%2E%63%6F%6D%2F%68%6F%6C%79%2F%69%6E%64%65%78%73%79%6E%31%2E%68%74%6D%6C%23c2FyYWhsQGNkYXRhLmNvbQ==Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          • 162.159.61.3
                                                                                                                                                                                                                                                                          http://rkanet.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          • 162.159.61.3
                                                                                                                                                                                                                                                                          electrum-hmstr-3.2.5-portable.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          • 172.64.41.3
                                                                                                                                                                                                                                                                          https://ebanksg.spdb.com.cn/sgbank/#/HomeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          • 172.64.41.3
                                                                                                                                                                                                                                                                          HogWarp.exe.bin.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          • 172.64.41.3
                                                                                                                                                                                                                                                                          https://seedsmarket.org/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                          • 162.159.61.3

                                                                                                                                                                                                                                                                          ASNs

                                                                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                          CLOUDFLARENETUSupdate.ps1Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                          • 104.21.8.137
                                                                                                                                                                                                                                                                          dvswiftsend_240917122612_9331095243.docx.docGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                          • 188.114.97.3
                                                                                                                                                                                                                                                                          58ADE05412907F657812BDA267C43288EA79418091.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                                                                          • 188.114.96.3
                                                                                                                                                                                                                                                                          http://telesexprivatexx.vercel.app/Get hashmaliciousPorn ScamBrowse
                                                                                                                                                                                                                                                                          • 188.114.96.3
                                                                                                                                                                                                                                                                          http://yusdydsfjuuxx.weebly.com/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                          • 172.64.151.101
                                                                                                                                                                                                                                                                          http://vce.bxsrtdfxr.dns-dynamic.net/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          • 172.66.44.183
                                                                                                                                                                                                                                                                          3Yx0qhONfl.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                          • 188.114.97.3
                                                                                                                                                                                                                                                                          New Order.docGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                                                                                                                                          • 188.114.96.3
                                                                                                                                                                                                                                                                          Quote #260924.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                                          • 172.67.165.25
                                                                                                                                                                                                                                                                          Balance payment.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                                                                          • 104.26.12.205
                                                                                                                                                                                                                                                                          CLOUDFLARENETUSupdate.ps1Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                          • 104.21.8.137
                                                                                                                                                                                                                                                                          dvswiftsend_240917122612_9331095243.docx.docGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                          • 188.114.97.3
                                                                                                                                                                                                                                                                          58ADE05412907F657812BDA267C43288EA79418091.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                                                                          • 188.114.96.3
                                                                                                                                                                                                                                                                          http://telesexprivatexx.vercel.app/Get hashmaliciousPorn ScamBrowse
                                                                                                                                                                                                                                                                          • 188.114.96.3
                                                                                                                                                                                                                                                                          http://yusdydsfjuuxx.weebly.com/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                          • 172.64.151.101
                                                                                                                                                                                                                                                                          http://vce.bxsrtdfxr.dns-dynamic.net/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          • 172.66.44.183
                                                                                                                                                                                                                                                                          3Yx0qhONfl.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                          • 188.114.97.3
                                                                                                                                                                                                                                                                          New Order.docGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                                                                                                                                          • 188.114.96.3
                                                                                                                                                                                                                                                                          Quote #260924.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                                          • 172.67.165.25
                                                                                                                                                                                                                                                                          Balance payment.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                                                                          • 104.26.12.205
                                                                                                                                                                                                                                                                          CLOUDFLARENETUSupdate.ps1Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                          • 104.21.8.137
                                                                                                                                                                                                                                                                          dvswiftsend_240917122612_9331095243.docx.docGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                          • 188.114.97.3
                                                                                                                                                                                                                                                                          58ADE05412907F657812BDA267C43288EA79418091.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                                                                          • 188.114.96.3
                                                                                                                                                                                                                                                                          http://telesexprivatexx.vercel.app/Get hashmaliciousPorn ScamBrowse
                                                                                                                                                                                                                                                                          • 188.114.96.3
                                                                                                                                                                                                                                                                          http://yusdydsfjuuxx.weebly.com/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                          • 172.64.151.101
                                                                                                                                                                                                                                                                          http://vce.bxsrtdfxr.dns-dynamic.net/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          • 172.66.44.183
                                                                                                                                                                                                                                                                          3Yx0qhONfl.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                          • 188.114.97.3
                                                                                                                                                                                                                                                                          New Order.docGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                                                                                                                                          • 188.114.96.3
                                                                                                                                                                                                                                                                          Quote #260924.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                                          • 172.67.165.25
                                                                                                                                                                                                                                                                          Balance payment.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                                                                          • 104.26.12.205
                                                                                                                                                                                                                                                                          GITHUBUShttps://metmaskiloi.gitbook.io/us/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                          • 140.82.121.4
                                                                                                                                                                                                                                                                          http://sis030.github.io/1_Netflix_Deepdive/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                          • 140.82.113.18
                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousAmadey, BitCoin Miner, SilentXMRMinerBrowse
                                                                                                                                                                                                                                                                          • 140.82.121.3
                                                                                                                                                                                                                                                                          https://github.com/oneclick/rubyinstaller2/releases/download/RubyInstaller-3.3.5-1/rubyinstaller-devkit-3.3.5-1-x64.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          • 140.82.121.4
                                                                                                                                                                                                                                                                          PO#518464.jsGet hashmaliciousSTRRATBrowse
                                                                                                                                                                                                                                                                          • 140.82.121.4
                                                                                                                                                                                                                                                                          PO#518464.jsGet hashmaliciousSTRRATBrowse
                                                                                                                                                                                                                                                                          • 140.82.121.4
                                                                                                                                                                                                                                                                          Proof Of Payment.jsGet hashmaliciousSTRRATBrowse
                                                                                                                                                                                                                                                                          • 140.82.121.4
                                                                                                                                                                                                                                                                          https://github.com/oneclick/rubyinstaller2/releases/download/RubyInstaller-3.3.5-1/rubyinstaller-devkit-3.3.5-1-x64.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          • 140.82.121.4
                                                                                                                                                                                                                                                                          https://telagremn.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          • 140.82.114.22
                                                                                                                                                                                                                                                                          https://arjunshaw.github.io/4.7-Project-1-Netflix-/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                          • 140.82.112.21

                                                                                                                                                                                                                                                                          JA3 Fingerprints

                                                                                                                                                                                                                                                                          No context

                                                                                                                                                                                                                                                                          Dropped Files

                                                                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                          C:\Program Files\fideo\d3dcompiler_47.dllJaborSetup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                            ArenaWarsSetup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              ArenaWarsSetup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                DungeOfDestiny Setup 1.0.0.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                  Game.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    bot_library.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                      svAsYrT598.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                        kc8qrDHj1V.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                          Solicitud de Cotizaci#U00f3n #U2013 Cat#U00e1logo de Muestras2024.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                                                                                                            t4xSDtqF.posh.ps1Get hashmaliciousPoshC2Browse
                                                                                                                                                                                                                                                                                              C:\Program Files\fideo\ffmpeg.dllMmKITUl823.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                svchost.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                                                                                                                  Created / dropped Files

                                                                                                                                                                                                                                                                                                  C:\Program Files\fideo\chrome_100_percent.pak

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\fideo-1.0.5.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):151856
                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.916234678329522
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3072:iz8JCGIdkwTPaNkx0auKdL2o418Gb0+VRLf0ld0GY3cQ3ERVm2I:iz81Idk8aqT5K18Gb0OV8ld0GecQ3Er2
                                                                                                                                                                                                                                                                                                  MD5:CB4F128469CD84711ED1C9C02212C7A8
                                                                                                                                                                                                                                                                                                  SHA1:8AE60303BE80B74163D5C4132DE4A465A1EAFC52
                                                                                                                                                                                                                                                                                                  SHA-256:7DD5485DEF22A53C0635EFDF8AE900F147EC8C8A22B9ED71C24668075DD605D3
                                                                                                                                                                                                                                                                                                  SHA-512:0F0FEBE4EE321EB09D6A841FE3460D1F5B657B449058653111E7D0F7A9F36620B3D30369E367235948529409A6CE0CE625AEDE0C61B60926DEC4D2C308306277
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Reputation:moderate, very likely benign file
                                                                                                                                                                                                                                                                                                  Preview:..........<.....................\...........I.......................:.....4.....o.....?......!.....%....@'.....1.....<....l?.....C.....G.....I.....J.....M.....O.....R....|V.....Z.....]....N`.....a....3c....Zd....f....f....l...Jr....v....y....}............9.....................+..............".....{...........C....1....R..................&....7............0.q...1.....2.....3.]...4.P...5.....:.....;.....<.."..R..%..S..'..T..0..U..2..V..6..W.4;..X.DF..Z..G..\.)P..]..W..^.c\.._..a..`..h..a._j..b..n..c..r..e.W|..f.w...h....i.....k.S...l.....r....s.Y...t.$...u.....v.....w.....x....y.....{.....}.....~.......}.....T...........X...........j...........3.....a...........T...........T.....).............................t...........z.....O.....#.......................'...............................................R#.....$.....$.....%....w&....@'.....'....+)....!*.....+...../.....3....44....4.....4....5....6....w7.....7.....8....g8....8.....8.....?.....B....tC

                                                                                                                                                                                                                                                                                                  C:\Program Files\fideo\chrome_200_percent.pak

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\fideo-1.0.5.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):228784
                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.9464015763250755
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6144:3DQYajN6svyABnI86fTugx5GMRejnbdZnVE6YoppO4:cfjN6svyABOa6edhVELoXO4
                                                                                                                                                                                                                                                                                                  MD5:E9C1423FE5D139A4C88BA8B107573536
                                                                                                                                                                                                                                                                                                  SHA1:46D3EFE892044761F19844C4C4B8F9576F9CA43E
                                                                                                                                                                                                                                                                                                  SHA-256:2408969599D3953AAE2FB36008E4D0711E30D0BC86FB4D03F8B0577D43C649FA
                                                                                                                                                                                                                                                                                                  SHA-512:ABF8D4341C6DE9C722168D0A9CF7D9BAC5F491E1C9BEDFE10B69096DCC2EF2CD08FF4D0E7C9B499C9D1F45FDB053EAFC31ADD39D13C8287760F9304AF0727BF4
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Reputation:moderate, very likely benign file
                                                                                                                                                                                                                                                                                                  Preview:..........<.........&.........................................|%.....*.....-....85.....:.....>....CG.....K....._...._t....{y.........4..........m...................................................h..........<..............P...................x....(...................#...i+...7....?...F.....J.....M.....R....tS...T...X....[...^....a....e....i....l...p..0.}t..1..u..2.%w..3.ix..4.\y..5..y..:..z..;.....<.....R.....S.@...T.....U.....V.....W.....X.'...Z.....\.$...].....^.v..._.....`.....a.....b.0"..c..&..e../..f..2..h.A;..i.2?..k..H..l."S..r.iW..s..Y..t..a..u.ij..v.<l..w.\o..x.is..y.~z..{..{..}.....~.~...............|.....z.....g...........y............................q...........................................................X...........K.........................................e.....}".....(....=......4....h5....^6.....7.....8.....9.....:.....<....B>.....?.....L....\.....]....e].....]....r^...._....`.....`....6a....a.....a....=b....]h....Sl.....l

                                                                                                                                                                                                                                                                                                  C:\Program Files\fideo\d3dcompiler_47.dll

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\fideo-1.0.5.exe
                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):4916728
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.398031738914566
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:49152:hCZnRO4XyM53Rkq4ypQqdoRpmruVNYvkaRwvdiD0N+YEzI4og/RfzHLeHTRhFRN1:oG2QCwmHjnog/pzHAo/Ayc
                                                                                                                                                                                                                                                                                                  MD5:A7B7470C347F84365FFE1B2072B4F95C
                                                                                                                                                                                                                                                                                                  SHA1:57A96F6FB326BA65B7F7016242132B3F9464C7A3
                                                                                                                                                                                                                                                                                                  SHA-256:AF7B99BE1B8770C0E4D18E43B04E81D11BDEB667FA6B07ADE7A88F4C5676BF9A
                                                                                                                                                                                                                                                                                                  SHA-512:83391A219631F750499FD9642D59EC80FB377C378997B302D10762E83325551BB97C1086B181FFF0521B1CA933E518EAB71A44A3578A23691F215EBB1DCE463D
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                  Joe Sandbox View:
                                                                                                                                                                                                                                                                                                  • Filename: JaborSetup.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                  • Filename: ArenaWarsSetup.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                  • Filename: ArenaWarsSetup.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                  • Filename: DungeOfDestiny Setup 1.0.0.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                  • Filename: Game.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                  • Filename: bot_library.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                  • Filename: svAsYrT598.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                  • Filename: kc8qrDHj1V.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                  • Filename: Solicitud de Cotizaci#U00f3n #U2013 Cat#U00e1logo de Muestras2024.vbs, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                  • Filename: t4xSDtqF.posh.ps1, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                  Reputation:moderate, very likely benign file
                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........|3..]...]...]..e\...]...\.5.]..e...]..wX...]..wY...]..e^...]..eX.y.]..eY...]..e]...]..eU./.]..e....]..e_...].Rich..].................PE..d.....Ne.........." ......8..........<).......................................K......JK...`A........................................`%G.x....(G.P.....J.@.....H.......J..%....J.....p.D.p....................S<.(...pR<.@............S<.(............................text.....8.......8................. ..`.rdata...F....8..P....8.............@..@.data...`....@G......@G.............@....pdata........H......@H.............@..@.rsrc...@.....J......@J.............@..@.reloc........J......PJ.............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Program Files\fideo\ffmpeg.dll

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\fideo-1.0.5.exe
                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):2682880
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.69855228212799
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:49152:h1nRu1gjn93AXtsX7I8g4AScbz6Ox+pen6yfmb+ST1PqRrYI:hJsf83Sn6Ox+tP5I
                                                                                                                                                                                                                                                                                                  MD5:B254FBA5644B75C0C11D3FC20E994768
                                                                                                                                                                                                                                                                                                  SHA1:8A70D0AD2FE3219313635DB53015F433252E992F
                                                                                                                                                                                                                                                                                                  SHA-256:16E9D42C754149DD0F275A022AAE857347C9276DAC3372EBCD746911A9B45A89
                                                                                                                                                                                                                                                                                                  SHA-512:64F5721128667EF199449BE749533E1DE1B39D7113FA3CCFE4D83C5EA2D381B188F988E27B423EE3FB1BEB43204179563A5147077BFA069C8D2A689115B8C808
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                  Joe Sandbox View:
                                                                                                                                                                                                                                                                                                  • Filename: MmKITUl823.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                  • Filename: svchost.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d.....{f.........." .....* ...................................................7...........`A..........................................'......$'.(.............5.l.............6.85..,.&.......................&.(....I .@...........0('.8............................text....) ......* ................. ..`.rdata.......@ ....... .............@..@.data.........'.."....'.............@....pdata..l.....5.......'.............@..@.gxfg....,...`6.......(.............@..@.retplne......6.......(..................tls..........6.......(.............@..._RDATA........6.......(.............@..@.reloc..85....6..6....(.............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Program Files\fideo\fideo.exe

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\fideo-1.0.5.exe
                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):180356608
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.75470899510127
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:1572864:LSl+fyef/Uzaajg8s20fFbu2/zi9Gd7ePKro1yjrWR5xWVFYxNxOLh:texNoL
                                                                                                                                                                                                                                                                                                  MD5:F877855851D8A48ADC29431B6B46A3B7
                                                                                                                                                                                                                                                                                                  SHA1:6103FE440D8C9D3FBD9EA15254DE40348B39DC96
                                                                                                                                                                                                                                                                                                  SHA-256:5048CB9AB6308A62DE9BA1F8C43533F80EDE6831B171DEDB9E65A94E64456488
                                                                                                                                                                                                                                                                                                  SHA-512:1A4D9EEB58F3B08C6E5C5B010F707AB01615B73AAA3526E49CC38C34CBD16F4A5AD2E9F825ED8D0EFBE50D3DEDBBC54A92E1AC940C807C86C279C01EF4B61B9A
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d.....{f.........."..................o^........@..........................................`...........................................S......VW.T.... ..p.......6I.............L...0.I.......................I.(.......@............lW.....0.S......................text............................... ..`.rdata..............................@..@.data... .H..P[..\...2[.............@....pdata...6I.....8I...e.............@..@.gxfg...PB...0...D.................@..@.retplne.................................rodata............................. ..`.tls................................@...CPADinfo8............&..............@...LZMADEC..............(.............. ..`_RDATA...............:..............@..@malloc_h.............<.............. ..`prot.................>..............@..@.rsrc...p.... .......@..............@..@.reloc..L..........................@..B................

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\e50fcf84-d00c-427a-ad9c-1d2dc6e7f456.tmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\fideo\fideo.exe
                                                                                                                                                                                                                                                                                                  File Type:PNG image data, 182 x 130, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                                  Category:modified
                                                                                                                                                                                                                                                                                                  Size (bytes):293590
                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.9712039008948565
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6144:+f+2PH0Vf+jxRzaNx+XtKnQrKavUdFDgfj62DhB4du93zBM5svb5jPUu1:+mqUSxoNktKeCcL6uhBQu93zK5svNzUS
                                                                                                                                                                                                                                                                                                  MD5:7D91F355E2E24AADD090234231D6CF34
                                                                                                                                                                                                                                                                                                  SHA1:0556EE392C25BC6954DC35F10E8BA2D352EDF5E1
                                                                                                                                                                                                                                                                                                  SHA-256:5E666115617D5A25232D9B943E42B6324072BBD59FCFF627AAF979ABDEB2F9CA
                                                                                                                                                                                                                                                                                                  SHA-512:A2B67E1DF109E54B84AD83CB748A5E896939E7AEF10B16D708657C4497E151FEEB841BEC063F0469BDCD9410F3AA6E53FD932BE2262036DD69AFD9F1577FDDDB
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:.PNG........IHDR...............2.....sRGB.........IDATx^.]..]...vD.Adn..JL....E...$4i.-m..J.].s....N..*.Lj.... .m..!IQC...D..{.s.K.=w.s.9..w........{..w...?. ".x...pN2%A.Bl!......\V...[8.%.Bl/.U&%...x.....e.I....^" ..rYeRBl.....\V...[8.%.Bl/.U&%...x.....e.I....^" ..rYeRBl.....\V...[8.%.Bl/.U&%...x.......B..U,.A.5.ROC.tB...5..........+......G@c'..[....F.qh<....).[......l.]=......l..ZK......pi5.,...QRO.i..@.*w.Z.?....bW...r..6.Rv.D...FC...!v5.=....~......?..d..D3......AU.....W'cT%'#.$.qbO.G...#%.....H..S.@..z.t..rY!v+Z}!..b....yI!.......yI!.......yI!.......yI!.......yI!.......yI!.......f..A.).3...:.b./..D....`O......c....V.x..R...<..c....!.."-.........8o......1c.a.J~....OLY..)...0.P.A....]`.......... ....^f3........c..B.......,........>....v...T7l.ON.~R......>.....w+....o.pL..b3...nm...:.h.b......`...[.L....m. .....M..=..zH..L.......pk.Y...d.....8.2......7..4.}...^....aM,I.....6a..b...O.>..C...t7.....~.k'...i.2...EhN..d............D..lf.P....U..pw....

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\LICENSE.electron.txt

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\fideo-1.0.5.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1096
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.13006727705212
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:36DiJHxRHuyPP3GtIHw1Gg9QH+sUW8Ok4F+d1o36qjFD:36DiJzfPvGt7ICQH+sfIte36AFD
                                                                                                                                                                                                                                                                                                  MD5:4D42118D35941E0F664DDDBD83F633C5
                                                                                                                                                                                                                                                                                                  SHA1:2B21EC5F20FE961D15F2B58EFB1368E66D202E5C
                                                                                                                                                                                                                                                                                                  SHA-256:5154E165BD6C2CC0CFBCD8916498C7ABAB0497923BAFCD5CB07673FE8480087D
                                                                                                                                                                                                                                                                                                  SHA-512:3FFBBA2E4CD689F362378F6B0F6060571F57E228D3755BDD308283BE6CBBEF8C2E84BEB5FCF73E0C3C81CD944D01EE3FCF141733C4D8B3B0162E543E0B9F3E63
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:Copyright (c) Electron contributors.Copyright (c) 2013-2020 GitHub Inc...Permission is hereby granted, free of charge, to any person obtaining.a copy of this software and associated documentation files (the."Software"), to deal in the Software without restriction, including.without limitation the rights to use, copy, modify, merge, publish,.distribute, sublicense, and/or sell copies of the Software, and to.permit persons to whom the Software is furnished to do so, subject to.the following conditions:..The above copyright notice and this permission notice shall be.included in all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,.EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF.MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND.NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE.LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION.OF CONTRACT, TORT OR OTHERWISE, ARISIN

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\LICENSES.chromium.html

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\fideo-1.0.5.exe
                                                                                                                                                                                                                                                                                                  File Type:HTML document, ASCII text
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):9453630
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.7764843234558665
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24576:h+QQf6Ox6x5n1nZwReXe1GmfL6k6T6W6r656+eGj/dBIp+:oAZeGLp
                                                                                                                                                                                                                                                                                                  MD5:AAEA51A605688FCB2F178FD60E4CA64C
                                                                                                                                                                                                                                                                                                  SHA1:69D4791BF3CFEDB68BC4D8F766878103578171CB
                                                                                                                                                                                                                                                                                                  SHA-256:96837A4A521A61BD3D34F2F660E29902D228AAEC501EEB2A84403F1926C3DF9D
                                                                                                                                                                                                                                                                                                  SHA-512:D328BF2F9FF7372A716A09E5882B9E3C0051B0135412B3258453085DB1DE2C7699C8AAE24EDFACA7798F468802DB975977C9976E19FCA84FFFE884BF8594C33E
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview: Generated by licenses.py; do not edit. --><!doctype html>.<html>.<head>.<meta charset="utf-8">.<meta name="viewport" content="width=device-width">.<meta name="color-scheme" content="light dark">.<title>Credits</title>.<link rel="stylesheet" href="chrome://resources/css/text_defaults.css">.<link rel="stylesheet" href="chrome://credits/credits.css">.</head>.<body>.<span class="page-title">Credits</span>.<a id="print-link" href="#" hidden>Print</a>.<label class="show show-all" tabindex="0">.<input type="checkbox" hidden>.</label>.<div class="open-sourced">. Chromium software is made available as source code. <a href="https://source.chromium.org/chromium">here</a>..</div>..<div style="clear:both; overflow:auto;"> Chromium <3s the following projects -->.<div class="product">.<span class="title">2-dim General Purpose FFT (Fast Fourier/Cosine/Sine Transform) Package</span>.<span class="homepage"><a href="http://www.kurims.kyoto-u.ac.jp/~ooura/fft.html">homepage</a></span>.<labe

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\chrome_100_percent.pak

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\fideo-1.0.5.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):151856
                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.916234678329522
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3072:iz8JCGIdkwTPaNkx0auKdL2o418Gb0+VRLf0ld0GY3cQ3ERVm2I:iz81Idk8aqT5K18Gb0OV8ld0GecQ3Er2
                                                                                                                                                                                                                                                                                                  MD5:CB4F128469CD84711ED1C9C02212C7A8
                                                                                                                                                                                                                                                                                                  SHA1:8AE60303BE80B74163D5C4132DE4A465A1EAFC52
                                                                                                                                                                                                                                                                                                  SHA-256:7DD5485DEF22A53C0635EFDF8AE900F147EC8C8A22B9ED71C24668075DD605D3
                                                                                                                                                                                                                                                                                                  SHA-512:0F0FEBE4EE321EB09D6A841FE3460D1F5B657B449058653111E7D0F7A9F36620B3D30369E367235948529409A6CE0CE625AEDE0C61B60926DEC4D2C308306277
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:..........<.....................\...........I.......................:.....4.....o.....?......!.....%....@'.....1.....<....l?.....C.....G.....I.....J.....M.....O.....R....|V.....Z.....]....N`.....a....3c....Zd....f....f....l...Jr....v....y....}............9.....................+..............".....{...........C....1....R..................&....7............0.q...1.....2.....3.]...4.P...5.....:.....;.....<.."..R..%..S..'..T..0..U..2..V..6..W.4;..X.DF..Z..G..\.)P..]..W..^.c\.._..a..`..h..a._j..b..n..c..r..e.W|..f.w...h....i.....k.S...l.....r....s.Y...t.$...u.....v.....w.....x....y.....{.....}.....~.......}.....T...........X...........j...........3.....a...........T...........T.....).............................t...........z.....O.....#.......................'...............................................R#.....$.....$.....%....w&....@'.....'....+)....!*.....+...../.....3....44....4.....4....5....6....w7.....7.....8....g8....8.....8.....?.....B....tC

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\chrome_200_percent.pak

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\fideo-1.0.5.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):228784
                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.9464015763250755
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6144:3DQYajN6svyABnI86fTugx5GMRejnbdZnVE6YoppO4:cfjN6svyABOa6edhVELoXO4
                                                                                                                                                                                                                                                                                                  MD5:E9C1423FE5D139A4C88BA8B107573536
                                                                                                                                                                                                                                                                                                  SHA1:46D3EFE892044761F19844C4C4B8F9576F9CA43E
                                                                                                                                                                                                                                                                                                  SHA-256:2408969599D3953AAE2FB36008E4D0711E30D0BC86FB4D03F8B0577D43C649FA
                                                                                                                                                                                                                                                                                                  SHA-512:ABF8D4341C6DE9C722168D0A9CF7D9BAC5F491E1C9BEDFE10B69096DCC2EF2CD08FF4D0E7C9B499C9D1F45FDB053EAFC31ADD39D13C8287760F9304AF0727BF4
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:..........<.........&.........................................|%.....*.....-....85.....:.....>....CG.....K....._...._t....{y.........4..........m...................................................h..........<..............P...................x....(...................#...i+...7....?...F.....J.....M.....R....tS...T...X....[...^....a....e....i....l...p..0.}t..1..u..2.%w..3.ix..4.\y..5..y..:..z..;.....<.....R.....S.@...T.....U.....V.....W.....X.'...Z.....\.$...].....^.v..._.....`.....a.....b.0"..c..&..e../..f..2..h.A;..i.2?..k..H..l."S..r.iW..s..Y..t..a..u.ij..v.<l..w.\o..x.is..y.~z..{..{..}.....~.~...............|.....z.....g...........y............................q...........................................................X...........K.........................................e.....}".....(....=......4....h5....^6.....7.....8.....9.....:.....<....B>.....?.....L....\.....]....e].....]....r^...._....`.....`....6a....a.....a....=b....]h....Sl.....l

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\d3dcompiler_47.dll

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\fideo-1.0.5.exe
                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):4916728
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.398031738914566
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:49152:hCZnRO4XyM53Rkq4ypQqdoRpmruVNYvkaRwvdiD0N+YEzI4og/RfzHLeHTRhFRN1:oG2QCwmHjnog/pzHAo/Ayc
                                                                                                                                                                                                                                                                                                  MD5:A7B7470C347F84365FFE1B2072B4F95C
                                                                                                                                                                                                                                                                                                  SHA1:57A96F6FB326BA65B7F7016242132B3F9464C7A3
                                                                                                                                                                                                                                                                                                  SHA-256:AF7B99BE1B8770C0E4D18E43B04E81D11BDEB667FA6B07ADE7A88F4C5676BF9A
                                                                                                                                                                                                                                                                                                  SHA-512:83391A219631F750499FD9642D59EC80FB377C378997B302D10762E83325551BB97C1086B181FFF0521B1CA933E518EAB71A44A3578A23691F215EBB1DCE463D
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........|3..]...]...]..e\...]...\.5.]..e...]..wX...]..wY...]..e^...]..eX.y.]..eY...]..e]...]..eU./.]..e....]..e_...].Rich..].................PE..d.....Ne.........." ......8..........<).......................................K......JK...`A........................................`%G.x....(G.P.....J.@.....H.......J..%....J.....p.D.p....................S<.(...pR<.@............S<.(............................text.....8.......8................. ..`.rdata...F....8..P....8.............@..@.data...`....@G......@G.............@....pdata........H......@H.............@..@.rsrc...@.....J......@J.............@..@.reloc........J......PJ.............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\ffmpeg.dll

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\fideo-1.0.5.exe
                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):2682880
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.69855228212799
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:49152:h1nRu1gjn93AXtsX7I8g4AScbz6Ox+pen6yfmb+ST1PqRrYI:hJsf83Sn6Ox+tP5I
                                                                                                                                                                                                                                                                                                  MD5:B254FBA5644B75C0C11D3FC20E994768
                                                                                                                                                                                                                                                                                                  SHA1:8A70D0AD2FE3219313635DB53015F433252E992F
                                                                                                                                                                                                                                                                                                  SHA-256:16E9D42C754149DD0F275A022AAE857347C9276DAC3372EBCD746911A9B45A89
                                                                                                                                                                                                                                                                                                  SHA-512:64F5721128667EF199449BE749533E1DE1B39D7113FA3CCFE4D83C5EA2D381B188F988E27B423EE3FB1BEB43204179563A5147077BFA069C8D2A689115B8C808
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d.....{f.........." .....* ...................................................7...........`A..........................................'......$'.(.............5.l.............6.85..,.&.......................&.(....I .@...........0('.8............................text....) ......* ................. ..`.rdata.......@ ....... .............@..@.data.........'.."....'.............@....pdata..l.....5.......'.............@..@.gxfg....,...`6.......(.............@..@.retplne......6.......(..................tls..........6.......(.............@..._RDATA........6.......(.............@..@.reloc..85....6..6....(.............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\fideo.exe

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\fideo-1.0.5.exe
                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):180356608
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.75470899510127
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:1572864:LSl+fyef/Uzaajg8s20fFbu2/zi9Gd7ePKro1yjrWR5xWVFYxNxOLh:texNoL
                                                                                                                                                                                                                                                                                                  MD5:F877855851D8A48ADC29431B6B46A3B7
                                                                                                                                                                                                                                                                                                  SHA1:6103FE440D8C9D3FBD9EA15254DE40348B39DC96
                                                                                                                                                                                                                                                                                                  SHA-256:5048CB9AB6308A62DE9BA1F8C43533F80EDE6831B171DEDB9E65A94E64456488
                                                                                                                                                                                                                                                                                                  SHA-512:1A4D9EEB58F3B08C6E5C5B010F707AB01615B73AAA3526E49CC38C34CBD16F4A5AD2E9F825ED8D0EFBE50D3DEDBBC54A92E1AC940C807C86C279C01EF4B61B9A
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d.....{f.........."..................o^........@..........................................`...........................................S......VW.T.... ..p.......6I.............L...0.I.......................I.(.......@............lW.....0.S......................text............................... ..`.rdata..............................@..@.data... .H..P[..\...2[.............@....pdata...6I.....8I...e.............@..@.gxfg...PB...0...D.................@..@.retplne.................................rodata............................. ..`.tls................................@...CPADinfo8............&..............@...LZMADEC..............(.............. ..`_RDATA...............:..............@..@malloc_h.............<.............. ..`prot.................>..............@..@.rsrc...p.... .......@..............@..@.reloc..L..........................@..B................

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\icudtl.dat

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\fideo-1.0.5.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):10468208
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.265606239082294
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:196608:+SPBhORiYAXHiXUxY/iJ53IWhlVjEeIu2Y6U:++wkpHiXUxY/iJ53IWhlVjEeIZU
                                                                                                                                                                                                                                                                                                  MD5:FFD67C1E24CB35DC109A24024B1BA7EC
                                                                                                                                                                                                                                                                                                  SHA1:99F545BC396878C7A53E98A79017D9531AF7C1F5
                                                                                                                                                                                                                                                                                                  SHA-256:9AE98C06CBB0EA43C5CD6B5725310C008C65E46072421A1118CB88E1DE9A8B92
                                                                                                                                                                                                                                                                                                  SHA-512:E1A865E685D2D3BACD0916D4238A79462519D887FEB273A251120BB6AF2B4481D025F3B21CE9A1A95A49371A0AA3ECF072175BA756974E831DBFDE1F0FEAEB79
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:...'........CmnD........ Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html ......E.......E...(...E...)...F...).."F...1..5F..`1..EF...N..XF..PN..hF...N..xF.......F.......F.......F..@....F.......F......F..0....F.......G......$G......7G......JG......]G..@...pG.......G.......G..@....G.......G.......G..@....G.......G..p....H..`....H.......H..@...AH......TH..p...gH.....zH.......H..`....H.......H.......H..P....H.......H......H..`....I......%I..P...:I......RI.....bI..@...uI.......I.......I.......I..P....I.......I.......I..0....I.......J... ...J.. !..-J..@$..=J...$..PJ...$..qJ.......J...<...J....&..J....&..J.. .&..J....&..K..`.&..K....&.3K....&.JK..0.&.aK....'.xK....'..K....'..K...(..K....(..K...O)..K....)..L..0Q*.>L..`.*.gL..Pi+..L....+..L...i,..L....,..L..P}-..M..@.-.,M.. .-.EM....-.\M....-.uM....-..M...$...M..0%...M....0..M...j0..M..`.0..N..p.0.1N....0.AN....0.TN..@.0.iN....0..N..0.0..N....0..N....0..N....1..N....1..N..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\libEGL.dll

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\fideo-1.0.5.exe
                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):481280
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.374262668832592
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6144:ami12qlTgeUDsnkcM2nDl83BgENhYCqNefY24M:amk2qxgeUDsNnDcgENhYRNefU
                                                                                                                                                                                                                                                                                                  MD5:08418976FB4B5A7584DFCF8D68BEDFF0
                                                                                                                                                                                                                                                                                                  SHA1:715E6858009673A77BD5C35626FC3E69E0046ECD
                                                                                                                                                                                                                                                                                                  SHA-256:5E36BBCB31385EDCE0CBECBF7829EB17B7FEE1ED937315ED8239ADA9E55AEEBE
                                                                                                                                                                                                                                                                                                  SHA-512:A7B7614020B39192024B1B72613A48FCC699D017DA6FBEF19EBE918392B9A53B23ABAFB86EBFB2909BD2BA8303ABE9BBFA4CBAFEC5DB05362B880131B73A00F8
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d.....{f.........." .........$............................................................`A.........................................4.......C..(.......x.... ..@A..............H....,.......................+..(....@..@............F...............................text...z-.......................... ..`.rdata..l....@.......2..............@..@.data....K....... ..................@....pdata..@A... ...B..................@..@.gxfg... &...p...(..................@..@.retplne.............>...................tls....!............@..............@..._RDATA...............B..............@..@.rsrc...x............D..............@..@.reloc..H............J..............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\libGLESv2.dll

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\fideo-1.0.5.exe
                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):8049152
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.506048963307863
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:98304:RuHidcXlatDySs2lSxm2v/n6gc51XC3tOTB:RukAgttYHnBymt2
                                                                                                                                                                                                                                                                                                  MD5:F41F64CBB9859F94B1A18E2A53AA7EE9
                                                                                                                                                                                                                                                                                                  SHA1:F977C9B33DAC2CA67DFA6DC882801E19527A8AF8
                                                                                                                                                                                                                                                                                                  SHA-256:8ECF46FFEF76C1EA0B37168BF4D6C7F3311DDB9479D345BD1066AA2466200B24
                                                                                                                                                                                                                                                                                                  SHA-512:A6982AC2C7D5EC63647AE0238B0DCC80C67B1CB6CACAABBE5C81F47C9DE9633FAB2D3026EB3F089A7A3932713E91B1347ADBAE98CA3E29E968668D8946D6EB2B
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d.....{f.........." ......^.........pgO.......................................{...........`A........................................-/r./...\.s.d.....z.......x.D_............z.......q.......................q.(....._.@...........P.s.....P.r.@....................text.....^.......^................. ..`.rdata..4....._.......^.............@..@.data.........s.......s.............@....pdata..D_....x..`...dw.............@..@.gxfg....-...pz.......y.............@..@.retplne......z.......y..................tls....B.....z.......y.............@..._RDATA........z.......y.............@..@.rsrc.........z.......y.............@..@.reloc........z.......y.............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\locales\af.pak

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\fideo-1.0.5.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):506356
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.4104262865120925
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12288:VoFfnK2L9o38a6qyC/GT3q+62+H2JynwaD4IJzio0vpI5gJ2aU+tBHr+21s9YqpQ:VoZK2L9osa6qV/Sa+62+H2JynwaD4IJS
                                                                                                                                                                                                                                                                                                  MD5:E48860FE82EF022FFAB38CBC4C96DFFC
                                                                                                                                                                                                                                                                                                  SHA1:A832FA66BFDDABF3AE7F219CF379F66D2903162A
                                                                                                                                                                                                                                                                                                  SHA-256:E2470090A09CA500679E68BB5E3B1ACC35A5873FEA4F93AF25A23C82122F2C13
                                                                                                                                                                                                                                                                                                  SHA-512:E4D0973CA7E59091C482D2ACC384AA48EC87D3CE72D8D42A03A183B230FD209E085A4E907473A05D02D41E15EBC527DF942774C23B4804C150367FCD727AF7B1
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:.........&o.e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r. ...s.1...t.:...v.O...w.\...y.b...z.q...|.w...}.............................................................................................................F.....Y.................K.....\...........7.....{.................V.......................C.....l.....z...........#.....M.....].................H.....g...........-.....b.................9.....m.................3.....i.....x...........I.........................................9.....z.......................<....._.....l.............................|.......................r.......................X.......................".....i.......................3.....[.....d...........L.......................I.....m.................'.....M.....h.......................;.................Q.................. ....: ....M ..... ..... ....)!....8!.....!.....!....0"....L"....."....M#.....#.....#....1$.....$.....$.....$....a%.....%.....%.....%....H&.....&.....&.....&.....'....l'.....'

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\locales\am.pak

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\fideo-1.0.5.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):818902
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.888102842697675
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24576:O3iPSTZhZyOqxlVGZj+WRez7I5zYiMBgVTq+XG/6+7qPZx:O3iP45V
                                                                                                                                                                                                                                                                                                  MD5:5D55F8A437E65DD7962337857E78970B
                                                                                                                                                                                                                                                                                                  SHA1:B83D6A98718459951DC9272344CFDE8F1291C05B
                                                                                                                                                                                                                                                                                                  SHA-256:F7D24B9CD21562665BA250CAEE9C280A1C95EFEA4B5F37D1AFDD36C369A61B87
                                                                                                                                                                                                                                                                                                  SHA-512:02CB8B52A58DAE796DECBFF871C45311396B29A7BA1737320B73C817CB3C417C447169940148958D7B741456B009C08461FB43F89A3A0205606FB407579341FF
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:.........&c.e.....h.....i.....j.....k.....l.....n.....o.....p.)...q./...r.;...s.L...t.U...v.j...w.w...y.}...z.....|.....}.....................................................................................F.....e.....9.............................K...................................:.......................>...........0.....z...............................................U...........h...........z...........>.................:...........z.......................3.......................I.................x.............................. ....@ ....S ..... ..../!....`!....s!....-"....."....1#....]#.....#.....$.....$.....$.....%.....&....o&.....&.....'.....'.....'.....(.....(.....)....T)....d).....*.....*....@+....f+.....+....Y,.....,.....,....?-.....-.....-................./....a/....z/....30.....0.....1....c1.....1....E2....~2.....2....=3.....3.....4....)4.....4...._5.....5.....5.....6....~7.....8....&8.....8.....9.....:....>:.....;.....;.....<....><.....<.....<....$=....7=.....=.....>.....>

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\locales\ar.pak

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\fideo-1.0.5.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):895310
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.91367700242768
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12288:4xo83mqeBjhS/l/RecEX4YvPU5pb3k8O5QNpJQKDBAGB:r9vH5mQi
                                                                                                                                                                                                                                                                                                  MD5:C49F4AFCA050466AF21212E88860F8FE
                                                                                                                                                                                                                                                                                                  SHA1:ADDDF85EA75A24B92F1FCC4FE07A81A35D08F2C4
                                                                                                                                                                                                                                                                                                  SHA-256:11DF77DE069364D7F0E2B42FD2B7291ABD8DA5E4FA2D69A1B82C12A98A89DD00
                                                                                                                                                                                                                                                                                                  SHA-512:6060D96A59E424F9A630E70EFCED6866C074F8BF0C89273A28F9766E8C2B625BC80EA5C691A8C33C1F11A3CF1C4D34D96CDACB19A2CA61B61FCD45365D138843
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:........q&..e.P...h.X...i.c...j.o...k.~...l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.......&.....+.....3.....;.....C.....J.....Q.....X.....Z....._.....x...................................|...........7.................P.......................;......................./...........J.....................................................g...........g...........y...........~.....N.......................3.................U...................................?.....~.....".................. ....} ..... ....'!....<!.....!....F"....."....."....V#.....$.....$.....$.....%.....%.....%.....%.....&....)'....}'.....'....#(.....(.....(.....(.....).....*....N*....c*.....*.....+.....+.....,.....,.....-....N-....t-.....-....o...........N/...../....E0....c0.....1.....1.....1.....2.....2.....2.....3....+3.....3....N4.....4.....4....D5.....5.....5.....6.....7.....7.....8.....8.....9.....:....p:.....:....6;.....;.....;.....<....r<.....<.....<.....=.....=....v>.....>.....>.....?

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\locales\bg.pak

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\fideo-1.0.5.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):935663
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.6599828103801215
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24576:7wCIvq65SLYazQkEC/UTVbOVHv373ZfM3aAKZyVDuZWlumpfd2yo5ybXFRoZQ8Eu:7wCIvq65SLYn+UTVbOVHv373ZE3adyVM
                                                                                                                                                                                                                                                                                                  MD5:E6608ECC589E87A6F78F9CE553EC2609
                                                                                                                                                                                                                                                                                                  SHA1:9FDB2FF6291549DF773BA243B3A92B984B15BDF6
                                                                                                                                                                                                                                                                                                  SHA-256:97EF7984074775282B68DCA5D5A469EFDB2B22474EE6669FDFB5197D3F1B3768
                                                                                                                                                                                                                                                                                                  SHA-512:25450B23ACC962BE85977EF08BE9B484C2A9127775039C521158C1801CD57D5781BCD8D5B8784F8A8B9403CE44B59964A20DBE36CE181F1D239143B22B53D5E2
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:.........&h.e.....h.....i.....j.....k.....l.....n.....o.....p.....q."...r.....s.?...t.H...v.]...w.j...y.p...z.....|.....}.....................................................................................0.....U.....c.....;.......................w.....................................................5........... .............................5.......................J.............................R.................I.......................x.............................; ....u .....!....a"....."....D#.....#....q$.....$.....$....~%.....&....a&.....&....('.....'.....'.....(.....(....k).....).....).....*.....+....h+.....+.....,.....,.....,.....,.....-..........O.....u....../...../...../.... 0.....1.....2.....2.....2.....3.....4....S4.....4.....5.....5.....5.....6.....6.....7.....8....78....09.....9....\:.....:....x;.....;....=<....m<....7=.....=....2>....d>....R?.....?....g@.....@.....A....gB.....C....3C....+D.....D....cE.....E....xF.....G....kG.....G....GH.....H.....I....CI....>J.....K.....K

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\locales\bn.pak

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\fideo-1.0.5.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1205172
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.277979519576092
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3072:8JwgtHnTLCGplsOmf9MCxQ6v2cq/jOxdCfYa6CHXk1cCrWBbY0QH5qYsqvA1:8SuHzsOmlMCxQG8HXycCrWBbs5Iqm
                                                                                                                                                                                                                                                                                                  MD5:E9D2D6A60E167AD6FC9617B3F82247F2
                                                                                                                                                                                                                                                                                                  SHA1:3D028CC6B04EB6879A5C01FA24F280FBA43A656F
                                                                                                                                                                                                                                                                                                  SHA-256:E3F2A4B955B9A701829CD71D22BDCC562A67BC7926A3A349D99DFA2C5863BDF5
                                                                                                                                                                                                                                                                                                  SHA-512:E588EB68B853B9D39A483081B7D622DC3D7D4EEA0292BF15E8462F4FB3936BD803A3F077C3583A93DE42468CF53FA1898625E11A4E358729F50136F818D2C7F3
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:.........&{.e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.#...t.,...v.A...w.N...y.T...z.c...|.i...}.{.........................................................................................6.....s.................`.................l...........E.....j.....d...........a.....Y.....8.......................b.......................b.............................l.............................u.....d.....4.......................f ..... ..... .....!....."....x#.....#.....$.....%....l&.....&.....'....!(....g(.....(....B).....).....*....6*.....*....c+.....+.....+.....,....H-.....-.....-..........C/...../...../.....0....11.....1.....1....P2.....2....<3...._3.....4.....4.....5....(5....J6....f7....18....y8....s9....B:.....:.....;.....;....)<....g<.....<....e=.....>.....>.....>.....?.....@.....A.....A....HB.....B....%C....ZC....?D.....D....HE.....E.....F....1G.....G.....H....DI.....J.....K.....K.....L.....M.....N.....O.....O.....P.....Q....KQ.....R.....R....RS.....S.....T....[U

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\locales\ca.pak

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\fideo-1.0.5.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):569413
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.404657940416652
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12288:dgL4QcTF7tRE1DFCieke3Rj5PqF4N3Mw2juwHzejm0t3lvyb1TDn/RCHYwjcXI2/:LQcxkosfRUhGiMNb5z753Urab
                                                                                                                                                                                                                                                                                                  MD5:FDD32FB8D60970C06F035D0A53B98B38
                                                                                                                                                                                                                                                                                                  SHA1:94383310103E0C282EFD3A21ABFAD0C03C7C0E8A
                                                                                                                                                                                                                                                                                                  SHA-256:C178611C586DEEFDAA2F202981B84E75B8400908BC5FFFC65226A06AF0790536
                                                                                                                                                                                                                                                                                                  SHA-512:BDAF100993BEFEA78E6B6E5173A6249A36D6DC1C3F325ABE0476BBCE3AB243ABF34333B289C86E56A25F3913922C64BE20B7CBF8A5B586AB6CBA152DD318A96A
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:.........&p.e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s./...t.8...v.M...w.Z...y.`...z.o...|.u...}...........................................................................................6...........g.................d.................&...........?.................'.......................0.......................%.....|.................E...................................U.....{...........M.......................].....................................................f.................@.....m.................#.....I.....Y.................5.....L.................Q.....f.................N.....b.................-.....=.............................o...................................E.....a............ ....E ....d ..... .....!....)!.....!.....!....."...."".....".....#....P#.....#.....#....,$....O$....h$.....$.....%....D%....Y%.....%.....&....g&.....&.....'.....'.....(....1(.....(.....)....a).....).....*....Z*.....*.....*.....*....F+....n+.....+.....+....Y,.....,.....,

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\locales\cs.pak

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\fideo-1.0.5.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):585751
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.84253375707667
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6144:uo5vBQefQ3M0eqcZRnYAyeB2AC3O58QCoMbdNOlfzSBlpByI8Q8:uQv5f6Bdu9YAySv58QCoMbdNOZzSnpBI
                                                                                                                                                                                                                                                                                                  MD5:3607F223A1FDD2D016FA7A3761F26C54
                                                                                                                                                                                                                                                                                                  SHA1:90A50FEA74A4982ABBA1AE86CDB08533D4180325
                                                                                                                                                                                                                                                                                                  SHA-256:85699626522C2A8EB1EFA3354C570057C3F665217D9D02A5D366A7C9048DB59C
                                                                                                                                                                                                                                                                                                  SHA-512:80D5230FCA6398732B8003BBC73200C724682D05A743572997323CBAD2F43DE483E7840DAA748E069404D5FEF84A48958254C49EDB799742822C499990E2B85B
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:.........&..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.)...w.6...y.<...z.K...|.Q...}.c.....k.....p.....x.........................................................................................t.................W.....................................................1.....I.................?.....R.................".....5.................?.....e...........v.................R.......................|...........!.....1...........!.....`.....u...........p.................+.............................X.......................8.....].....n...........;.....t.................K.......................<.....g.....t...........>.....v.................X.........................................E........................ ....^ ..... ..... .....!....e!.....!.....!....."....."....."....."....M#.....#.....#.....#....J$.....$.....$.....$....w%.....%.....&..../&.....&.....'....^'....p'.....'.....(.....(.....(....`).....).....).....*....j*.....*.....*.....*....n+.....+.....,

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\locales\da.pak

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\fideo-1.0.5.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):530871
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.450904981636458
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6144:gHUipklzVZs15uHV9D1se8KnwlQGyJwiVobR/0aHtG5Vxvdet+id4YF7wv:Q1/EVCKRWo5VtdY8
                                                                                                                                                                                                                                                                                                  MD5:C22B2477E29DDBD8BCF1DF1B51B738A5
                                                                                                                                                                                                                                                                                                  SHA1:482F5591E4938EE86AB2C2339FE63ED84D17EA8D
                                                                                                                                                                                                                                                                                                  SHA-256:4738F526D617A8EAE389E239925019BA73A7AB9D584F512B5E1000C9C3E81AF6
                                                                                                                                                                                                                                                                                                  SHA-512:CB23D13AB54DE8B232530EF5B9AC8AEA6BE942C32375323C5A88438AB79860D5B38C94642A35F2A42BE233DCF3D1F1D7FF7E2675DE9DAABABDFBD27B73B90FA9
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:.........&h.e.....h.....i.....j.....k.....l.....n.....o.....p.%...q.+...r.7...s.H...t.Q...v.f...w.s...y.y...z.....|.....}...........................................................................................).................P.....`...........B.....~...................................o.......................o.......................U.......................R.......................z...........(.....K...........%.....a.....t...........I...............................................!.....s.................L.....v................./.....S.....a.................,.....:.................1.....D.................5.....E.................$.....1.....}......................._.......................k...........@.....X.................4.....L.................. .... ....q ..... ..... ..... ....n!.....!....."....P".....".....#....*#....C#.....#.....$....@$....U$.....$.....%....@%....V%.....%....7&....x&.....&.....'.....'.....'.....'....c(.....(.....(.....)....O).....).....).....)....6*.....*.....*

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\locales\de.pak

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\fideo-1.0.5.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):566523
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.503240296026186
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12288:rq/e7W6+3K7Up8gOaA93xt5RMDUQ+/CO3:rlq6+3K7Up8gOaAVb5RMDWCO3
                                                                                                                                                                                                                                                                                                  MD5:6DE9BCF029337BFE81B33330656CA93D
                                                                                                                                                                                                                                                                                                  SHA1:86D5E78294CE9250168472F856151065E6293A4D
                                                                                                                                                                                                                                                                                                  SHA-256:59B1BF63164F7B70CDE67D98334F1C9C068C2117EBDE8B81A6813580E24B4C2F
                                                                                                                                                                                                                                                                                                  SHA-512:C38CD4A1935481206B82EEEEE171F8428E960D778AEF261B0829624D7717D6DF6CBE39D866BC4E4C9B6F9C6502E092E2DDF9671F6B65C7DB01966170DB65047A
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:........0&..e.....h.....i.....j.....k.....l.....n.....o.....p.'...q.-...r.9...s.J...t.S...v.h...w.u...y.{...z.....|.....}...........................................................................................,.........................................S.....h...........`.................A.......................}...........$.....5.................R.....f...........l.................U.................9...........:.....t...................................n...........T.....n.......................$.................%.....:.................=.....O...........$.....N....._...........l.................9.......................k.................&.................>.....M...........? ....w ..... .....!.....!....."....!".....".....".... #....7#.....#.....#.....$.....$.....$.....$.....%....)%.....%....A&....z&.....&.....'....{'.....'.....'....%(.....(.....(.....(....`).....).....*...."*.....*....0+....z+.....+.....,.....,.....,.....-....}-.....-.... .....5............/....2/....A/...../....@0....x0

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\locales\el.pak

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\fideo-1.0.5.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1026214
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.744029977766451
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24576:Kt3lYcaPdGgxh1hxFGiYX9wK8JXDsSamqHB3D2Np6Wkj1m1mVT8yiRNQKPCt2rDQ:0YcaPdGgxh1hxFGiYX9wK8JXDsSamqHn
                                                                                                                                                                                                                                                                                                  MD5:F86FEBA0F29BACAE666E5DAF69C99C3F
                                                                                                                                                                                                                                                                                                  SHA1:4B1A3CD58E455D9C9A8E6CA9EA8E26556295642E
                                                                                                                                                                                                                                                                                                  SHA-256:6A2DB5D60532C50501F247773AA225CC463772925FEDD6959AF4F64D69BCFE33
                                                                                                                                                                                                                                                                                                  SHA-512:745F9C7224253F13090B6CCDADB629E3920F601A2CBA05939C372A30C3D05B93E7912B709F02B4C312FACDD044969804B8E221A53B4AFB5D725B6D08D54B9102
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:.........&q.e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.+...t.4...v.I...w.V...y.\...z.k...|.q...}.....................................................................................G.......................I...........|.....K...........................................................J...................................8.................w.....:.............................f...........r.............................o........................ ....A!....n!.....".....#....M$.....$....8%.....%....5&...._&.....'.....'.....(....'(.....(....z).....).....).....*.....+.....,....B,.....-.....-....9.....`.....3/.....0....o0.....0....S1.....2....e2.....2....G3.....4....a4.....4.....5.....6....17....c7....68.....8...._9.....9....7:.....:.....:.....;.....;....f<.....<.....<.....=.....>.....?....k?.....@.....@.....@.....A.....A.....B.....C....:C....%D.....D...._E.....E.....F.....G.....H.....H.....I.....J.....K....dK....tL....pM.....M...."N.....N.....O.....P....3P....:Q....4R.....R

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\locales\en-GB.pak

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\fideo-1.0.5.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):461229
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.519769884527008
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6144:2zyvXgRSCd98ZxE+J1RMP9ePsHjfaYIx556S5xTxVBctRVod:9oRSCdaZxdRMwsHO95NxZd
                                                                                                                                                                                                                                                                                                  MD5:5AB73DB0270109C3331B6026A6AF105C
                                                                                                                                                                                                                                                                                                  SHA1:AC4CE9AC70CD9D69580E21919AEFC4AA98D7EFB3
                                                                                                                                                                                                                                                                                                  SHA-256:210E37E95D20F65A0D414EFEEA4A2BF2929C6D58C0C69F6B6E78742AB07BF09B
                                                                                                                                                                                                                                                                                                  SHA-512:EB70D001A5AC01144124F807AF033B1618EBDA032DE62B7565CCB2F64DD2CED003AF6922313E192934EC93ED23003324A3E03BEAB88E68F177D689632ABBAB52
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:.........'..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.!...w.....y.4...z.C...|.I...}.[.....c.....h.....p.....x.......................................................................J.......................a.......................W.......................[.......................7.....}.......................A.....h.....u.................0.....G.................3.....K.......................+.....{.......................I.......................3.......................&.....].....x.............................).....k......................./.....}.......................Y....................... .....I.....T.............................\.......................5.............................m.......................,.....L.....a....................... .....}.......................d.......................#.....n.......................R.................. ....u ..... ..... ....4!.....!.....!.....!....9".....".....".....".....#....E#....g#....w#.....#.....$....P$

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\locales\en-US.pak

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\fideo-1.0.5.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):464974
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.5133153950471625
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6144:4UiY4OkDkhhA/4muMP9e2qDWfaYe1Vcg5xdxOng5H/thTwB:4I4BDkhhYuM9qDvn5zxZTwB
                                                                                                                                                                                                                                                                                                  MD5:9BCE1A4C9A06D63E8B4F7EB40535C080
                                                                                                                                                                                                                                                                                                  SHA1:11BC263876228D22B0BEE57C6BA80C523C79E5CC
                                                                                                                                                                                                                                                                                                  SHA-256:0013A8EFED8A17A93B0E718FB41652B8A2A6ED38128575CEE89A258134167E41
                                                                                                                                                                                                                                                                                                  SHA-512:B6D1EA3A81CB1B32EBA16A1CB4F337CBD15F28EFEA1E31EBF12EFB795C33F6EEA70ABBFA4FED1B241103A8F0865CB2DD138DB598C9CFBDCE34497D46119E7566
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:........H'..e.....h.....i.....j.....k.)...l.4...n.<...o.A...p.N...q.T...r.`...s.q...t.z...v.....w.....y.....z.....|.....}...............................................................................&.....6.....G.................g.....{.................O....._.................Z.....p.................C.....X....................... .....i.......................1.....r.......................a.......................O.......................%.....P.....`................. .....+.................6.....J.............................(.....c.............................,.....8.......................%.....s.......................>.............................C.....k.....v.................-.....8.................1.....F.............................V.............................X.....z.................-.....b...........................................................l.......................h ..... .....!....$!.....!.....!....."....4".....".....".....#.....#....X#.....#.....#.....#....#$....p$.....$

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\locales\es-419.pak

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\fideo-1.0.5.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):560448
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.37097339675972
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6144:Q3vIhrXtsE/nPzAg9puYdwqro8U5zivZ+XYidR:hScnfpoq65ziB+FR
                                                                                                                                                                                                                                                                                                  MD5:BF24B0E8F3B5216A513D43E2C02D30E0
                                                                                                                                                                                                                                                                                                  SHA1:53B76E36C7FF1D3D7B3B0C782C9933EF1FA5D0E3
                                                                                                                                                                                                                                                                                                  SHA-256:DD5FD63219FD11DA697687B6DDEAAB517109D2395762088C41C19573E7EDFE0E
                                                                                                                                                                                                                                                                                                  SHA-512:F5C5332717B3AB7F93BAB35D20770883D4D4979E89CACC64254FF5D7EC884A48AC70273F47CB1362097F273762B746FD0548C7F9A6979B464419A05C93455E35
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:.........&j.e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.+...s.<...t.E...v.Z...w.g...y.m...z.|...|.....}.......................................................................................................P.................C...................................x...................................2....................... .....}.................D.................&.................c.................j.................1.......................j........... .....;...........R.................$.....i.......................^.......................].........................................?.......................@.......................&.....}.........................................V............ ....5 ..... ..... .....!....>!.....!.....!.....".....".....".....#....(#.....#.....$....j$.....$.....%....Z%.....%.....%.....&....[&.....&.....&....''....v'.....'.....'....k(.....(....R)....i).....)....o*.....*.....*....d+.....+.....,....',....v,.....,.....,.....,....x-.....-....1.....Q.

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\locales\es.pak

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\fideo-1.0.5.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):560249
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.350356549459043
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6144:jXKFTLLUUjE5kHYc1RDVFa7bg0Hzp3+mc8uM53xnjJ5Jp2dCFTZ6PZcHu:7KFjnjZY+xFcTp48uMDnjJ5H2gFzO
                                                                                                                                                                                                                                                                                                  MD5:2696CC5AC92DD8A0E1E4B5C9A3A32753
                                                                                                                                                                                                                                                                                                  SHA1:93EEFACD6EA18C207B048F77BF0D53A7DFC86F03
                                                                                                                                                                                                                                                                                                  SHA-256:4746786F79756EA842CD76A7D9C6FF8AE5D23E46D8CD40C95052C575B8240E68
                                                                                                                                                                                                                                                                                                  SHA-512:C1E33A47A4766393A9B980286C79F626BAA080C8CD9EA51874B7EE756426AF65921BC705071E94FB7A93856EFB457B880CEEADBD77543D650C39E64BE52DC3EF
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:.........&g.e.....h.....i.....j.....k.....l.....n.....o.....p.....q.$...r.0...s.A...t.J...v._...w.l...y.r...z.....|.....}...........................................................................................'...........Y.................G.............................:.................%.......................D.......................B.......................i........... .....M...........G.......................~.................=.......................r.................G...........U.................(.....}.......................r.......................l.................).......................#.............................l.......................Q.......................H.....w.................u.................8 ..... ..... ..... ....3!.....!.....!.....!....F"....."....."....."....s#.....#....)$....c$.....$.....%....5%....M%.....%.....&....=&....P&.....&.....'....p'.....'.....(.....(.....(.....).....).....*....l*.....*.....+....x+.....+.....+.....,....r,.....,.....,.....-....|-.....-

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\locales\et.pak

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\fideo-1.0.5.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):509761
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.452749115455494
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6144:qICqnHGBIeqayJ1HNR5oSPg+syn/Fb0smFoLSdDWA/P5io50WxH5vMJRyiCKMLa4:q0HKIeFQoWkSpmFoaMWxH5vMNW
                                                                                                                                                                                                                                                                                                  MD5:C0610F85A202BCA2F540756ACE2323E7
                                                                                                                                                                                                                                                                                                  SHA1:F770E638E59FDD47484CA51F1C1F42CD933616CA
                                                                                                                                                                                                                                                                                                  SHA-256:77822B71398A329C43B57D9D8C0B27FFF7F30C3A35FBD7850161549A23B0B9B2
                                                                                                                                                                                                                                                                                                  SHA-512:386B65CE118EE0602DFD195290F922C5ABB7B38BF974B04EE4477F765D507CB4C41A0B443930ECA2AAE5B4E1DE23D8013BA241EBBB99713DA4D26DF46E9AA29C
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:.........&X.e.....h.....i.....j.....k. ...l.+...n.3...o.8...p.E...q.K...r.W...s.h...t.q...v.....w.....y.....z.....|.....}............................................................................... .....5.....K...........`.................3.......................S.......................v.................$.....v.......................h.......................j.......................z...........(.....>.................9.....L.................@.....T........... .....V.....n...........c...............................................j.......................N.....x.................V.......................b.......................c.......................\.......................].........................................'.............................u.................. ....i ..... ..... .....!....v!.....!.....!....""....y".....".....".....#....h#.....#.....#.....$....t$.....$.....$....C%.....%.....&....(&.....&....1'....v'.....'.....(....w(.....(.....(.....)....Z)....v).....).....)....X*.....*

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\locales\fa.pak

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\fideo-1.0.5.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):833279
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.03186703355852
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24576:2y/8u313uyqoT+seq+LRmX1loTUOmdAQifaQ2XxFMJGk62YhwdrigHMX4qOzUrW8:IM5Hz
                                                                                                                                                                                                                                                                                                  MD5:5D6D99538A4398EFEB90C4DF580212BE
                                                                                                                                                                                                                                                                                                  SHA1:0FE2ECBAA598A967E2E772EE2C0257ACBD5497B9
                                                                                                                                                                                                                                                                                                  SHA-256:FEE6BD019B4FDF35B3012317595DF9BABFF11215DD5ADBA9841AA3DD92F47F5D
                                                                                                                                                                                                                                                                                                  SHA-512:04204D1835A2D9CD06AEF30D1932037C2CCAB1EF60F383AA8D7A07168AFA0C723C29EB7DEEE864F47B975AB7B37FB6AC0BFD79FDFB1A18A7553BADF38D4D66E1
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:........Y&..e. ...h.(...i.3...j.?...k.N...l.Y...n.a...o.f...p.s...q.y...r.....s.....t.....v.....w.....y.....z.....|.....}...........................................!.....(.....*...../.....I.....e.................~.....J.......................J.......................Z...............................................H.................:........... .....A...........z.......................L.................V...........B.....^.................................................................'.....K...........T.................)........................ .....!....`!....w!.....".....".....".....#.....#....=$.....$.....$.....%.....%.....%.....%.....&.....'....O'....q'.....'.....(.....(.....(.....)....F*.....*.....*....I+.....+.....+.....,.....,....e-.....-.....-....z....../....g/...../....;0.....0....,1....r1.....1....h2.....2.....2....b3.....4....^4.....4....#5.....5.....6...."6.... 7.....8.....8.....8.....9....K:.....:.....:.....;....6<.....<.....<....0=.....=.....=.....=.....>....D?.....?.....?

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\locales\fi.pak

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\fideo-1.0.5.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):520334
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.422792193502567
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6144:hjtSFHk5y19uAA8r87LSzrFSrRUysLk+hOEcraV2LN5RwgUH06nIp0Wac9ondnHa:y5Gy19nAPWFIaW5RwgUU6nIp0Waq/jYM
                                                                                                                                                                                                                                                                                                  MD5:6D7AADDB1365B3EFEE94D4C510A3002E
                                                                                                                                                                                                                                                                                                  SHA1:2A970204894C5AC163C980EC0FAC2DBD1711E5B5
                                                                                                                                                                                                                                                                                                  SHA-256:11B0B9B0F74D01F16DB7AA49BE9DCEEB55FDE9DA56F17419C4BCA159CDCAE274
                                                                                                                                                                                                                                                                                                  SHA-512:F44BAB9CEE552DDDAC17D4AC1949870943CF138B3FDB0E649E8827ACB6DE9528DD9CF738757E5B495587E165D1C750B8BCC6205BDD029A01EB92AECAB22BA49F
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:........P&..e.....h.....i.'...j.3...k.B...l.M...n.U...o.Z...p.g...q.m...r.y...s.....t.....v.....w.....y.....z.....|.....}...................................................................#.....5.....F.....Y.....r...........v.................E.......................W.......................~.................1.............................f.......................<.......................C.......................h.......................d.......................g...................................?.....U.................&.....=.............................X......................./.............................f.......................A.....j.....u...........&.....T.....d.......................8................._.....w.................&.....<.......................%...............................................H.............................Z ..... ..... ..... ....[!.....!.....!.....!....~"....."....K#....`#.....#....)$....]$....y$.....$....4%....c%....u%.....%.....%.....&...."&....~&.....&.....'

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\locales\fil.pak

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\fideo-1.0.5.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):587316
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.201691175706959
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6144:KoCySmeMLtmQ3zGvjQypDQFLCH2MYFGTdmb5SYw7jMoQcAsNqK:KcRmQjMcb547/
                                                                                                                                                                                                                                                                                                  MD5:C744B92C8FEFF1C026034F214DA59ACA
                                                                                                                                                                                                                                                                                                  SHA1:95780D3374841EFDBC0D8A46CDDC46BB860A26E0
                                                                                                                                                                                                                                                                                                  SHA-256:D7FDC7FD08DCC421BC8AAAE3FDC72599C60A3B96F05989A3E46736F0DE06E745
                                                                                                                                                                                                                                                                                                  SHA-512:EEEFC73474642E75DA61056F2841E7CFEB8D8475BE55A39852DFE7DE8A972F7D86E9D1DF4614B3CA3AE4FB01B68E5CED664BC8E46CCFC94F44B06E29A5035B43
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:........%'..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.(...s.9...t.B...v.W...w.d...y.j...z.y...|.....}...........................................................................................&...........\.................T.................+...........`.................a.................6.................+.....:.................D.....W...........W.................W...........(.....O...........A.........................................]...........#.....:...........a.................@.......................8.............................~.................$.......................F.......................R.......................T.......................U ..... ..... ..... ....y!.....!....L"....i"....."..../#....[#....y#.....#.....$....7$....M$.....$.....%....D%....^%.....%....S&.....&.....&....9'.....'.....'.....'....R(.....(.....(.....).....).....)....J*....m*.....+.....+.....,.....,.....,..../-.....-.....-....%.......................9/...../...../...../....N0.....0.....1

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\locales\fr.pak

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\fideo-1.0.5.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):605475
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.383573012017978
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12288:NFVbOFvgBcjZLqyluvpTZF6QuaMVWXKzDtSlZsZFMYnYFfLh9ujzl4m8zxpJSWt4:NTZBfVUVVh5Pt
                                                                                                                                                                                                                                                                                                  MD5:FC3126E1954F9F7AAAFDA5BC8803C738
                                                                                                                                                                                                                                                                                                  SHA1:3F841E1253B3B10B119E4C8B61A1C5D7B37AFA03
                                                                                                                                                                                                                                                                                                  SHA-256:5359B6AC89633BF22E06247B925B347E0328277A3717BF486BA916E2069364F8
                                                                                                                                                                                                                                                                                                  SHA-512:FE8E16524D4B6CC09499E9E15A8FCE0CB17C8786FD562F010A508FB248133983E50BE5A4C848851FD45BEA06AF2E291E35129C880710E214324910FEDCF17A8D
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:.........&..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.&...w.3...y.9...z.H...|.N...}.`.....h.....m.....u.....}.............................................................................%.........................................|...........a.....}...........X.................*......................./.......................t...........!.....O...........:.....}...................................7.......................m...........%.....>...........b.................@.......................A.......................;.......................S.......................l.......................o.......................\.......................U.............................. ....d ....{ ..... ....A!....o!.....!.....!....%"....E"....c"....."....,#....i#.....#.....$.....$.....$.....%....l%.....%.....%.....%....l&.....&.....'....2'.....'.....(....k(.....(.....).....).....).....)....w*.....*....(+....O+.....+....Z,.....,.....,.....-....o-.....-.....-..................

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\locales\gu.pak

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\fideo-1.0.5.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1185869
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.3153468445677
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3072:l70V+mcpemvwy2y0mM1VKIajZkkq4kkpyAfIwjAwREJKVMjNiT7llj63rFulPCpQ:KV2XPu11VKsLku0jNl55qshZ1XFR
                                                                                                                                                                                                                                                                                                  MD5:293CCBBA46B70D394C83C52048A55271
                                                                                                                                                                                                                                                                                                  SHA1:646207820C57277A84D5AE0D25564539B9ACC837
                                                                                                                                                                                                                                                                                                  SHA-256:A45DAD53748632E8AE1632AEED12B45D259155A1211921A4A8804791AC68AFF4
                                                                                                                                                                                                                                                                                                  SHA-512:19F3A2404DF1BCE7D6F7849BD6F57393DEBD567D18F5206512AC4C1E64578D992AB3A98F091FAD7B0F13FA323620B1A04E0643A0A32F67B8AFEE0C56407D5F12
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:.........&s.e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.*...s.;...t.D...v.Y...w.f...y.l...z.{...|.....}.....................................................................................F.....~.........................................7.....x.......................p.....J...........}...........X...........&.....R...............................................W.....e.....V...........,.................K.....q.....Q.....).................. .....!...._".....".....#.....$....e%.....%..../&.....&.....'....+'.....'.....(.....(.....).....)....P*.....*.....*....~+....1,.....,.....,....~-....:.................h/.....0....g0.....0....%1.....1....,2....H2.....2.....3.....4....(4....;5....D6.....6....&7.....7.....8.....8.....9.....9.....:....@:...._:.....;.....;.....<.....<.....=.....>.....?....p?....-@.....@.....A....BA....%B.....B....TC.....C.....D....8E.....E.....E....!G....MH.....I....=I....SJ....=K.....K....$L.....M.....M....KN.....N....LO.....P....eP.....P.....Q.....R....2S

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\locales\he.pak

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\fideo-1.0.5.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):730564
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.619748763379673
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12288:PY5uhQh43XyfhR5ir+yc/fWqu/DK6oiACpXbDeQCajL5n6ltE+t+hO5xNmm++nA+:WaPz5b+l
                                                                                                                                                                                                                                                                                                  MD5:A4C49DE130CC39EC8454A03171E0AF2E
                                                                                                                                                                                                                                                                                                  SHA1:BE70FC9C3096FDE83E90A78DEA655D4F20DB545E
                                                                                                                                                                                                                                                                                                  SHA-256:1713E7CD1B63853068D3A8CB15D8C11DA417ACE8BE914C27789086726C40DA94
                                                                                                                                                                                                                                                                                                  SHA-512:A8855E65850364E488EA047489108BD133CC280FF6AA689E5A409C6C46A138F8D3209B9650557D9E47E62217230D89D5DB71D256C52100C169493364CC4EA894
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:.........&..e.n...h.v...i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.*...|.0...}.B.....J.....O.....W....._.....g.....n.....u.....|.....}.....~.........................................Q.............................I.....b.......................(...........0.................&.......................i.................*...........%.....a...........,.............................>.................:...................................\.....u.....2...........C.....i...........O.....z...........#.......................m...........E.....\...........N.................$.......................f ..... .....!.....!.....!....."....D"....W"....."....C#.....#.....#....2$.....$.....%....)%.....%.....&....?&....c&.....&....7'....b'.....'.....(....}(.....(.....(.....).....)....F*.....*.....*....K+....l+.....+.....,....h,.....,.....,....X-.....-..........B....../...../....@0....d0.....1.....1.....1.....2.....2....63.....3.....3....-4.....4.....4.....4.....5....,6.....6

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\locales\hi.pak

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\fideo-1.0.5.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1250560
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.291126463889443
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3072:aIUktjYfySfdhIOy73ZV/BB0ZV1dKuxlRLiW3VTOEOTByntDPtDlYpRYs4fe/8vk:a/EYfymw3rM5eKKh+y
                                                                                                                                                                                                                                                                                                  MD5:4490D4405A67B430132B4364118A8CEF
                                                                                                                                                                                                                                                                                                  SHA1:D8EB69606F28700DC764A7108D547B6EAFDA2FD8
                                                                                                                                                                                                                                                                                                  SHA-256:18D6DB4EE11DE42D038E718EA1C565AE48B50747BE29894DE2E191D63D9C9A04
                                                                                                                                                                                                                                                                                                  SHA-512:17A61AAA49700C4D28AA581D558EFACF58243F52792E97DF139F47DA79BF807AFF55C497B3972F0E66BB12773B51A4D47339F91EC6982118D15F1B4E10131FB7
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:........h&..e.>...h.F...i.W...j.c...k.r...l.}...n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}...................'...../.....7.....>.....E.....L.....M.....N.....P.....r.......................4.....H...........L.....H.....,.......................T.................z.....F...............................................Y.......................z.................7.............................o.............................. ....J ....U!....:".....".....#....O$....L%.....&....E&.....'.....'.....(....F(.....).....).....*..../*.....*....^+.....+.....+.....,....J-.....-.....-..........Y/...../...../.....0....11.....1.....1....C2.....2....A3....Z3.....4.....4....+5....J5....W6....H7.....7.....8.....8....r9.....9.....9.....:.....;....:;...._;.....<.....<....A=....m=....[>.....?.....?.....?.....@....0A....mA.....A.....B....|C.....D....<D....?E.....E.....F.....F....'H...._I....IJ....zJ.....K....XL.....L.....M....WN....9O.....O....#P.....Q.....Q....BR.....R.....S....RT.....T

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\locales\hr.pak

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\fideo-1.0.5.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):564848
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.510732589882541
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3072:SYfIJPJGp2Xbs/kex1s62OwaBV08H0rxy+wezXgr0wB+6hRQ6OSAqy1pYpvd0uP2:SGosp2LER2kiXwXxhAhR25jhYe3RkMK
                                                                                                                                                                                                                                                                                                  MD5:D71FE557583C8DF4ED043233B9C2BF19
                                                                                                                                                                                                                                                                                                  SHA1:A7C86BA07A8465888B17BA1B7B9C212C28E6D989
                                                                                                                                                                                                                                                                                                  SHA-256:723C65592D15311D33FE35B2865849CCCFFBBF58A280859AF972C77DF96E14D0
                                                                                                                                                                                                                                                                                                  SHA-512:D4A98E9D3C80D3CF1B71D3E63FA402462ED06E65CC7449D7253064D7B913140D49DA8D01BC45D5A6751DFEAED751DBFA4205D7F14A6E10F746783896E262310F
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:.........&T.e.....h.....i.....j.....k.(...l.3...n.;...o.@...p.M...q.S...r._...s.p...t.y...v.....w.....y.....z.....|.....}.....................................................................................,.....=...........e.................Q...................................D.....c...........7.....s.................C.....u.................*.....S.....c...........6.....h...................................e.................(.................#.....7.................m.............................).............................d.......................*.....v.......................j.......................e.......................m.......................b.......................H.....u.................u.......................{.................. ....a ..... ..... ..... ....I!....v!.....!....."....l"....."....."....?#.....#.....#.....#....:$.....$.....$.....$....h%.....%.....&....1&.....&....='.....'.....'....&(.....(.....(.....(....Z).....).....).....)....H*.....*.....*.....*.....+.....+.....+

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\locales\hu.pak

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\fideo-1.0.5.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):609356
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.637090744563754
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6144:Fr5gRptZU80LM9rHs21fNAAbkit2V5RlVFZfpAaYGN2enVeWvRwnjDi54RYsR1tl:F29y/SAjV5RlV28HJd5kA7S
                                                                                                                                                                                                                                                                                                  MD5:2515BB367F56F282657B3DD3B9FFCBC3
                                                                                                                                                                                                                                                                                                  SHA1:8CC350E359F1CFEFDF0CE3B016109DD483D45A8E
                                                                                                                                                                                                                                                                                                  SHA-256:B4E6A1135DE8BDC42C04F4DB4EB1CE48256F18EB46A5146A21010B6165A90E7A
                                                                                                                                                                                                                                                                                                  SHA-512:779A77B3380F08DFB1D1E9BD65806F3D5AB56619D040BD6ECC9726C17944F4D0C3A619EDEE06D638549250FBF4C6A2BE46CD6196A3A8862D184A68D45D6F6D72
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:.........&..e.r...h.z...i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.,...|.2...}.D.....L.....Q.....Y.....a.....i.....p.....w.....~.....................................................8.................<.......................................................................N.......................\.................#...........#.....a...........-.................6.................\.....n...........U.................-.............................-.........................................F.......................].............................;.........................................r...........J....._...........L ..... ..... .....!.....!.....!.....!....w".....#....\#....r#.....#....V$....}$.....$.....%....d%.....%.....%.....&.....&.....&.....&....h'.....'....#(....Z(.....(.....)....3)....K).....).....*....;*....Q*.....*....D+.....+.....+....C,.....,....Y-....h-......................./...../.....0....n0.....0.....0....X1.....1.....1....+2.....2.....2

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\locales\id.pak

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\fideo-1.0.5.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):502641
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.37827588749491
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6144:9kLEQ8KEQMlk0YVRwlxD5uQgif+eVnjHF7TmiZIPk5V3pmwkK53vCqHi4pH7:7cDMYVyXDhgKVnjHF/m8Ic5V3pl7
                                                                                                                                                                                                                                                                                                  MD5:766E11F881396ECD982F0B9DFEB0675D
                                                                                                                                                                                                                                                                                                  SHA1:210812C8C853AE2CED85AA8486E9872844201ADD
                                                                                                                                                                                                                                                                                                  SHA-256:E95AC873B16983EF8A9019FC7141BD56315E082F531D37C5B8377645226FE5EE
                                                                                                                                                                                                                                                                                                  SHA-512:FAB3AB4E70137CFE73F883A407F40D6B22AFD2461BFDCCAD720FB4E3E37B50C56CAE61FFD8044F6DC463CB8CBFA03BE989AB42304A29FF9432A6588580D31C87
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:.........&{.e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s."...t.+...v.@...w.M...y.S...z.b...|.h...}.z...............................................................................................p...........#.....:...............................................7................./.....C.................!.....4.....~.......................h.......................p.......................d.......................>.......................2.......................Q.......................X.............................T.....y.......................G.....Q.................0.....?.............................n.......................F.......................(.....|.......................o.......................=.....X.....i.......................1.............................s.......................W.............................m.................. ....f ..... ..... ....;!.....!.....".....".....".....".....#....;#.....#.....#.....$....($....r$.....$.....$.....$....H%.....%.....%

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\locales\it.pak

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\fideo-1.0.5.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):552524
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.290672728769294
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6144:STns32kZ6S7fjORLDrwTx92/Fzw6N8uESIqRRRsO1St7VjRT9TjeUaCnfxLUAppC:usGu7qRffelZii8lZT91q8/5FZIm
                                                                                                                                                                                                                                                                                                  MD5:94C772C21818F1DF64179D69695A89FB
                                                                                                                                                                                                                                                                                                  SHA1:54CA1A6639F92F9D43CFE2ADAA3EAC2F1764292C
                                                                                                                                                                                                                                                                                                  SHA-256:E950434E4449EDEC533BB63801A8AFFE17CDA7BB998B7F9FE06BE15E7E94111B
                                                                                                                                                                                                                                                                                                  SHA-512:078F14CB61BA69D2904DD9FC1946A053866A47741CBD7D6A336E4B39749C21BD8D1D096BD832B6864D15E0E142014F23F347BA082DCC0D2164468DCFD3E4615F
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:.........&z.e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.$...t.-...v.B...w.O...y.U...z.d...|.j...}.|...................................................................................................../.......................y.................S...........,.....H...........=.......................I.....p.....~.................E.....T...........0.....m...................................y...........".....3.................-.....C.................`.....y...........s.................H.............................x.......................A.....h.....s...........=.....}.................8.....k.....v.................A.....J.............................r.......................{...........4.....M.......................2.....v.......................: ..... ..... ..... ....I!.....!.....!....&".....".....".....".....#...._#.....#.....#.....#....k$.....$.....%....9%.....%....P&.....&.....&....]'.....'.....(....?(.....(....,)....x).....).....).....*....=*....P*.....*.....+....[+

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\locales\ja.pak

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\fideo-1.0.5.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):675328
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.689620745302511
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6144:Khxu5BDUhWxXgLA9NlW1XpZaQ2dVBbq5zNpeV7:KW5S2gsmXpZaQ2dVo5zNI
                                                                                                                                                                                                                                                                                                  MD5:60ADA5B3E95889528B622A3114F22486
                                                                                                                                                                                                                                                                                                  SHA1:49BC42C12D0645E7D117E0A8B375754B04592AC2
                                                                                                                                                                                                                                                                                                  SHA-256:C1FB05D866C06DB03B724EF009C04657B2C7EF007535A62DBA48CED5194C68A7
                                                                                                                                                                                                                                                                                                  SHA-512:4CB242E9639D91B10D4E6BCA9F24780BE4AF9E7E924AEFB5A848E2E0976650F90C7DB396AA3F5DE0C229D36CB07F374AD0DD1A08E0BF7994AC14081407DBF5A1
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:.........%7.e.....h.6...i.A...j.J...k.[...l.d...m.l...o.....p.....q.....v.....w.....y.....z.....|.....}.......................................................%.....,.....3.....5.....:.....S.....q.................G...........(.....F...........<.....y...........,.................*.......................7...........'.....X.....j...........8.....e.....u...........q................._...........#.....D...........$.....W.....g...........B.....s.................c.................R...........T.....o...........3.....U.....q...........r.................`...........(.....I.........................................Q.....`...........\.................&.......................o ..... ....;!....P!.....!.....".....".....#.....#.....#....7$....Y$.....$....>%....p%.....%.....&....}&.....&.....&.....'.....'....I(.....(.....(....;)....])....l).....)....q*.....*.....*....F+.....+.....+.....+.....,....8-.....-.....-....M............/....</...../....P0.....0.....0....61.....1.....1.....1.....2.....3....S3....n3

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\locales\kn.pak

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\fideo-1.0.5.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1357060
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.227491794306582
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12288:77Ovbgsg9Q6tD4QOnyFUIM77K5OPWO4Da1bjr:77eMdb5UW0
                                                                                                                                                                                                                                                                                                  MD5:AEC8FA9A9EA42F94D898604B59CA4B3E
                                                                                                                                                                                                                                                                                                  SHA1:70B799613633B6A0B96F03986C2531878ADE2779
                                                                                                                                                                                                                                                                                                  SHA-256:489F28751B99ADBF43BF34D571F07B24FE9C3685F6E3D5A0B1703C443C6D4963
                                                                                                                                                                                                                                                                                                  SHA-512:E788A0BE98B0AD83E21FDADBF704FE1E3F80EB129A41F553A835147EFD2D2499077A44500FD37E7FD1EF1869D7ED4F1669CCB842EC763F9F2B0B15DE1FFA1779
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:.........&M.e.....h.....i.....j.'...k.6...l.A...n.I...o.N...p.[...q.a...r.m...s.~...t.....v.....w.....y.....z.....|.....}.........................................................................N.......................c...........h...................................m...........a.............................^.......................;.....(...........r.......................(.............................0 ....6!.....".....".....".....#.....$....Z%.....%.....&.....'.....(.....).....*.....+.....,.....,.....-....).....t...........e/...../....J0....]0.....1.....1.....1.....2.....2.....3.....4....h4....<5.....5....q6.....6....H7.....7....k8.....8....o9....':.....:.....:.....;....M<.....<.....<.....>.....?.....?.....@.....@.....A.....B....VB.....B....yC.....C.....C.....D....XE.....E.....F....?G.....H.....H.....I.....J.....J.....K....UK.....L....QM.....M....0N.....O....AP.....Q....\Q.....R....CT....AU....vU.....V.....W.....X....#Y....[Z....@[.....[....3\.....].....].....^....O^....._....k`.....a

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\locales\ko.pak

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\fideo-1.0.5.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):570460
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.060524950225244
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12288:BnxekHvBTptS2NHOXTTSIyxxMSAG0GlzRXfwj30t8OQ4E3heOGY5yCqhog/75d6P:/vxIYr51KeHXU
                                                                                                                                                                                                                                                                                                  MD5:BB86F92AAFA4FA6A5A43DC836C51CB2A
                                                                                                                                                                                                                                                                                                  SHA1:8ECC78B69ADE046F6BB18529682A800596484B84
                                                                                                                                                                                                                                                                                                  SHA-256:7234A1390377451087A764BD31C817A5CE6695FA517119E7DCCBA642FAC65E43
                                                                                                                                                                                                                                                                                                  SHA-512:1CFA9AFAB366518F6E13C8ED4CE8ADDB3984E360263412486B7920F4B20C35B3E9DD7479B09FA879942E83BC112C6E9FCC70A56B72F261540648C2FECA2AD4B4
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:.........%_.e.....h.....i.....j.....k.....l.....m.....o.%...p.,...q.2...r.>...s.O...t.X...y.m...z.|...|.....}...........................................................................................$.................`.....~...........W.................!.......................R.......................p.......................u.........................................#.................6.....J.................3.....@.................#.....0.................:.....J...........M.......................c.......................D.....i.....y.................D.....T...........8.....v.................V.......................a.......................d.......................b.................&.......................Y.......................I.......................T.......................n............ ....B ..... ..... ..... ..... ....^!.....!.....!.....!....a"....."....."....."....t#.....#....7$....E$.....$.....%....O%....f%.....%.....&....]&....p&.....&....#'....C'....V'.....'.....(....G(....Z(.....(

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\locales\lt.pak

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\fideo-1.0.5.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):611793
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.633524979263792
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12288:zT2knvNMLM8rPedJaH9qs50zjGwaRpw6SNM:71M5KVs5KGdRpr
                                                                                                                                                                                                                                                                                                  MD5:20906AEC4A21BCBB8BC8BAB067075BA6
                                                                                                                                                                                                                                                                                                  SHA1:369DA9C1567D4376852CEBDB87CD9213DC4BD321
                                                                                                                                                                                                                                                                                                  SHA-256:A1257D10E673311747363E6929832E70F36668B1FC0D6A5DDD550FE88007AA58
                                                                                                                                                                                                                                                                                                  SHA-512:8D1EE40BFF980B889AF83B95FA408BDDF2FF5D257F532D2DA46BFC3DDBCC31B9CF14B473FDFCA1A574C0316FD689A424AE241E9BCC533B7DFE0C7203D4B252FE
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:.........&h.e.....h.....i.....j.....k.....l.....n.....o.....p.%...q.+...r.7...s.H...t.Q...v.f...w.s...y.y...z.....|.....}.......................................................................................................`.................\...........3.....K...........o.................T.................#.................S.....b...........^.................-...................................Z.....t...........d................. .......................w...........?.....X...........}.................T.......................z........... .....2.................Q.....f...........`.................#.......................i...........%.....6...........: ....n ..... ..... ....f!.....!.....!....B".....".....#....L#.....#....2$...._$.....$.....%.....%.....%.....%....o&.....&.....'....2'.....'....@(.....(.....(....").....).....).....)....^*.....*....)+....?+.....+....W,.....,.....,....d-..........`.....x............/...../...../....}0.....1....V1....g1.....1....(2....G2....\2.....2....p3.....3

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\locales\lv.pak

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\fideo-1.0.5.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):611059
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.633522991400227
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12288:hCNXccv2Js+zNy8JSvHkf5mF4TV5AzYg19:hCNc++zNy8JSPkf5mFTzR19
                                                                                                                                                                                                                                                                                                  MD5:9F9D09B8E8B943733574C32E924CC834
                                                                                                                                                                                                                                                                                                  SHA1:CD68A843884AEC9EEBA36A287902E5B39F128F82
                                                                                                                                                                                                                                                                                                  SHA-256:3E3C9953E679F391167A5D5536A4ACE4D56558909AC8AD5B9F08650254D99F40
                                                                                                                                                                                                                                                                                                  SHA-512:8062EC8F8CA2507AC8E10D0A9A8A76AB02FEAB8993989043DBDFCE3807D216087017ED14E6E9F52D87A2DEB87AE5A69393E5D6C6963472ED98ECB22FC45D594E
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:.........&F.e.....h.....i.)...j.5...k.D...l.O...n.W...o.\...p.i...q.o...r.{...s.....t.....v.....w.....y.....z.....|.....}............................................................. .....".....5.....H.....^.....z.................#.....?...........9.....s.............................'...........7.....x.................v.................".......................n.................?.............................g...........7.....M...........E.....~.........................................I.................................................................&.......................T...........-.....C...........(.....Y.....k...........Y.................. ..... ..... ..... ....:!.....!.....!....."....."....B#.....#.....#.....$....o$.....$.....$.....%.....%.....%.....%....T&.....&.....&.....&.....'.....(....Y(.....(.....(....`).....).....).....*.....*.....*.....*....i+.....+....-,....D,.....,.....-......................./....T/....z/...../....u0.....0.....0....'1.....1.....1.....1....S2.....2....)3

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\locales\ml.pak

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\fideo-1.0.5.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1413052
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.262019285616336
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12288:mYgMymmzA2cMmsbbAUPudxMIMZxn9mMw6NQ6KfGBP1tXn1hv21ctD3eDhj5oY65P:4RKuKfGBP1tX3tD3e55oY6bXaS3t
                                                                                                                                                                                                                                                                                                  MD5:F7EC992CD07CBBF50C8A41FDD5C2A1CF
                                                                                                                                                                                                                                                                                                  SHA1:CFE7C3C09D8A070CF4E9F7030E4CC77AD330D46A
                                                                                                                                                                                                                                                                                                  SHA-256:520D60E6F297E8273113E8C73AA90AA026A75098F38175B22BD4B8FA761EB2E4
                                                                                                                                                                                                                                                                                                  SHA-512:9087ADC7955A03D32449DE873071752874A674B15B50CCD5CD82B2460D153B4E843FA18C4133B67AA0F238C46D0F86E156E41190FD5563E7BD8EE18B4EF8E292
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:.........&S.e.....h.....i.....j.....k.*...l.5...n.=...o.B...p.O...q.U...r.a...s.r...t.{...v.....w.....y.....z.....|.....}.........................................................................B.........................................".....S.....F...........8.......................P.....Z.....n...........M.....3...........u.............................X.....T.......................,.....D .....!....\!....r"....b#.....$....B$....T%....=&.....&.....'....T(...._).....*....o*.....+....;-....2...........E/...../....P0.....0....P1.....2....y2.....2....q3....+4.....4.....4.....5....s6.....6.....7.....8.....8.....9....Q9....2:.....;....z;.....;.....<....p=.....=....)>.....>.....?.....@....Y@....oA.....B....cC.....C.....D....:E.....E.....E.....F....ZG.....G.....G.....H.....I....+J....oJ.....K.....L....-M.....M.....N....DO.....O.....O.....Q.....R.....R.....R....(T.....T.....U.....U.....W....?X.....Y....7Y....}Z.....[....1\.....\.....].....^....^_....._.....`....ya.....a....4b.....c.....d....me

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\locales\mr.pak

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\fideo-1.0.5.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1163258
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.291083673562533
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6144:b17lQq7uu0DacX+KZmCneDsQcVgL5UmGQ0I:bB2q730DacX/ZHeDsQcVs5UmGQ0I
                                                                                                                                                                                                                                                                                                  MD5:649E76B6666096A2258B942745FF9FE1
                                                                                                                                                                                                                                                                                                  SHA1:82EDF8CA68DFF0CAA36B17901C1E12A17172FA51
                                                                                                                                                                                                                                                                                                  SHA-256:039F4E0176C38867FEF57482825D043FA63BF1356C85EAB0FC665F118DB125E4
                                                                                                                                                                                                                                                                                                  SHA-512:92F51140416CD6DD53109DDCC1EE24C1D26999DE5CD48A11E6954DBBC985298C1B90C0B4A7BBD8701A2737B71340E8A257E8B1ACE85FF3B4876B714C60BEFDCE
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:........v&..e.Z...h.b...i.|...j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.%...}.7.....?.....D.....L.....T.....\.....c.....j.....q.....r.....s.....x.......................(.....a...........<.....q.................d.................-...........T.....Z.....W...................................@.................@.....`.....j.....H.......................................... .....!.....!.....!.....".....#....}$.....$.....%.....'.....'.....'....l).....*....y+.....+.....,.....-.....-....!............/...../.....0.....0....d1.....1.....1.....2.....3.....4....B4....*5.....6....i6.....6....\7....#8....}8.....8....`9....#:....y:.....:....l;....6<.....<.....<.....>....)?.....?....*@.....@.....A.....A.....B.....B....PC.....C.....C....tD....:E.....E.....E.....G.....G.....H.....I.....I.....J.....K...._K.....L.....M.....N....ZN.....O....iP.....Q....OQ.....R.....S.....T.....U....gV....qW.....X.....X.....Y....fZ.....Z.....[.....[.....\.....].....]....O^....C_....._

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\locales\ms.pak

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\fideo-1.0.5.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):527328
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.2497576346833865
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6144:f7ssvP0riPt7BtWMxsvHN3LpRlBJdG4UcuS95b8AAUGIUZf0Vf+:o+PtdBRxyH1lB6I95npG7
                                                                                                                                                                                                                                                                                                  MD5:10A8463902589CFDC41C1580373B7728
                                                                                                                                                                                                                                                                                                  SHA1:A2DD9BA97DAD457826F6043D80F756B8C13DCB1B
                                                                                                                                                                                                                                                                                                  SHA-256:354D7A3FC5C9F6E965F54DA155D66EAFC8E5B5EAB08CD782E9FDC379A5829E48
                                                                                                                                                                                                                                                                                                  SHA-512:02BA5C950E2BE0C3E5F087D25E4D80AE544E53940A93A6381833BDF6538DFCB6FE51261B60AA376C2AAE8654717560094FBFDD29821183F1B32068F26BE092B9
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:.........&D.e.....h.....i.$...j.0...k.?...l.J...n.R...o.W...p.d...q.j...r.v...s.....t.....v.....w.....y.....z.....|.....}................................................................... .....3.....G.....a.....x.............................[.......................o.................1.................L.....d.................?.....R.................3.....D.................;.....^...........I.......................L.....w.................+.....V.....a...........#.....Z.....k...........\.......................R.....m.......................C.....O.......................$.................%.....6.................(.....2.......................%.....y.......................i.......................w...........0.....C.......................).............................].......................C ..... ..... ..... ....3!....r!.....!.....!.....!....W".....".....".....#....d#.....#.....#....;$.....$.....%.....%.....%.....%....!&....<&.....&.....&....!'.....'....{'.....'.....'.....'....O(.....(.....(

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\locales\nb.pak

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\fideo-1.0.5.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):511241
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.426048984122231
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12288:+DHlNCpIbnwQ5Op7fPIxJb6E+bl5EKQbW7bDrvt:mHIzdKb6E+bl5fQbi3B
                                                                                                                                                                                                                                                                                                  MD5:C235A973834B4163BCCAE59CB63048AE
                                                                                                                                                                                                                                                                                                  SHA1:6DA7F9D9FDA1654FF00342D47F06D30EA9F9A784
                                                                                                                                                                                                                                                                                                  SHA-256:C365BDE65C8933C6B0691DA32428815FFE7254415D8F859D1BD8A13F04BDD1F8
                                                                                                                                                                                                                                                                                                  SHA-512:ADA2EB2976AAC5DBEC505B05E8BFB494B1E2ABD394E7EAFBC351DC4D2DFC584247EEEB1DFF562BF757A4ED7FE9FE7B4A543C94E30632B2A64E04EC67AC35A9D9
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:.........&a.e.....h.....i.....j.....k.....l.....n.'...o.,...p.9...q.?...r.K...s.\...t.e...v.z...w.....y.....z.....|.....}...........................................................................................6...........G.......................y.................Q...........$.....?.................6.....M.................-.....;.......................(.................(.....D...........-.....f...................................p.................(...........(.....q...........#.................".....j.......................3.............................n.......................j.......................v.......................|.......................q.......................h.........................................D........................ ..... ..... ..... .....!....e!.....!.....!....."....."....."....."....W#.....#.....#.....#....]$.....$.....$.....%....r%.....%.....&.....&.....&.....&....+'....:'.....'....I(.....(.....(....%).....).....).....).....*...._*....|*.....*.....*....T+.....+

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\locales\nl.pak

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\fideo-1.0.5.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):528498
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.364144888009966
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12288:+sv5HlbJ9WQuskxgb521Ex5btIQzbIrqqn9EOTy:nHlbJ9WQus9521Ex5biQzbIrqqn9v2
                                                                                                                                                                                                                                                                                                  MD5:D59FED8986EEE2B9D406AD52D88CBCF5
                                                                                                                                                                                                                                                                                                  SHA1:F7E409E17723E21174361BC81E54BCEF269F40F7
                                                                                                                                                                                                                                                                                                  SHA-256:619C61701B3A142733D23AD8C7117BC013867A842D3D1D572FAA56895AD8257E
                                                                                                                                                                                                                                                                                                  SHA-512:234AADDAA7677B39667B4078DC3A630D67B4F2AB7DF5CE763D509183A4D88E8F7BD1A231113B8A51418D577E4AA630860A7F2735C34EF59E0F65966CEF825597
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:.........&x.e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.(...t.1...v.F...w.S...y.Y...z.h...|.n...}...............................................................................................................................h.................-.......................d.......................i.......................N.......................P.........................................9.................,.....;.................=.....M...........2.....w...................................8.............................W.....{................./.....W.....h.................f.....w...........'.....V.....d.................1.....;.............................~...................................:.....P.................6.....P.......................'.................. ..... ..... ..... .... !....S!.....!.....!.....".... ".....".....".....#....'#.....#.....#....<$....[$.....$...._%.....%.....%....I&.....&.....&.....'.....'.....'.....(....,(.....(.....(.....(.....)....m).....).....)

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\locales\pl.pak

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\fideo-1.0.5.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):588251
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.769435646163667
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12288:eUONrTG7gWoOB/kcesXfQfu4VUd6HA9btHP3CUdhe3mTUnMAml1QhqeY5TGs4jcc:enNG7gouMt1QhE5Xc
                                                                                                                                                                                                                                                                                                  MD5:27A28BD39C71AD335D8E5BA33D08C864
                                                                                                                                                                                                                                                                                                  SHA1:859D6DC1690A9DA6190F6CA295A1A81AA8604084
                                                                                                                                                                                                                                                                                                  SHA-256:E82BD1DCC3DA3A8502A866B362435149D27ACE82E4AD96DEAC3A71E5B64329CA
                                                                                                                                                                                                                                                                                                  SHA-512:881A80C399E2CB78903ABF655A40502E71FA4E4A4557054639B5A314FA5FCD4EF39C349717C96DBB28787FB905EA8C00C9F41325A62F9D65F5AD6EDCE89D495B
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:.........&f.e.....h.....i.....j.....k.....l.....n.....o.....p.'...q.-...r.9...s.J...t.S...v.h...w.u...y.{...z.....|.....}...........................................................................................'...........N.................4.......................x...........B.....`...........#.....d.....z.........../.....[.....o...........:.....n.................W.................3.........................................7.................1.....D...........A.................8.................0.............................U.............................g......................._.......................g.......................a.......................M.....y.................E.....y.................t.................'.....s.................. ....P ....q ..... ..... ....F!.....!.....!....."....n"....."....."....A#.....#.....#.....#....!$....o$.....$.....$....9%.....%.....%.....%....p&.....&....4'....J'.....'....@(.....(.....(.....)....h).....).....).....)....7*....U*....d*.....*....:+....z+

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\locales\pt-BR.pak

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\fideo-1.0.5.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):553019
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.422317411993779
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6144:mIDWQQNBXBLG5zqyVL5vnXRCrEsRn/Nqs:mIDW45fXZsR/NZ
                                                                                                                                                                                                                                                                                                  MD5:7280F7E10C74EAE8D260D5A0C056D416
                                                                                                                                                                                                                                                                                                  SHA1:41BCE32B33F2523DEDC378C0FBD9D29C38428235
                                                                                                                                                                                                                                                                                                  SHA-256:9E3B3D858800732FC12DA47678959F2A4010A8174EDC89A043F08207CD624267
                                                                                                                                                                                                                                                                                                  SHA-512:73552F80BCFC18A1081CC2FC922FCDF1C986201521244664C5FD2597D142207EE206C1525FB77DC277F30CD950D36E4D54577147D00A2662E87A7726C4B5FFD6
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:.........&_.e.....h.....i.....j.....k.....l.....n.%...o.*...p.7...q.=...r.I...s.Z...t.c...v.x...w.....y.....z.....|.....}.....................................................................................7.....L...........d.................G...................................r.................T.......................I.....s.................0.....b.....{...........o.................k...........".....I.................a.....r...........;.....w.................y.................q...........@.....a.................".....5.................".....1.......................,.................-.....A.......................(.....v.......................P.......................;.......................f.........../.....H.................. ..... ....j ..... ..... ....7!.....!.....!.....!....a".....".....#....a#.....#.....#.....#....F$.....$.....$.....$....J%.....%.....%.....&.....&.....'....Y'....o'.....'....p(.....(.....(....I).....).....).....)....#*....o*.....*.....*.....+.....+.....+.....+....P,

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\locales\pt-PT.pak

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\fideo-1.0.5.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):556956
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.396294040506762
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6144:yEI01/wed/CLv6/CieJVJJxhF7KTcfV7Z5Ij6ySRDi:UKI3L1Z5IjFSRe
                                                                                                                                                                                                                                                                                                  MD5:9FCD3493A629B2BF244C1470A56DB5A1
                                                                                                                                                                                                                                                                                                  SHA1:28F020B31F224C32124230130A87B5077B70755D
                                                                                                                                                                                                                                                                                                  SHA-256:0EEA90A5B2B7B5D5F8B426CE77562FED82A709E38D2E47F6DC3A96D65B674D81
                                                                                                                                                                                                                                                                                                  SHA-512:9882B7207B7BCBBA1E3D2921386B70A6BB06AB916D8C53B8578AAF644A37B4E38CD92B13A00D3F3168E68E932DF5E7B4D18F5A997EF46E82CA7C8564E0895630
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:.........&F.e.....h.....i.)...j.5...k.D...l.O...n.W...o.\...p.i...q.o...r.{...s.....t.....v.....w.....y.....z.....|.....}............................................................. .....%.....8.....I.....^.....p.............................k.................0...........8.................2.......................W.......................6.......................P.................).................W.....w...........C.......................X.......................~.................Z...........4.....O.................0.....H................. ...../.......................;.................;.....O.................8.....D.............................i.......................P.......................c........... .....2.................. ....& ....e ..... ..... ..... ....A!.....!.....!.....!....T".....".....#....2#.....#.....#.....#.....$....d$.....$.....$.....$....o%.....%.....&....(&.....&....0'.....'.....'....!(.....(.....(.....(....v).....).....*....:*.....*.....*.....*.....+....x+.....+.....,

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\locales\ro.pak

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\fideo-1.0.5.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):576470
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.451860588973451
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6144:GuC1GHLiqYkXb21WgAbyFohxwdNijkHGpq5Q5+U6Ys2tE/bBO3:GuCgmqYkXb2ZAGFo3wSACq5QcUXE/Y3
                                                                                                                                                                                                                                                                                                  MD5:15DCB56E5A1BBCF32F6503D63B88DD16
                                                                                                                                                                                                                                                                                                  SHA1:D234839AFF1E18845488F47F04B7568E226C3124
                                                                                                                                                                                                                                                                                                  SHA-256:F360247BE07A19A0A5A2F4A46195AB2411EA3F634E86CD884EF59FA60E9B6B7B
                                                                                                                                                                                                                                                                                                  SHA-512:62B7E37F2BD9A3977ACE1D19FDFA76BF764719E670C2C0E887BFDDE5B132A3ABEDCBAADBEDA28883A5A464B0CFD9F2D9EF5BF85AA07F4DDB2156F516944E4CC9
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:.........&f.e.....h.....i.....j.....k.....l.....n.....o.....p.'...q.-...r.9...s.J...t.S...v.h...w.u...y.{...z.....|.....}.......................................................................................................3.......................h.................B................./.................X.....w...........#.....M.....Y.................(.....<.................V.................u.................R.........................................).................=.....W...........g.................B.............................Z.......................1.....X.....h...........!.....S.....h.................J....._.................-.....=.............................l...................................O.....i.................".....8........................ ..... ..... .....!.....!.....!....."....P"....."....."....%#....B#....X#.....#....4$....o$.....$.....$....N%.....%.....%....#&.....&.....&.....'.....'.....'....C(....k(.....(....A)....z).....).....)....0*....T*....j*.....*....P+.....+

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\locales\ru.pak

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\fideo-1.0.5.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):946457
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.831558016671315
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12288:K9KfQjRo4YSWKCx/KHizJ9ZF1WAaWlapqSvDs/uTXb3YHVeXN2hVO3j/LSbzvMPg:KMz25g3sm
                                                                                                                                                                                                                                                                                                  MD5:2F1049F32E34EB737BADB4AF9DA7E326
                                                                                                                                                                                                                                                                                                  SHA1:8BC78ABCB3749C01F74E6AA5C888B14EB1B268C5
                                                                                                                                                                                                                                                                                                  SHA-256:0AA1216F5E7178E1BEE0F2BC9695868765C944CA9EFD9FA56BA07B5F65A71F1B
                                                                                                                                                                                                                                                                                                  SHA-512:0CCD9A563DCEB4BB646314278FD2CB408FD8CF77751895F1C7C7583A53258F8E47DD44D3E582ECD76FECEBE721D3851E1457FF89484C5CA4B1F01845CD31AEE9
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:.........&..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v. ...w.-...y.3...z.B...|.H...}.Z.....b.....g.....o.....w...................................................................................W...........0...........2.....S.....5...........t...........0................./.............................i.............................a.............................5.....o.....(.................B...........z.......................u.........................................n.................H...........; ....n ..... .....!....z!.....!.....!....X".....".....#....+#.....#....\$.....$.....$....\%.....%.....&....%&.....&...."'....['....x'.....'....Y(.....(.....(.....).....*.....+....7+.....+....3,....h,.....,.....-....Y-.....-.....-....*...........2/....K/....?0.....0....=1.....1....*2.....2.....2.....2....y3.....3....54....p4....35.....5.....6....E6.....7.....7....M8....r8....}9....A:.....:.....;.....;....C<.....<.....<....&=.....=.....=.....=.....>....x?.....?

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\locales\sk.pak

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\fideo-1.0.5.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):594641
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.81367954238106
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12288:1Q+gClqsxkldrM8ixiq8U5nH7wM6IzWTjPxt9cU:+ClqsA/iF5bwcGtWU
                                                                                                                                                                                                                                                                                                  MD5:7773015ADBFD66D42B4A9CB11A29A7D4
                                                                                                                                                                                                                                                                                                  SHA1:BD96538A2FF6C8884A545A7B10495107FC1F8395
                                                                                                                                                                                                                                                                                                  SHA-256:BFD5B52A544428C5AAA4F418903610F1373C808C20110C145D95B34C51C7CF80
                                                                                                                                                                                                                                                                                                  SHA-512:E8ABCEFFFF4FE1B6B1957AD99288BCF562FED2CCAA8EC20EE369FC5D50A3FAD1EE823045860AD1028503F4DC730C5E816861BA5B2E0417433000DBE2DB6BE795
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:.........&c.e.....h.....i.....j.....k.....l.....n. ...o.%...p.2...q.8...r.D...s.U...t.^...v.s...w.....y.....z.....|.....}...................................................................................................................$.................7.....E...........d.................8.......................X.......................^.......................t.................(...........B.................2.......................o.................'.................m...................................w.......................\.......................U.......................W.................'.................9.....J.................<.....I...........-.....e.....x...........L.................+ ..... ..... .....!....f!.....!.....!.....!....D"....."....."....."....7#.....#.....#.....#....k$.....$.....%....R%.....%.....%.....&....,&.....&.....'....1'....G'.....'....9(....~(.....(....;).....)....9*....N*.....*....<+....v+.....+.....,....h,.....,.....,.....-....Z-....|-.....-..................

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\locales\sl.pak

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\fideo-1.0.5.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):570310
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.483894833668148
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12288:vrWxzCkR/PcB2e+ojNK5eVfnWJUU+i/fzurqc:Cxmq/o/NK5eVf1i/fzuN
                                                                                                                                                                                                                                                                                                  MD5:33AA83936F6FC0EAD34F2D89A3F6D3CE
                                                                                                                                                                                                                                                                                                  SHA1:7E3A1DF02DAA63760E689F4A4BD6FB47FD888DE8
                                                                                                                                                                                                                                                                                                  SHA-256:F7539DF33EA860BC42A76047FA4FA0DC75044DF6D602F8735C9ACFA5D7995198
                                                                                                                                                                                                                                                                                                  SHA-512:F37979E94063EF24897657E33D3AAB5CFE6258E071CBEF13AC01DEE1647353071F7E269F986D45E750013CDE5ECF69599E94DD27FCD097CAFA7054684018A684
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:.........&{.e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s. ...t.)...v.>...w.K...y.Q...z.`...|.f...}.x...........................................................................................................o................._...........................................................*.............................x...................................&.....L...........9.....u.................t................./.......................d.............................G................. .....t.......................U.....x.................D.....m.................c.......................z.................5.......................Y.......................Z.......................i.................-.................. ..... ....u ..... ..... .....!....l!.....!....."....."....."....."....4#....f#.....#.....$....6$....L$.....$...."%....S%....g%.....%....8&....w&.....&....3'.....'....K(....d(.....).....).....)....'*.....*.....*....2+....B+.....+.....+.....,.....,.....,.....,....1-

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\locales\sr.pak

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\fideo-1.0.5.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):879894
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.76137714695414
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12288:tdn6r7QnzIWUISuGSDd5S0Gj+uJPPX5YaEsuexNHgb374Vebd/k/q:td6qPURX57uIG
                                                                                                                                                                                                                                                                                                  MD5:449AD5559D52DF02F3474E2FA4272A7B
                                                                                                                                                                                                                                                                                                  SHA1:DA675FB589E5B872F61A18FAC70A3D3BD03B16FC
                                                                                                                                                                                                                                                                                                  SHA-256:3AED83391C97CE05AAB07239D0CBFE5A2B596D7A3BEC39DBEBCED4E43704B8B7
                                                                                                                                                                                                                                                                                                  SHA-512:6AF98BD5D58F73FF9724D171D56A6B844EBC01874765F1B322630B6B5571882511C2AB371DEB941BB71466E18502EB81F7082D9F7ABA4DDB358FC3B274DE341C
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:.........&^.e.....h.....i.....j.....k.....l.....n.'...o.,...p.9...q.?...r.K...s.\...t.e...v.z...w.....y.....z.....|.....}...............................................................................?.....d.................N.......................k.............................T..........._...........y...........U...........0.....O...........R.............................q.................j...........7...................................r...................................I.....U.....- ..... .....!.....!....."....B"....d"....."....i#.....#.....#....R$.....$.....$.....%.....%....{&.....&.....'.....'....5(.....(.....(....<).....).....*.... *.....*....=+.....+.....+....I,.....,...."-....C-................:/....d/...../....j0.....0.....0....i1.....1.....2....E2.....2.....3.....3.....3.....4....T5.....5.....6.....6.....7....P7....}7....?8.....8.... 9....M9....,:.....:....-;....^;....K<.....=.....=.....=.....>....f?.....?.....@.....@....eA.....A.....A....cB.....B.....C....)C.....C.....D.....E

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\locales\sv.pak

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\fideo-1.0.5.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):513761
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.542596101087531
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6144:0qvFK1jOrdxwEaqqbCAxLUxlsWG4RFcz9RtGdJ2qF4ivMJSO8DE/xJuZpV5YiUr4:0hOdxwbCd95srSQEV
                                                                                                                                                                                                                                                                                                  MD5:F4E50EA270EC5579D0E14D9554FCD85A
                                                                                                                                                                                                                                                                                                  SHA1:C912C576549DBC1B82DC891E7A0743BD2E2463DB
                                                                                                                                                                                                                                                                                                  SHA-256:99A330EBEB222556D96D087E27158707CEB5B9050DB5FF0EA09CDC2B0137E6BB
                                                                                                                                                                                                                                                                                                  SHA-512:E687DB806A3C984049DAFE646B6560C2002833B38F74D956B54DA60C1B9C0EC5205A6B743D9A8B54B2D9E61849C6A416810E145FB97483782121189FA934DBBD
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:........x&..e.^...h.f...i.w...j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|. ...}.2.....:.....?.....G.....O.....W.....^.....e.....l.....m.....n.....p.............................?.................#.................4.....E...........D.......................}.................&.......................&.......................@.......................~...........6.....V.................?.....N...........,.....j.....z...........v.................r...........`.................".....A.....T.................(.....6.............................}................./.......................'.............................o.......................f.......................q..............................................._.......................1 ..... ..... ..... ....)!.....!.....!.....!....V"....."....."....."....E#.....#.....#.....#....C$.....$.....$.....$....^%.....%....@&....T&.....&....@'....{'.....'.....(....m(.....(.....(.....(....J)....h)....v).....)....4*....c*

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\locales\sw.pak

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\fideo-1.0.5.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):541714
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.340837548294858
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12288:e94aI3RfflncfD5WBqMCBfRd8FU1bQWNs4METOIQp2QVLKhzgKy5yvTCs0LMMkJx:2HI3Vf/5ml
                                                                                                                                                                                                                                                                                                  MD5:D3AE31B63EB14FC353B6E8B872D266F8
                                                                                                                                                                                                                                                                                                  SHA1:011647736EA51490CD7CCD49433F4529B708CCBE
                                                                                                                                                                                                                                                                                                  SHA-256:462809F4337C1D6511D53E496937828ED07D64E7144954DA794C36584C94B543
                                                                                                                                                                                                                                                                                                  SHA-512:AAD3C37BEAF1224478214623F95A549B6167D1D061BAF6C2E2ADF8B8D034E44E8BC4A1E9409533F2830EC3BDB06208A1E144BBC4E3CE2A6CFC6BC82002D32B04
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:.........&i.e.....h.....i.....j.....k.....l.....n.....o.....p.....q.#...r./...s.@...t.I...v.^...w.k...y.q...z.....|.....}...........................................................................................&.........../.......................i.................9.......................r.......................d.......................H.......................M...................................O.....l...........9.....x.................;.....n.....|...........C.....}...........!.......................s.......................I.............................V.....}.................l.......................v...............................................p.......................f.................!.......................M.......................R.......................j ..... ..... .....!.....!.....!....+"....]".....".....".....#....1#.....#.....#.....$.....$.....$.....$....@%....c%.....%....]&.....&.....&....C'.....'.....'.....(.....(.....)....G)....^).....).....*....I*....l*.....*....T+.....+

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\locales\ta.pak

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\fideo-1.0.5.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1404121
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.037061307244584
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6144:T7IDhn9dvYUVLK9VHPAQF5isBtRdjtm1vYpiMyp:T0DDNYAYhPxF5isTtm1vYpiMyp
                                                                                                                                                                                                                                                                                                  MD5:52EE28471F2F9D01EF3F57233496554B
                                                                                                                                                                                                                                                                                                  SHA1:ABD7DD9989FAC90636626A41F007EB6AA5EC7A2E
                                                                                                                                                                                                                                                                                                  SHA-256:1CEBAC8D758298ED2763E62B9BDFB17351831E691FF3E1BA85252C9A66D66242
                                                                                                                                                                                                                                                                                                  SHA-512:AF2E9593FAF60319244C90E9C06604DD3830705F14C18CD380DC2338AAA0C1E137BF751603AB9BEAF7F1783839F83BCD4FDA357B7CEBC66EE94155D560B6F691
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:.........&..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v."...w./...y.5...z.D...|.J...}.\.....d.....i.....q.....y...........................................................9...........5.................I.............................M.............................J.............................t.................q.................7.....;...........&...... .....!.....".....#....#$....9%.....%.....&....`'.....(....+)....\).....*.....,.....,....4-.........../.....0....=1....@2.....3....]3.....3.....4....n5.....5.....6.....6.....7....*8....^8.....9.....:....%;....q;....h<....Y=.....=.....>.....>.....?....X@.....@.....A....oB.....B.....C.....D.....E.....E.....E.....G...._H....;I.....I....zJ....bK.....K.....L.....L.....M.....N....kN....@O....)P.....P....AQ....jR....xS.....S.....T....XU.....V....nV.....V.....W.....X.....Y.....Y....P[....c\....D].....]....._....ka.....b.....c....id....ve....5f.....f.....h....;i.....i....Lj....Pk....=l.....l.....l..../n....^o.....o

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\locales\te.pak

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\fideo-1.0.5.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1295502
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.292578254345873
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12288:AJlpcT7U7McKNOJI0ydc6dwIIRT5EbNQ8W8thBk3p1FZ5Kitlb2wsXgy3PiorOTu:azI7cmT5D+Hti
                                                                                                                                                                                                                                                                                                  MD5:3A71904057869C23D1BC108F1E8D0D31
                                                                                                                                                                                                                                                                                                  SHA1:6FB6E60C80BC332A2BB66D02A1E3DB69961A9C41
                                                                                                                                                                                                                                                                                                  SHA-256:8264244C6DE861817F5B19CEF282844A18ED8CB7D4E059451489652749FE931E
                                                                                                                                                                                                                                                                                                  SHA-512:7248058B2D357C4A8B9C2E95D580A2000A96D9A5ADB0B822ADEEBA5C4422E08CC12EF84B9B9A627A1F6CD07A08698EC000510885D14D64AFD40C6E8D69376022
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:.........&S.e.....h.....i.....j.$...k.3...l.>...n.F...o.K...p.X...q.^...r.j...s.{...t.....v.....w.....y.....z.....|.....}.........................................................................K...............................................F.....8...........!.............................#.....<...................................).....8.........................................h...........) ..... ....U!.....".....#.....$....V$.....%.....&.....'....\'.....(.....).....*.....+.....,................N/....90.....0....>1....s1.....2....a3.....3.....4....!5.....5....Q6.....6.....7.....8....]9.....9.....:.....;....?<.....<.....=....w>.....>..../?....N@.....A.....A.....A.....B.....C....ID.....D.....E.....F....yG.....G.....H....nI.....I.....J.....J....pK.....K.....K.....L....WM.....N....PN.....O.....P....7Q.....Q.....R.....S.....S....1T....qU....OV.....V.... W....kX....#Y.....Y.....Z.....[....g].....^.....^....[`....la.....b.....b.....c.....d....fe.....e.....f.....g.....g....0h.....i.....j....3k

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\locales\th.pak

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\fideo-1.0.5.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1088236
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.336969874052359
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12288:ho5WEVQN9LyZYAPTJz1L/L1XLJ7sgU6yaiW+v/K5U/afL3fgj80RUIwunRHpG4L0:C5W8+56Np
                                                                                                                                                                                                                                                                                                  MD5:879A881174501E22C3DE65B9F80BC19B
                                                                                                                                                                                                                                                                                                  SHA1:A2E020D5ED1BE7DEE50A495A2F8581E751CBF735
                                                                                                                                                                                                                                                                                                  SHA-256:647AD394E92E7610BD0F6C4E08D28748408FCD5A816A35E4622EA7F71CFA7A9D
                                                                                                                                                                                                                                                                                                  SHA-512:B8961A90036B94340283237DA57659CC277E65E545764251F7D3E406DC5F70C9AE29366184D0AA8831AAA0A7CB5C12FF825078BB87528606CAE223FBA58C73D3
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:.........%F.e.....h.....i. ...j.+...k.:...l.@...o.H...p.U...q.[...r.g...s.x...t.....v.....w.....y.....z.....|.....}.........................................................................!.....E.....o...............................................,.............................4.....s.................).....z...................................&.....n.................e...........N.....E...........V...........u.............................2.......................@.................. .....!.....!.....!....."....o#.....#.....$.....$....z%.....%.....&.....&....d'.....'.....'.....(....l).....).....*.....*.....+.....,....$,.....,.....-..........8............/...../...../.....0....}1.....1.....2....23..../4.....4.....5.....5....Z6.....6.....6.....7.....8...._8.....8....49.....9.....:....K:....k;.... <.....<....&=.....=....;>....r>.....>....w?.....@....`@.....@.....A.....B.....B.....B.....C.....D....hE.....E.....F.....G.....H.....H.....I.....J.....K....DK.....K.....L.....L.....M.....N.....N....nO

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\locales\tr.pak

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\fideo-1.0.5.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):552876
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.6111056491144335
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12288:sSqYoqN+u4HzNs7DxqoOF1h1/Xl35M7Je:sSvEuCXl35EJe
                                                                                                                                                                                                                                                                                                  MD5:67C502D240B018FBF93C83AC04350F2D
                                                                                                                                                                                                                                                                                                  SHA1:0A4AF68147BA51FFE67E480BCE2A34F4C1618E62
                                                                                                                                                                                                                                                                                                  SHA-256:4F4F9B81C22AAAD9C2E2383ACC8D968BBF1D8088C2ABAC05BF64F262111615DC
                                                                                                                                                                                                                                                                                                  SHA-512:8942B33910CE97A95AC40F224EA21FF8EFCC620523AA6B82E92027BB43E04E95B37CFE2B0ED45B385D8B0A9D8AB06E6BDD7A297A98402CA70C64F0C31689444D
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:.........&3.e.6...h.>...i.O...j.Y...k.h...l.s...n.{...o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.........................%.....-.....4.....;.....B.....C.....D.....F.....^.....t.................7.................,.................5.....F...........?.......................c.......................Z.......................F.....s.................U.................+.......................a.......................`.......................m...........!.....9...........+.....p.................H.....r.................M.....|.................I.....w.................R.......................e.......................n.......................i.......................j.................4.................................... ....& ..... ..... ..... .....!....c!.....!.....!....."....v".....".....#....=#.....#.....#.....$.....$....{$.....$.....$.....%.....%.....%....,&....F&.....&.....'.....(.....(.....(.....)....e).....).....*.....*.....*.....*....X+.....+.....+.....+....o,.....,.....-

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\locales\uk.pak

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\fideo-1.0.5.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):946067
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.863691823580253
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12288:bjdDJ5IMlw3fmIsSr+Oh7+4w0ZZDSIHmBm5eB3IjCHA3rrUkcuhLNiXEvqbz1TX:fHXK15Prw
                                                                                                                                                                                                                                                                                                  MD5:779089A85EFDA6D21A62B152FF521D53
                                                                                                                                                                                                                                                                                                  SHA1:A35A8E0774546ED50AC002D57121F8D7FF29B721
                                                                                                                                                                                                                                                                                                  SHA-256:FE35828CBA11F536859E7693821D1E43AB1D89C385CFC49616859684D663D470
                                                                                                                                                                                                                                                                                                  SHA-512:E02D370FDBCDE1DA0A6EEF8F0C2D63CF4DA2239F66494DA06C49B401450BBBABA93CC0B3B1B11FAD3DE71144DF99A2D8F158015B87D9087A85A4E09691C944B9
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:........`&..e.....h.6...i.G...j.S...k.b...l.m...n.u...o.z...p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}...............................'...........5.....<.....=.....>.....C.....`.....y.............................&.....X.......................1.................1.....a.....<...........0.............................+...........X.............................m.................T......................._.......................".................f...........~................._........... ............ ....J ....} .....!.....!.....!.....!....n"....."....$#....C#.....#.....$.....$.....%.....%....:&.....&.....&....2'.....'.....(.....(.....(....()....n).....).....*.....*.....*.....+.....+.....,....`-.....-....+................../...../...../.....0....00.....0.....1.....2.....2.....3.....3....>4.....4....F5.....5.....5.....6.....6....>7.....7.....7.....8.....9.....9.....9.....:....~;.....<....D<....%=.....=....o>.....>....`?.....?....F@....i@.....@....pA.....A.....A.....B....NC.....C

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\locales\ur.pak

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\fideo-1.0.5.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):828391
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.142026440526027
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12288:VXiP4WLa3w8PYsR5Nimy0ciU55eOmEhuCEO5xlKQYrbYOwadcJKwUSu9co/9Njjw:VX8wI50Cs4
                                                                                                                                                                                                                                                                                                  MD5:FB978B7D211112A0774CE09CA54CA96F
                                                                                                                                                                                                                                                                                                  SHA1:FB0C69801230437DCD20E3803DB81EE60FC042B0
                                                                                                                                                                                                                                                                                                  SHA-256:60310F9A3457FAE0395B447A30646211EF4160BA84BD7C36D291AF4C8EC2B79A
                                                                                                                                                                                                                                                                                                  SHA-512:ABDE8D79F46B27E0E315034025837A3126D6E5D2BC52504D49C946FE96828BD9B20CC4A5C05283FB9F8813E6820A28249CFD68B30CB27FBA216970C16ECC8D44
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:.........&u.e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.%...t.....v.C...w.P...y.V...z.e...|.k...}.}.........................................................................................3.................D.....k.....'...........7.....[.....:...........v...........^...........e...............................................c.........................................e.......................?.................`...........\.....y.....L.............................W.............................5.....]...........H ..... ..... ....!!.....!.....!.....!.....".....#....\#....z#.....$.....$.....$.....%.....%.....&....b&....~&.....'....z'.....'.....'....e(.....(....3)....O).....*.....*....<+....g+.....,....w,.....,.....,....m-.....-.....-....)...........0/....v/...../....^0.....0....Z1.....1....(2.....2.....2.....2.....3..../4.....4.....4....y5.....5....s6.....6....t7....(8.....8.....8.....9....`:.....:.....;.....;.....<.....<.....=.....=....!>....f>.....>....8?.....?.....@

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\locales\vi.pak

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\fideo-1.0.5.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):655225
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.787365145796892
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12288:ewR274E36+cywJ2roEsGV63wueX0bxzn4xs/FgGhx5a8hI+8qiOcLziKHhv0Zit7:ewRn+cywJ2pVPuS0bxwvo5a8u+OOcfii
                                                                                                                                                                                                                                                                                                  MD5:9DA50DF23181F5C2036DD20E2490111C
                                                                                                                                                                                                                                                                                                  SHA1:06A9C9F4C7E820DF7743A4B0B6326CE538140CB7
                                                                                                                                                                                                                                                                                                  SHA-256:6E771FE02EC40375844C17C5B60389EBD46089864C24DF7FE9755EA916DE9469
                                                                                                                                                                                                                                                                                                  SHA-512:16D2AAF019810E3BFE000B73F5CAD3C52C225D9DEBB43AED15DF60F3995CBBA66EEE44DE675D642E8BBAAF51BD1C2925078191D2954A0CD4A3DE4CFC1151E05F
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:........S&..e.....h.....i.6...j.B...k.Q...l.\...n.d...o.i...p.v...q.|...r.....s.....t.....v.....w.....y.....z.....|.....}...........................................$.....+.....,.....-...../.....@.....Q.....z...........O...........p.........................................E.................Z...........'.....@.........................................).....<...........[.......................;.................d...........A.....S...........R.................Z...........?.....g.......................G.................B.....a...........A.....k.....|...........\.................+.......................q.................$................." ....1 ..... ..... ....-!....;!.....!.... "....^"....p".....#.....#...."$....@$.....$.....%....j%.....%.....&....^&.....&.....'.....'.....'.....'....~(.....)....z).....)....D*.....*.....*.....+.....+.....,....<,...._,.....,....Y-.....-.....-....x....../...../...../....g0.....1....e1.....1.....2.....2.....2.....2....A3.....3.....3.....3.....4...."5....v5.....5

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\locales\zh-CN.pak

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\fideo-1.0.5.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):471962
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.6711722500210895
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6144:U6mVxHvFKkoEtB2HwWzv9O7F56SbRfI1DZ59x6m4kIk1Nd9Mlz:U3fLoEtBUfzlc56SbRfKZ53b4kIkz4
                                                                                                                                                                                                                                                                                                  MD5:271D3A6DACE38055212286D872596283
                                                                                                                                                                                                                                                                                                  SHA1:A660D98324966A9F76DABF8E3BF565363323D4CC
                                                                                                                                                                                                                                                                                                  SHA-256:EA08C31A5D4E6AAFBC5B657C5960135E64506593729FDB759874E55876580666
                                                                                                                                                                                                                                                                                                  SHA-512:D7BBB76A2B601B925D3BFC2D91534B0876459CEC6C8BE859ADF4890D68C2FF7DC882B0670976AA0FB2B1FC83C026EB8446476E8AFE443B2788928944A2CE1FB7
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:........"&..e.....h.....i.....j.....k.....l.....m.....o.....p.....q.....r.....s.....t.....v./...w.<...|.B...}.T.....\.....d.....o.....w.......................................................................m...........N.....`.................C.....O.................P.....b...........!.....c.....x........... .....F.....R.............................}.......................}...........(.....:.................*.....7.............................p.......................w.......................z.......................;.............................I.....i.....x...........C.......................7.....`.....l.................L.....X.................#...../.........................................0.....D.............................m......................._.......................B.......................1.....t.......................S.....|............ ....P ..... ..... .....!.....!.....!.....!....S".....".....".....#....b#.....#.....#.....#....2$....y$.....$.....$.....%....Z%.....%.....%.....&

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\locales\zh-TW.pak

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\fideo-1.0.5.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):466903
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.682472885458438
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6144:zKOBV6L33vWecZM1uJJVI23uNw+H05exvnknN+nHE/ehTq:dV31ZM8Qw+H05exvn2Ok
                                                                                                                                                                                                                                                                                                  MD5:E302E1102F3F5A21860F38F41B3C30F8
                                                                                                                                                                                                                                                                                                  SHA1:78B5D1C451CF674A7641DFCC815F966FC920CF57
                                                                                                                                                                                                                                                                                                  SHA-256:D4033CB3264C7C4CD2636EA2A202421650C449E5BFB10F29949E4C44E91CA93B
                                                                                                                                                                                                                                                                                                  SHA-512:1F96B197EB7AE6B7983ED38D4CE33EA0C845FFE527FEDFBC9E53A6009871DD3C39084A04CD1D43FD6DD24E7F26E3EC4845D4225DF828DE0B9BA346CBC98EFEA4
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:.........%!.e.Z...h.b...i.s...j.w...k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.!.....)...........6.....>.....E.....L.....S.....U.....Z.....c.....o.....~.................}................. .....u.......................j.......................^.......................E.....n.....z.................7.....D.......................4................. .....5.......................#.....v.......................e.......................{...........#.....5.............................3.............................J.....m.....|...........$.....M.....Y.................*.....6.......................%.....w.......................O.......................@.......................6.....|.......................B.....\.................@.....R.................0.....S.............................T.......................?.......................H............ ..... ..... ..... .....!....4!.....!.....!....."....."...._".....".....".....".....#....l#.....#.....#.....$....^$

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\resources.pak

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\fideo-1.0.5.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):5547935
                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.996102656221783
                                                                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                                                                  SSDEEP:98304:sw9bNj3g7RkPe04srtXK5EmiJQCM8TVK5M/AyrwreSjujBrTAVD:bbNTgtk1rlKaVKckreSjuxTK
                                                                                                                                                                                                                                                                                                  MD5:FAAAE22BE956A82B46D9C6015A115D4C
                                                                                                                                                                                                                                                                                                  SHA1:F63BC8823E446AAF10A5B9076F78C9AEAD4EEC70
                                                                                                                                                                                                                                                                                                  SHA-256:7EDD5BA39F47CF404A9F935340CD9B8DBB2525F46CF342E0F4BDD2B4A0D492EF
                                                                                                                                                                                                                                                                                                  SHA-512:30A07986042A7A8484BC545F2F328D090909CA860F85772A9242CC91AE0395475A571C7F215234B3E24257C628BC3E086649C07429C9E7BBBA5039B0480457FD
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:............f..!..{..,..|.`/..~..2....oE.....G......................T...........?.....h.................*...........a..........@^....@.....@.....@"....@.....@.....@Q....@G%...@O)...@.)..eA.)..fA.-..gA./..pAN4..qA.>..rA.L..xAgm..yA.n..zAHo..|A.o..}A.u..~A.{...A2k...A.U...A.f...A:h...AJl...A.n...A.t...A.z...A.....A.....A....A-....A.....A(....Aa....A.....A.....A.....A.....H....AH8...BH....CHE...DH<...EH.....M.*...MZ5...M.=...M^A...MDD...M.N...M.P...M8Q...MuR...M.....M.....N9w...N.y..._....._....._....._....._D...._....._....._E....`m!...`t&...`.+...`.:...`}=...`)B...`.C...`XE.."`.F..#`.I..$`.N..%`.Y...`m`...`.i...`.n...`Vu...`v....`....`\....`,....`.....`D....`.....`.....`.....`.....b.....b@....b....>.u...?.....@.....A.c...B.....C.....D.....E.....F.....G.V...H.....I.l...J.r...K.D...L.d...M.....N.....O.B...P.I...l.&...m.`...o.....p..#..q..$..s..1..t.b4..u..=..v.%A..w.....x..N..y.Tg..z..i..{..j..|..m..}..o..~..p.....t....={......... .....................}....;....I....M........2...

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\resources\app-update.yml

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\fideo-1.0.5.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):91
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.448783814021097
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:ohFDukNeANT0QERSWQnQ2kC8:ov/eYpfWQnZk
                                                                                                                                                                                                                                                                                                  MD5:9A57EF6841FA6AA806B840B058B71A13
                                                                                                                                                                                                                                                                                                  SHA1:E873C828DAFB721D542080A8B019246491B8BD5F
                                                                                                                                                                                                                                                                                                  SHA-256:38AACF322CED88477A501D7B7E553CBAFA90FA00DF931EC64AC5E7E60D1CD7FD
                                                                                                                                                                                                                                                                                                  SHA-512:C9DB720D84829A435F7220239026AE00EE70F143CD473D218A816511CEF96A1A32B70498C1E8AD5034E82408C9591CF78E64098515F944AA3FA9D7C5FBBE827C
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:provider: generic.url: https://example.com/auto-updates.updaterCacheDirName: fideo-updater.

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\resources\app.asar

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\fideo-1.0.5.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):55561214
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.517516796718792
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:98304:gsukmN9N7mtZDJsnq+AxrUwD6Bk9JE0loh7TpoD9S0metEeoE:ge6jUGnWloh7TpoD9SGtEeoE
                                                                                                                                                                                                                                                                                                  MD5:632C1F53C9EE2C44BF2C11780C5C40A3
                                                                                                                                                                                                                                                                                                  SHA1:5B92C263BE92C5874388EF58333030C92E739306
                                                                                                                                                                                                                                                                                                  SHA-256:88AE70761CA7A4376C858FEAD020FE26279E3124DEF99C62336F621701517632
                                                                                                                                                                                                                                                                                                  SHA-512:74B7E6D325AA04C24259C479A4E2DFF9CA827842CC14222819BCB3B7527D25F7458AD42C742BFBC38C119F7ED5FC7E0A6719DDDC260F7A0980762EE8F657D0B1
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:....L...H...D...{"files":{".nvmrc":{"size":9,"integrity":{"algorithm":"SHA256","hash":"e95f12165d41e65d4108e8539ff14375d39d0106b0146cd824f261a32b3ff4b1","blockSize":4194304,"blocks":["e95f12165d41e65d4108e8539ff14375d39d0106b0146cd824f261a32b3ff4b1"]},"offset":"0"},"LICENSE":{"size":35184,"integrity":{"algorithm":"SHA256","hash":"6f1e622c82a380075843bb084a7ec3b1f1d12a4a02526d75e78b0924a860aa75","blockSize":4194304,"blocks":["6f1e622c82a380075843bb084a7ec3b1f1d12a4a02526d75e78b0924a860aa75"]},"offset":"9"},"README-CN.md":{"size":5865,"integrity":{"algorithm":"SHA256","hash":"d5fb1d0ed10455121e4a713fe27bc2fa6d5771e15ce5540acd0dcfae42fbe59b","blockSize":4194304,"blocks":["d5fb1d0ed10455121e4a713fe27bc2fa6d5771e15ce5540acd0dcfae42fbe59b"]},"offset":"35193"},"components.json":{"size":380,"integrity":{"algorithm":"SHA256","hash":"592ae228c6ec1095453a92275cbe2da882bdb4b17d6aeb0f7aa65843479811ed","blockSize":4194304,"blocks":["592ae228c6ec1095453a92275cbe2da882bdb4b17d6aeb0f7aa65843479811ed"]}

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\resources\elevate.exe

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\fideo-1.0.5.exe
                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):107520
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.442687067441468
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3072:1bLnrwQoRDtdMMgSXiFJWcIgUVCfRjV/GrWl:1PrwRhte1XsE1l
                                                                                                                                                                                                                                                                                                  MD5:792B92C8AD13C46F27C7CED0810694DF
                                                                                                                                                                                                                                                                                                  SHA1:D8D449B92DE20A57DF722DF46435BA4553ECC802
                                                                                                                                                                                                                                                                                                  SHA-256:9B1FBF0C11C520AE714AF8AA9AF12CFD48503EEDECD7398D8992EE94D1B4DC37
                                                                                                                                                                                                                                                                                                  SHA-512:6C247254DC18ED81213A978CCE2E321D6692848C64307097D2C43432A42F4F4F6D3CF22FB92610DFA8B7B16A5F1D94E9017CF64F88F2D08E79C0FE71A9121E40
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B..O..............h.......j.q.....k.....e......e......e.......zR........._...h......h.f.............h......Rich....................PE..L......W............................l........0....@.......................................@....................................P.......x.......................T.......p...............................@............0..$............................text............................... ..`.rdata...k...0...l..................@..@.data...............................@....gfids..............................@..@.rsrc...x...........................@..@.reloc..T...........................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\snapshot_blob.bin

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\fideo-1.0.5.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):310242
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.161810487378126
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3072:9639kvvDaxLwqU1pedJ/sK6VrKe5VtZW1P3BU5qt5IiVboVKdc4:962vvKwqIu+KgV0PRU5qticrdc4
                                                                                                                                                                                                                                                                                                  MD5:992E259022188E100AA66762225A4AA0
                                                                                                                                                                                                                                                                                                  SHA1:6FBB690E50D308A7098E3625916821FAE4B278D0
                                                                                                                                                                                                                                                                                                  SHA-256:6378EE7A9940A671487D071935689CA451ABD87D75FAFF99568653EB9492A7D9
                                                                                                                                                                                                                                                                                                  SHA-512:44947B5A37D04C06D52E47285A2AB8C68227F30A516BE3D6EB45E733E516450914F97095125843ADFA65A16612D4B7D6BFD80D1CDF148D170015E2572624A54A
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:..........8..*">12.6.228.19-electron.0..........................................PK......R.......:....J....a........a........a2.......ar.......a2.......aN..........b........."..............B..............b.........".............(Jb...,O.....@..F^.A..E.`.....(Jb...0S.....@..F^..`.....H...IDa........Db............D`.....=.D`.....D]D....D`......WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa............L.........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\v8_context_snapshot.bin

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\fideo-1.0.5.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):662053
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.176353842095356
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12288:a97k1vtORkeGWFDjefZeLEYjQAH7mRpA8S:a97k1v42eGWFDjm45LSRpAt
                                                                                                                                                                                                                                                                                                  MD5:6A4C22553F2CAC926F3C3265F7177405
                                                                                                                                                                                                                                                                                                  SHA1:F64C571C2E30772BCADE211ACD8170AB587613C0
                                                                                                                                                                                                                                                                                                  SHA-256:893C922C9A3173B045E5D0A25397F0DB84B42DDC636C76479033642355B275D3
                                                                                                                                                                                                                                                                                                  SHA-512:3B89BB991843CF21DA00CE47FC00A696B36B102E8253836E576EE96E2AC6C2CA40D95EFBF1BADC35019532476354780F576B4E95C60E7250E9DED8729E683EA1
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:.........V..HO..12.6.228.19-electron.0..............................................[.....}D.........:.........a........a........a........ar.......a2.......aN..........b........."..............B..............b.........".............(Jb...,O.....@..F^.A..E.`.....(Jb...0S.....@..F^..`.....H...IDa........Db............D`.....=.D`.....D]D....D`......WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa............L.................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\vk_swiftshader.dll

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\fideo-1.0.5.exe
                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):5475328
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.34130617945581
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:49152:EgQpJ5yZBtfCp00oSO8hCsDsbJQk/tJ4q0nLhII1ytiT45z+WEjNHsRLf7OFJOMM:Un5yZBXLxkf5FJIayx
                                                                                                                                                                                                                                                                                                  MD5:F431481707E31BAC8E3F79F87A5D7D32
                                                                                                                                                                                                                                                                                                  SHA1:21B4FBDC307E5EE3AE889605BD81E42AF3E92EE0
                                                                                                                                                                                                                                                                                                  SHA-256:247E5F67EC12ACCB5FF81378FFBC827F8748125C48094A981773501667D565DA
                                                                                                                                                                                                                                                                                                  SHA-512:BE1C433C19194020094CD6CC0705946C255F98173B64E0CAA40212312346F6B0613B2FBF2D04EE699AF6410FF551A3F2E83BE4E09F7B814AD17620E597CA5C0C
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d.....{f.........." ......A.........@M;...................................... U...........`A........................................p.N.....H.O.P.....T.......R..b............T.......N.......................N.(.....A.@.............O.8............................text.....A.......A................. ..`.rdata........A.......A.............@..@.data.........O.......O.............@....pdata...b....R..d...jQ.............@..@.gxfg....-... T.......R.............@..@.retplne.....PT.......R..................tls....Y....`T.......R.............@..._RDATA.......pT.......S.............@..@.rsrc.........T.......S.............@..@.reloc........T.......S.............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\vk_swiftshader_icd.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\fideo-1.0.5.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):106
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.724752649036734
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:YD96WyV18tzsmyXLVi1rTVWSCwW2TJHzeZ18rY:Y8WyV18tAZLVmCwXFiZ18rY
                                                                                                                                                                                                                                                                                                  MD5:8642DD3A87E2DE6E991FAE08458E302B
                                                                                                                                                                                                                                                                                                  SHA1:9C06735C31CEC00600FD763A92F8112D085BD12A
                                                                                                                                                                                                                                                                                                  SHA-256:32D83FF113FEF532A9F97E0D2831F8656628AB1C99E9060F0332B1532839AFD9
                                                                                                                                                                                                                                                                                                  SHA-512:F5D37D1B45B006161E4CEFEEBBA1E33AF879A3A51D16EE3FF8C3968C0C36BBAFAE379BF9124C13310B77774C9CBB4FA53114E83F5B48B5314132736E5BB4496F
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"file_format_version": "1.0.0", "ICD": {"library_path": ".\\vk_swiftshader.dll", "api_version": "1.0.5"}}

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\7z-out\vulkan-1.dll

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\fideo-1.0.5.exe
                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):961024
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.597521355981211
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24576:kawxZ1onv5Sp+D9R6StDWb36Z5W1DYsHq6g3P0zAk7Mh:BSSApY90IDWb36Z5W1DYsHq6g3P0zAkw
                                                                                                                                                                                                                                                                                                  MD5:06FC27FF4B7C824A1E7066C340104C7C
                                                                                                                                                                                                                                                                                                  SHA1:17460A267187449AE356CD5B6E4BF98711F84704
                                                                                                                                                                                                                                                                                                  SHA-256:73BD51404740F2A7E9A4827FA287C231750EF7E9FAE39736AC4F3C977D1C2E86
                                                                                                                                                                                                                                                                                                  SHA-512:7F47C743536D6F68C5A7F74A674554EAADA6A2D422BF3193B6B26B1E724659AD5C9437A01F6F858FB44ED4558F92D75953E385E7E92CCB394F388BA926DDBD35
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d.....{f.........." ................@........................................@............`A........................................h6..<!...W..P.... .......@..pq...........0..(...............................(.......@............[...............................text............................... ..`.rdata..............................@..@.data....L......."..................@....pdata..pq...@...r..................@..@.gxfg...P).......*...h..............@..@.retplne.................................tls................................@..._RDATA..............................@..@.rsrc........ ......................@..@.reloc..(....0......................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\StdUtils.dll

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\fideo-1.0.5.exe
                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):102400
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.729923587623207
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
                                                                                                                                                                                                                                                                                                  MD5:C6A6E03F77C313B267498515488C5740
                                                                                                                                                                                                                                                                                                  SHA1:3D49FC2784B9450962ED6B82B46E9C3C957D7C15
                                                                                                                                                                                                                                                                                                  SHA-256:B72E9013A6204E9F01076DC38DABBF30870D44DFC66962ADBF73619D4331601E
                                                                                                                                                                                                                                                                                                  SHA-512:9870C5879F7B72836805088079AD5BBAFCB59FC3D9127F2160D4EC3D6E88D3CC8EBE5A9F5D20A4720FE6407C1336EF10F33B2B9621BC587E930D4CBACF337803
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q....C...C...C...C...C...C...C...C...C...C...C...C...C.[.C...C.[.C...C.[.C...C.[.C...CRich...C........................PE..L...I..[...........!.....*...b...............@.......................................+....@..........................}..d....t..........X............................................................................@...............................text....).......*.................. ..`.rdata..TC...@...D..................@..@.data...l............r..............@....rsrc...X............x..............@..@.reloc..j............~..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\System.dll

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\fideo-1.0.5.exe
                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):12288
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.719859767584478
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
                                                                                                                                                                                                                                                                                                  MD5:0D7AD4F45DC6F5AA87F606D0331C6901
                                                                                                                                                                                                                                                                                                  SHA1:48DF0911F0484CBE2A8CDD5362140B63C41EE457
                                                                                                                                                                                                                                                                                                  SHA-256:3EB38AE99653A7DBC724132EE240F6E5C4AF4BFE7C01D31D23FAF373F9F2EACA
                                                                                                                                                                                                                                                                                                  SHA-512:C07DE7308CB54205E8BD703001A7FE4FD7796C9AC1B4BB330C77C872BF712B093645F40B80CE7127531FE6746A5B66E18EA073AB6A644934ABED9BB64126FEA9
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......qr*.5.D.5.D.5.D...J.2.D.5.E.!.D.....2.D.a0t.1.D.V1n.4.D..3@.4.D.Rich5.D.........PE..L....~.\...........!....."...........).......@...............................p............@..........................B.......@..P............................`.......................................................@..X............................text.... .......".................. ..`.rdata..c....@.......&..............@..@.data...x....P.......*..............@....reloc.......`.......,..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\UAC.dll

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\fideo-1.0.5.exe
                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):14848
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.715583967305762
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:192:DiF6v2imI36Op/tGZGfWxdyWHD0I53vLl7WVl8e04IpDlPjs:DGVY6ClGoWxXH75T1WVl83lLs
                                                                                                                                                                                                                                                                                                  MD5:ADB29E6B186DAA765DC750128649B63D
                                                                                                                                                                                                                                                                                                  SHA1:160CBDC4CB0AC2C142D361DF138C537AA7E708C9
                                                                                                                                                                                                                                                                                                  SHA-256:2F7F8FC05DC4FD0D5CDA501B47E4433357E887BBFED7292C028D99C73B52DC08
                                                                                                                                                                                                                                                                                                  SHA-512:B28ADCCCF0C33660FECD6F95F28F11F793DC9988582187617B4C113FB4E6FDAD4CF7694CD8C0300A477E63536456894D119741A940DDA09B7DF3FF0087A7EADA
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........#.?NB.lNB.lNB.li..lEB.lNB.l.B.li..lMB.li..lOB.li..lOB.li..lOB.lRichNB.l................PE..L...@.dU...........!.....,...........).......@...............................p.......................................;..<....3..x....P.......................`..........................................................\............................text....+.......,.................. ..`.data...d....@.......0..............@....rsrc........P.......2..............@..@.reloc.......`.......4..............@..B........................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\app-64.7z

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\fideo-1.0.5.exe
                                                                                                                                                                                                                                                                                                  File Type:7-zip archive data, version 0.4
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):82560007
                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.99999656309556
                                                                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                                                                  SSDEEP:1572864:6u/mfe954TNGJQKyt3o7NwwZ1qW4EqD208gb4U7QHP5GGyp1yRsU2:696Y4lZ1x4RD20b4KQHP5BRsU2
                                                                                                                                                                                                                                                                                                  MD5:D459C559A8CBB96842A53A1BD8C428E9
                                                                                                                                                                                                                                                                                                  SHA1:55DEC9B319D8AEDF518EC6459F7981271CB8F46E
                                                                                                                                                                                                                                                                                                  SHA-256:DBEEDFD339F03FEDAFD4B09CDC1E82506DA78011E38CEBBCF4A39DA677D8F0F2
                                                                                                                                                                                                                                                                                                  SHA-512:5E69D63698CF0F00D43F81C02246D98DAEFE5554DF0FD09D5D87EFEA7E199C16DDD7B3101042ADF98624F603822014909886DDA6861D293449452FD2B9C3CA82
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:7z..'....k.6........%.............r..]...6.....#.0@.1.zL..b.fZ....E.m.|)t..P*.H.u..<....{3'......i..v..r....X..G..wnY..z.*"t..v..7...[ofql..C<f. .-..Dq.F$...b...w../..J]......>....a^..kBe.i.4.y..G...Q...5.z.._w-.G_.Y^:....t........\.ZD2..N.e.".^..g..b...e.`.-..2Y..o.U.$.._.r.m.......AI.n.w..-...Q.s..o...o.y.....0...=9.G......r.).V.M.O .!.=y.o...Z.H.}.$..y.I .....=e..H....p[.Euo/h.<)..I."I..j.....jB..7.s.....M3q-c.&L3.w.h!..'.... .....9..=.|[.fbB`...4.H...!/c1@..q...$..V............=<..xwv......|[[.......\.|.!.n.Q`.Q.y;w...B...$k...,.9ym..`.C....p.!%....W..,...!.Cc.N..[....D....,..[.).1.c.g$`v.2..y.....o..?.u.en.._qu.B.'.V..a.X..{.x.K0..T.....~..oz9......L..{.c}......u.:...1.........K.x.3.#._~...].=Z....]+\........K.(......p.C...C...Xi.J..].......9.j.c@..;.,q.g.:..~."I.wVX..:."...ftz..p...e..>..(c..v.:5...U.d6.r......Y...A.;IEY..g6.Y.1l....E..b ..2W..{h...].~...X.YD....4..8..`.j...=.8hnr...W4..O.)'m.N.-..:.K........Q/k.%..!..L.uPo..._7.h....L.

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\modern-wizard.bmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\fideo-1.0.5.exe
                                                                                                                                                                                                                                                                                                  File Type:PC bitmap, Windows 3.x format, 164 x 314 x 24, image size 154490, resolution 11808 x 11808 px/m, cbSize 154544, bits offset 54
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):154544
                                                                                                                                                                                                                                                                                                  Entropy (8bit):2.3258352355662457
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:48:EWQsvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvW:ER4N4S/992/zDmrkVIe1ULo2K
                                                                                                                                                                                                                                                                                                  MD5:52FF52EEE3B944B862C11C268A02C196
                                                                                                                                                                                                                                                                                                  SHA1:8D041966E6FBA10AA5E10CE5DC1DC5175F11B2FE
                                                                                                                                                                                                                                                                                                  SHA-256:2079F7A3EBA60E0D9EE827A7208AA052A71B384873B641DE5E299AEB8E733109
                                                                                                                                                                                                                                                                                                  SHA-512:2861AE5A06F8413810947C08994F4C0DA54A1ACEE8C4DF72CD8B03A9503B26E5512809F8D70FD584239B04A651E7329A701BF7DDCEE2DEC2C2E14D05AE74F220
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:BM.[......6...(.......:...........z[.. ... ............x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\nsProcess.dll

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\fideo-1.0.5.exe
                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):4608
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.703695912299512
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:48:Sz4joMeH+Iwdf8Rom/L+rOnnk5/OCnXeAdbdOAa4GPI+CJ87eILzlq7gthwIsEQW:64c/eFdfS/SSnkxNa4G+ueqPuCtGsj
                                                                                                                                                                                                                                                                                                  MD5:F0438A894F3A7E01A4AAE8D1B5DD0289
                                                                                                                                                                                                                                                                                                  SHA1:B058E3FCFB7B550041DA16BF10D8837024C38BF6
                                                                                                                                                                                                                                                                                                  SHA-256:30C6C3DD3CC7FCEA6E6081CE821ADC7B2888542DAE30BF00E881C0A105EB4D11
                                                                                                                                                                                                                                                                                                  SHA-512:F91FCEA19CBDDF8086AFFCB63FE599DC2B36351FC81AC144F58A80A524043DDEAA3943F36C86EBAE45DD82E8FAF622EA7B7C9B776E74C54B93DF2963CFE66CC7
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........s.I...I...I...n}f.L...I...P...@..K...@..H...@..H...RichI...........................PE..L...\..N...........!......................... ...............................`.......................................#....... ..<....@.......................P..|.................................................... ..d............................text............................... ..`.rdata....... ......................@..@.data... ....0......................@....rsrc........@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\nsis7z.dll

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\fideo-1.0.5.exe
                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):434176
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.584811966667578
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6144:aUWQQ5O3fz0NG3ucDaEUTWfk+ZA0NrCL/k+uyoyBOX1okfW7w+Pfzqibckl:an5QEG39fPAkrE4yrBOXDfaNbck
                                                                                                                                                                                                                                                                                                  MD5:80E44CE4895304C6A3A831310FBF8CD0
                                                                                                                                                                                                                                                                                                  SHA1:36BD49AE21C460BE5753A904B4501F1ABCA53508
                                                                                                                                                                                                                                                                                                  SHA-256:B393F05E8FF919EF071181050E1873C9A776E1A0AE8329AEFFF7007D0CADF592
                                                                                                                                                                                                                                                                                                  SHA-512:C8BA7B1F9113EAD23E993E74A48C4427AE3562C1F6D9910B2BBE6806C9107CF7D94BC7D204613E4743D0CD869E00DAFD4FB54AAD1E8ADB69C553F3B9E5BC64DF
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......L.6a..X2..X2..X2m.[3..X2m.]3..X2Z.]3+.X2Z.\3..X2Z.[3..X2m.\3..X2m.Y3..X2..Y2..X2..\3#.X2..]3..X2..X3..X2...2..X2...2..X2..Z3..X2Rich..X2........PE..L.....\...........!......................... ...............................@............@..........................6.......7..d................................E.....................................@............ ...............................text............................... ..`.rdata..8"... ...$..................@..@.data........P... ...6..............@....rsrc................V..............@..@.reloc...E.......F...Z..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Spelling\en-GB\default.acl

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\fideo\fideo.exe
                                                                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with no line terminators
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):2
                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:Qn:Qn
                                                                                                                                                                                                                                                                                                  MD5:F3B25701FE362EC84616A93A45CE9998
                                                                                                                                                                                                                                                                                                  SHA1:D62636D8CAEC13F04E28442A0A6FA1AFEB024BBB
                                                                                                                                                                                                                                                                                                  SHA-256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
                                                                                                                                                                                                                                                                                                  SHA-512:98C5F56F3DE340690C139E58EB7DAC111979F0D4DFFE9C4B24FF849510F4B6FFA9FD608C0A3DE9AC3C9FD2190F0EFAF715309061490F9755A9BFDF1C54CA0D84
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Spelling\en-GB\default.dic

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\fideo\fideo.exe
                                                                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with no line terminators
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):2
                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:Qn:Qn
                                                                                                                                                                                                                                                                                                  MD5:F3B25701FE362EC84616A93A45CE9998
                                                                                                                                                                                                                                                                                                  SHA1:D62636D8CAEC13F04E28442A0A6FA1AFEB024BBB
                                                                                                                                                                                                                                                                                                  SHA-256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
                                                                                                                                                                                                                                                                                                  SHA-512:98C5F56F3DE340690C139E58EB7DAC111979F0D4DFFE9C4B24FF849510F4B6FFA9FD608C0A3DE9AC3C9FD2190F0EFAF715309061490F9755A9BFDF1C54CA0D84
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Spelling\en-GB\default.exc

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\fideo\fideo.exe
                                                                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with no line terminators
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):2
                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:Qn:Qn
                                                                                                                                                                                                                                                                                                  MD5:F3B25701FE362EC84616A93A45CE9998
                                                                                                                                                                                                                                                                                                  SHA1:D62636D8CAEC13F04E28442A0A6FA1AFEB024BBB
                                                                                                                                                                                                                                                                                                  SHA-256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
                                                                                                                                                                                                                                                                                                  SHA-512:98C5F56F3DE340690C139E58EB7DAC111979F0D4DFFE9C4B24FF849510F4B6FFA9FD608C0A3DE9AC3C9FD2190F0EFAF715309061490F9755A9BFDF1C54CA0D84
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\fideo\8c13f8b8-08d4-4fa1-821a-16b98c4c12dc.tmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\fideo\fideo.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):434
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.665555683882552
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12:YKWSCuj9rrt+SDGikSb8Pzx+qlEJ6vyoOgsfDdFeK1RIaf:YKWJu5rrt5D69zUqiJKxOg0dHRIa
                                                                                                                                                                                                                                                                                                  MD5:AEF54DB08E11742C4489D02D7919F355
                                                                                                                                                                                                                                                                                                  SHA1:44FD896F66F59E9E6571632BC3AE2E6B354419FC
                                                                                                                                                                                                                                                                                                  SHA-256:91B3FEB3FA19041A5BB1B619393B875E73975E412E824A2F66FF563DD6F2CA74
                                                                                                                                                                                                                                                                                                  SHA-512:DBD16662150AC151A07D712D49FFC27EAB43D52CB5A48A8008791F3A6EAD714268B02A6A3C7B1ABB90F57571454308609DEA4F8B20C0342BAAAF41D614FFB882
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABqPsa9UcFQTbsNdLvBS2NqEAAAABIAAABDAGgAcgBvAG0AaQB1AG0AAAAQZgAAAAEAACAAAAAiNdl4o8jrvC5SjB134+dbRW2nwKv16/rYjLF8y/uXMQAAAAAOgAAAAAIAACAAAABs8OYX18QStBoUkYt7z5VH2cKRkoUYJzCPTqvKAoin5jAAAABQNxwy8O0swgfm5lVbXfUCn4ibyZa44qhT2rknpkntY4TRCFCzQ39Z64Fa81m0J1xAAAAAtF1GG/g9z5deouLWHj/Rl9V8B1a+leANVctrAlOCqheHmFonRs2d/AePdAzl/aajgBJx1fMvAVzx9I46sBOjNw=="}}

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\fideo\Cache\Cache_Data\data_0

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\fideo\fideo.exe
                                                                                                                                                                                                                                                                                                  File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):8192
                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.01057775872642915
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:MsFl:/F
                                                                                                                                                                                                                                                                                                  MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                                                                                                                                                                  SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                                                                                                                                                                  SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                                                                                                                                                                  SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\fideo\Cache\Cache_Data\data_1

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\fideo\fideo.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):270336
                                                                                                                                                                                                                                                                                                  Entropy (8bit):8.280239615765425E-4
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                                                                                                                                                                                                                                                  MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                                                                                                                                                                                                                                  SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                                                                                                                                                                                                                                  SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                                                                                                                                                                                                                                  SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\fideo\Cache\Cache_Data\data_2

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\fideo\fideo.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):8192
                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.011852361981932763
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:MsHlDll:/H
                                                                                                                                                                                                                                                                                                  MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                                                                                                                                                                  SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                                                                                                                                                                  SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                                                                                                                                                                  SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\fideo\Cache\Cache_Data\data_3

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\fideo\fideo.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):8192
                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.012340643231932763
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:MsGl3ll:/y
                                                                                                                                                                                                                                                                                                  MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                                                                                                                                                                  SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                                                                                                                                                                  SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                                                                                                                                                                  SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\fideo\Cache\Cache_Data\index

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\fideo\fideo.exe
                                                                                                                                                                                                                                                                                                  File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):524656
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.989325630401085E-4
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:Lsulev+l:LsLv+l
                                                                                                                                                                                                                                                                                                  MD5:5F408EAC225491E912598597A69DB762
                                                                                                                                                                                                                                                                                                  SHA1:CF314D4F68E046FCC0BB48C18CF2685FD5A600A1
                                                                                                                                                                                                                                                                                                  SHA-256:4977E068D505C4046637C51A53BB5BC9A6785DBE55561046A6581D56B5315755
                                                                                                                                                                                                                                                                                                  SHA-512:55D827F669878A6D39B5B3F787332BF01102F155B1CF41CCD654AF8FC85583E5089F145E7E772F7446CB0C06B13488A352EA3FF71B0EB7A224C6719FD3EBCC13
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:.........................................../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\fideo\Code Cache\js\index

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\fideo\fideo.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):24
                                                                                                                                                                                                                                                                                                  Entropy (8bit):2.1431558784658327
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:m+l:m
                                                                                                                                                                                                                                                                                                  MD5:54CB446F628B2EA4A5BCE5769910512E
                                                                                                                                                                                                                                                                                                  SHA1:C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
                                                                                                                                                                                                                                                                                                  SHA-256:FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
                                                                                                                                                                                                                                                                                                  SHA-512:8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:0\r..m..................

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\fideo\Code Cache\js\index-dir\temp-index

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\fideo\fideo.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):48
                                                                                                                                                                                                                                                                                                  Entropy (8bit):2.9972243200613975
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:EjAxAR0EN2Dl:EjA+N25
                                                                                                                                                                                                                                                                                                  MD5:DFA6B399D66E47B9CA138043593BB012
                                                                                                                                                                                                                                                                                                  SHA1:6B9B017FE9DB4B025E374FA496B1D9A4CAE5D77D
                                                                                                                                                                                                                                                                                                  SHA-256:B891756757303BCA7F808D91B3223426A4084A000F950ECF44ED15987707418A
                                                                                                                                                                                                                                                                                                  SHA-512:7C2FB56808667D203FD1D460A817A154FB0EF72A15F0708925FF304217741CD9A15917EFB724D7C86AF4936DAA4A8BD4C876EBAB98344E49581A52846CA02A47
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:(....F%Voy retne........................Q+../.

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\fideo\Code Cache\js\index-dir\the-real-index (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\fideo\fideo.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):48
                                                                                                                                                                                                                                                                                                  Entropy (8bit):2.9972243200613975
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:EjAxAR0EN2Dl:EjA+N25
                                                                                                                                                                                                                                                                                                  MD5:DFA6B399D66E47B9CA138043593BB012
                                                                                                                                                                                                                                                                                                  SHA1:6B9B017FE9DB4B025E374FA496B1D9A4CAE5D77D
                                                                                                                                                                                                                                                                                                  SHA-256:B891756757303BCA7F808D91B3223426A4084A000F950ECF44ED15987707418A
                                                                                                                                                                                                                                                                                                  SHA-512:7C2FB56808667D203FD1D460A817A154FB0EF72A15F0708925FF304217741CD9A15917EFB724D7C86AF4936DAA4A8BD4C876EBAB98344E49581A52846CA02A47
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:(....F%Voy retne........................Q+../.

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\fideo\Code Cache\wasm\index

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\fideo\fideo.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):24
                                                                                                                                                                                                                                                                                                  Entropy (8bit):2.1431558784658327
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:m+l:m
                                                                                                                                                                                                                                                                                                  MD5:54CB446F628B2EA4A5BCE5769910512E
                                                                                                                                                                                                                                                                                                  SHA1:C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
                                                                                                                                                                                                                                                                                                  SHA-256:FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
                                                                                                                                                                                                                                                                                                  SHA-512:8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:0\r..m..................

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\fideo\Code Cache\wasm\index-dir\temp-index

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\fideo\fideo.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):48
                                                                                                                                                                                                                                                                                                  Entropy (8bit):2.9972243200613975
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:MOfXAyEp6En5:MOfwp6M5
                                                                                                                                                                                                                                                                                                  MD5:2469D3D73B2684708DDA731517D70290
                                                                                                                                                                                                                                                                                                  SHA1:F788E88F23C0E0F203B77AFF1BE765144823244B
                                                                                                                                                                                                                                                                                                  SHA-256:32EFD2F03208B7667D06883FC202C0CFFD34170EB504549766D29A82BF435A51
                                                                                                                                                                                                                                                                                                  SHA-512:7189829B5D76595ED804084C3644C39131B68025DDACE4BE901FAE51CDB5D4370BD9CCE8554A990568B0D90E4CDA2B1ED3159DC4B19A7CD152A3F8D24DC639E7
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:(....xi.oy retne........................u.../.

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\fideo\Code Cache\wasm\index-dir\the-real-index (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\fideo\fideo.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):48
                                                                                                                                                                                                                                                                                                  Entropy (8bit):2.9972243200613975
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:MOfXAyEp6En5:MOfwp6M5
                                                                                                                                                                                                                                                                                                  MD5:2469D3D73B2684708DDA731517D70290
                                                                                                                                                                                                                                                                                                  SHA1:F788E88F23C0E0F203B77AFF1BE765144823244B
                                                                                                                                                                                                                                                                                                  SHA-256:32EFD2F03208B7667D06883FC202C0CFFD34170EB504549766D29A82BF435A51
                                                                                                                                                                                                                                                                                                  SHA-512:7189829B5D76595ED804084C3644C39131B68025DDACE4BE901FAE51CDB5D4370BD9CCE8554A990568B0D90E4CDA2B1ED3159DC4B19A7CD152A3F8D24DC639E7
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:(....xi.oy retne........................u.../.

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\fideo\DawnGraphiteCache\data_0

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\fideo\fideo.exe
                                                                                                                                                                                                                                                                                                  File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):8192
                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.01057775872642915
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:MsFl:/F
                                                                                                                                                                                                                                                                                                  MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                                                                                                                                                                  SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                                                                                                                                                                  SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                                                                                                                                                                  SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\fideo\DawnGraphiteCache\data_1

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\fideo\fideo.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):270336
                                                                                                                                                                                                                                                                                                  Entropy (8bit):8.280239615765425E-4
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                                                                                                                                                                                                                                                  MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                                                                                                                                                                                                                                  SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                                                                                                                                                                                                                                  SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                                                                                                                                                                                                                                  SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\fideo\DawnGraphiteCache\data_2

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\fideo\fideo.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):8192
                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.011852361981932763
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:MsHlDll:/H
                                                                                                                                                                                                                                                                                                  MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                                                                                                                                                                  SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                                                                                                                                                                  SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                                                                                                                                                                  SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\fideo\DawnGraphiteCache\data_3

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\fideo\fideo.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):8192
                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.012340643231932763
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:MsGl3ll:/y
                                                                                                                                                                                                                                                                                                  MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                                                                                                                                                                  SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                                                                                                                                                                  SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                                                                                                                                                                  SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\fideo\DawnGraphiteCache\index

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\fideo\fideo.exe
                                                                                                                                                                                                                                                                                                  File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):262512
                                                                                                                                                                                                                                                                                                  Entropy (8bit):9.553120663130604E-4
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:LsNl/l:Ls3/l
                                                                                                                                                                                                                                                                                                  MD5:C10C90145D6D8689952DABDEAB91430B
                                                                                                                                                                                                                                                                                                  SHA1:24CB34CBFF4761639C77EA7C6EA3E53573141585
                                                                                                                                                                                                                                                                                                  SHA-256:2C300EDA753E529F45DFD8237292B655597A85DAE2E32CE7E6F6E96A2B97EA0F
                                                                                                                                                                                                                                                                                                  SHA-512:8BA85B5F17503284E5D5DDC5C1B8E6EC7F23794EB445CDB8A1DE00E75F715964BA4A21688526531779A8F27F9ACFC0BDDA817065A9B1B107CBCC2585870838AB
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:.........................................../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\fideo\DawnWebGPUCache\data_0

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\fideo\fideo.exe
                                                                                                                                                                                                                                                                                                  File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):8192
                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.01057775872642915
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:MsFl:/F
                                                                                                                                                                                                                                                                                                  MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                                                                                                                                                                  SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                                                                                                                                                                  SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                                                                                                                                                                  SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\fideo\DawnWebGPUCache\data_1

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\fideo\fideo.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):270336
                                                                                                                                                                                                                                                                                                  Entropy (8bit):8.280239615765425E-4
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                                                                                                                                                                                                                                                  MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                                                                                                                                                                                                                                  SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                                                                                                                                                                                                                                  SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                                                                                                                                                                                                                                  SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\fideo\DawnWebGPUCache\data_2

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\fideo\fideo.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):8192
                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.011852361981932763
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:MsHlDll:/H
                                                                                                                                                                                                                                                                                                  MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                                                                                                                                                                  SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                                                                                                                                                                  SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                                                                                                                                                                  SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\fideo\DawnWebGPUCache\data_3

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\fideo\fideo.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):8192
                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.012340643231932763
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:MsGl3ll:/y
                                                                                                                                                                                                                                                                                                  MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                                                                                                                                                                  SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                                                                                                                                                                  SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                                                                                                                                                                  SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\fideo\DawnWebGPUCache\index

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\fideo\fideo.exe
                                                                                                                                                                                                                                                                                                  File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):262512
                                                                                                                                                                                                                                                                                                  Entropy (8bit):9.553120663130604E-4
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:LsNlNa5:Ls3Na
                                                                                                                                                                                                                                                                                                  MD5:4A46062B05B73001257A9A11D0AF7CCC
                                                                                                                                                                                                                                                                                                  SHA1:6EECC85B3AF89D5537313BFB8416E00DE29F433D
                                                                                                                                                                                                                                                                                                  SHA-256:3AF52EC218EB9B6B7A1926DD1E02D7C03266DDEB7BD088F8B45A2658E31E8711
                                                                                                                                                                                                                                                                                                  SHA-512:8B2A0BE05FE2D8DBE016D00B7D9AF52CFD4796516C3CF898289F69EB19ED7EB3746FC8CD1880D7709DA164733FDB1DCF2DEB15D3620491DDEF7A307B0530DCBB
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:.........................................../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\fideo\GPUCache\data_0

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\fideo\fideo.exe
                                                                                                                                                                                                                                                                                                  File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):8192
                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.01057775872642915
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:MsFl:/F
                                                                                                                                                                                                                                                                                                  MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                                                                                                                                                                  SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                                                                                                                                                                  SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                                                                                                                                                                  SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\fideo\GPUCache\data_1

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\fideo\fideo.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):270336
                                                                                                                                                                                                                                                                                                  Entropy (8bit):8.280239615765425E-4
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                                                                                                                                                                                                                                                  MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                                                                                                                                                                                                                                  SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                                                                                                                                                                                                                                  SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                                                                                                                                                                                                                                  SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\fideo\GPUCache\data_2

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\fideo\fideo.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):8192
                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.011852361981932763
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:MsHlDll:/H
                                                                                                                                                                                                                                                                                                  MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                                                                                                                                                                  SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                                                                                                                                                                  SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                                                                                                                                                                  SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\fideo\GPUCache\data_3

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\fideo\fideo.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):8192
                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.012340643231932763
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:MsGl3ll:/y
                                                                                                                                                                                                                                                                                                  MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                                                                                                                                                                  SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                                                                                                                                                                  SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                                                                                                                                                                  SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\fideo\GPUCache\index

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\fideo\fideo.exe
                                                                                                                                                                                                                                                                                                  File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):262512
                                                                                                                                                                                                                                                                                                  Entropy (8bit):9.553120663130604E-4
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:LsNlPyl:Ls36
                                                                                                                                                                                                                                                                                                  MD5:CA2318D6EF651DB2B94BC8ED17CE667C
                                                                                                                                                                                                                                                                                                  SHA1:256A06586790515F5224709CA766C3E07612A140
                                                                                                                                                                                                                                                                                                  SHA-256:6D859FE29A67254D2B8A2021B978482F8B8B638CAE51BA7B35CCF77D17871017
                                                                                                                                                                                                                                                                                                  SHA-512:F8A7FD271C68C05BFE1375760C9D433476F5CDFA819BB16366556A39F0562B3299B2CDDC316BAEC2730C46355516F53FF68FB7D01AC0B1EB87DD5B99C6C5E8DE
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:........................................N.../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\fideo\IndexedDB\file__0.indexeddb.leveldb\000001.dbtmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\fideo\fideo.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):16
                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                  MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                  SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                  SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                  SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\fideo\IndexedDB\file__0.indexeddb.leveldb\000003.log

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\fideo\fideo.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1819
                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.8409294733412316
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:8THjK0uNKSCi/sctSKUYH7X/B3HE5M0IrHJHqM9CpSpBft:aH8KPGSm1QIrZqUVp3
                                                                                                                                                                                                                                                                                                  MD5:E83AC8EF881C3460E089D9917EC6C79C
                                                                                                                                                                                                                                                                                                  SHA1:76555A98F50CE5ED70B7882FFC4675E18334F175
                                                                                                                                                                                                                                                                                                  SHA-256:1D813FE362EDBB4F7DC368B2C241585F2A55E441E3B0095A9C3E2F3B29E20703
                                                                                                                                                                                                                                                                                                  SHA-512:B731EC8717E9BF06F11606F2AD3DD5589FDF5745E82BDBE3808985C2215A04A934EF1FF2FB48FC46A51B20A3D5C2BA0E7F8DBE7CCA1F74B0BEAC1F877A5258B7
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:. ......................2.......".......................................GZ......................../.......f.i.l.e._._.0.@.1..l.o.c.a.l.f.o.r.a.g.e.....................`U.............................O.............................2.........localforage......2...........................A..............................2....k.e.y.v.a.l.u.e.p.a.i.r.s......2............2..........2..........2..........2..........2..........2..... .......k.e.y.v.a.l.u.e.p.a.i.r.s........2...........................2....................2........2....................2........2....................2........2....................2........2....................2........2....................2........2....................2........2....................2........2...........$.". .......k.e.y.v.a.l.u.e.p.a.i.r.sJ...n.. ..........................2..@.l.o.c.a.l.-.f.o.r.a.g.e.-.d.e.t.e.c.t.-.b.l.o.b.-.s.u.p.p.o.r.t......2............2..........2..........2..........2..........2..........2.....F..... .l.o.c.a.l.-.f.o.r.a.g.e.-.

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\fideo\IndexedDB\file__0.indexeddb.leveldb\CURRENT (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\fideo\fideo.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):16
                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                  MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                  SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                  SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                  SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\fideo\IndexedDB\file__0.indexeddb.leveldb\LOG

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\fideo\fideo.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):271
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.182954592764419
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6:PnuB+q19aZ5QBhsGAzwRB2KLllnjw+q2P9aZ5QBhsGAzwVIFUv:Pu0HQB6GAzwRFLnj1vsHQB6GAzwiFUv
                                                                                                                                                                                                                                                                                                  MD5:09B80E7ADCB8BB8C2B21906448089E9D
                                                                                                                                                                                                                                                                                                  SHA1:6329AF592B49B0FA3EA833BBC491733D64AEBE15
                                                                                                                                                                                                                                                                                                  SHA-256:71EE5E0CD2E475241FCDC73A130D2F11BF2E8E8E38DCE95802658AC3E214DC96
                                                                                                                                                                                                                                                                                                  SHA-512:E360E1AF290B2ECE5CC4E55D03253FE88226F260F07CAC91894ABE7A9CA6EFA725DBEDCC0FBC5A5950B7E6ED10DCB30438C058EEDD1DE00C427B05CDFDC3EC8D
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:2024/09/28-04:20:42.188 718 Creating DB C:\Users\user\AppData\Roaming\fideo\IndexedDB\file__0.indexeddb.leveldb since it was missing..2024/09/28-04:20:42.201 718 Reusing MANIFEST C:\Users\user\AppData\Roaming\fideo\IndexedDB\file__0.indexeddb.leveldb/MANIFEST-000001.

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\fideo\IndexedDB\file__0.indexeddb.leveldb\MANIFEST-000001

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\fideo\fideo.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):23
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.142914673354254
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:Fdb+4Ll:Zl
                                                                                                                                                                                                                                                                                                  MD5:3FD11FF447C1EE23538DC4D9724427A3
                                                                                                                                                                                                                                                                                                  SHA1:1335E6F71CC4E3CF7025233523B4760F8893E9C9
                                                                                                                                                                                                                                                                                                  SHA-256:720A78803B84CBCC8EB204D5CF8EA6EE2F693BE0AB2124DDF2B81455DE02A3ED
                                                                                                                                                                                                                                                                                                  SHA-512:10A3BD3813014EB6F8C2993182E1FA382D745372F8921519E1D25F70D76F08640E84CB8D0B554CCD329A6B4E6DE6872328650FEFA91F98C3C0CFC204899EE824
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:........idb_cmp1......

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\fideo\Local State (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\fideo\fideo.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):434
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.665555683882552
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12:YKWSCuj9rrt+SDGikSb8Pzx+qlEJ6vyoOgsfDdFeK1RIaf:YKWJu5rrt5D69zUqiJKxOg0dHRIa
                                                                                                                                                                                                                                                                                                  MD5:AEF54DB08E11742C4489D02D7919F355
                                                                                                                                                                                                                                                                                                  SHA1:44FD896F66F59E9E6571632BC3AE2E6B354419FC
                                                                                                                                                                                                                                                                                                  SHA-256:91B3FEB3FA19041A5BB1B619393B875E73975E412E824A2F66FF563DD6F2CA74
                                                                                                                                                                                                                                                                                                  SHA-512:DBD16662150AC151A07D712D49FFC27EAB43D52CB5A48A8008791F3A6EAD714268B02A6A3C7B1ABB90F57571454308609DEA4F8B20C0342BAAAF41D614FFB882
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABqPsa9UcFQTbsNdLvBS2NqEAAAABIAAABDAGgAcgBvAG0AaQB1AG0AAAAQZgAAAAEAACAAAAAiNdl4o8jrvC5SjB134+dbRW2nwKv16/rYjLF8y/uXMQAAAAAOgAAAAAIAACAAAABs8OYX18QStBoUkYt7z5VH2cKRkoUYJzCPTqvKAoin5jAAAABQNxwy8O0swgfm5lVbXfUCn4ibyZa44qhT2rknpkntY4TRCFCzQ39Z64Fa81m0J1xAAAAAtF1GG/g9z5deouLWHj/Rl9V8B1a+leANVctrAlOCqheHmFonRs2d/AePdAzl/aajgBJx1fMvAVzx9I46sBOjNw=="}}

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\fideo\Local Storage\leveldb\000001.dbtmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\fideo\fideo.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):16
                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                  MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                  SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                  SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                  SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\fideo\Local Storage\leveldb\000003.log

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\fideo\fideo.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):82
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.02481770565291
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:Fk4g30kUkio1tA9GRbSjBJkRSk:645mionYG2jBJkUk
                                                                                                                                                                                                                                                                                                  MD5:C5E449EAE492279F939618892C01D872
                                                                                                                                                                                                                                                                                                  SHA1:4917F76EEF12E3BB91A91074BFEC6A4CEE2109BA
                                                                                                                                                                                                                                                                                                  SHA-256:04BD63C24C9A9BC286F029EC0F6E5771998C406C339BD8929171B8F562DCBC6A
                                                                                                                                                                                                                                                                                                  SHA-512:34DDCD1DCC49F73F62153E2F0ADFA76EBD5F46012E6651D84A4E67FF709B828F2521979DA291F8EA105A24F4DE89C368874F30CDB29837804B3D4178B277B14C
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:.}..K................VERSION.1..META:file://............._file://..theme.."light"

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\fideo\Local Storage\leveldb\CURRENT (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\fideo\fideo.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):16
                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                  MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                  SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                  SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                  SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\fideo\Local Storage\leveldb\LOG

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\fideo\fideo.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):243
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.233080242076075
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6:Pnu8eq19aZ5QBho2jM8B2KLllnuI9+q2P9aZ5QBho2jMGIFUv:Pu8KHQBbFLnu3vsHQBsFUv
                                                                                                                                                                                                                                                                                                  MD5:710313B259A54F52B3B53C38E0057669
                                                                                                                                                                                                                                                                                                  SHA1:CB973538C9BE9DDADC42A62E52BBD56799B278BE
                                                                                                                                                                                                                                                                                                  SHA-256:39E68A1443FAA8C2ED732033F4D05FC7B9E65E2BBE376775FC19452407FC1863
                                                                                                                                                                                                                                                                                                  SHA-512:4110368A6CD9D287A3C0A504AFDA7D924928C7E4985E0915258296E4328EC601F339D523A2B4FA7C745DC607E921ED2F7DD2B748D7143776288231404B94532A
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:2024/09/28-04:20:34.926 718 Creating DB C:\Users\user\AppData\Roaming\fideo\Local Storage\leveldb since it was missing..2024/09/28-04:20:34.999 718 Reusing MANIFEST C:\Users\user\AppData\Roaming\fideo\Local Storage\leveldb/MANIFEST-000001.

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\fideo\Local Storage\leveldb\MANIFEST-000001

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\fideo\fideo.exe
                                                                                                                                                                                                                                                                                                  File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):41
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                                                  MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                                                  SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                                                  SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                                                  SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\fideo\Network\5b14ea10-bc09-40fa-8cd0-83216666b2ad.tmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\fideo\fideo.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):59
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.619434150836742
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:YLbkVKJq0nMb1KKqk1Yn:YHkVKJTnMRKXk1Yn
                                                                                                                                                                                                                                                                                                  MD5:78BFCECB05ED1904EDCE3B60CB5C7E62
                                                                                                                                                                                                                                                                                                  SHA1:BF77A7461DE9D41D12AA88FBA056BA758793D9CE
                                                                                                                                                                                                                                                                                                  SHA-256:C257F929CFF0E4380BF08D9F36F310753F7B1CCB5CB2AB811B52760DD8CB9572
                                                                                                                                                                                                                                                                                                  SHA-512:2420DFF6EB853F5E1856CDAB99561A896EA0743FCFF3E04B37CB87EDDF063770608A30C6FFB0319E5D353B0132C5F8135B7082488E425666B2C22B753A6A4D73
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"net":{"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\fideo\Network\Network Persistent State (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\fideo\fideo.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):59
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.619434150836742
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:YLbkVKJq0nMb1KKqk1Yn:YHkVKJTnMRKXk1Yn
                                                                                                                                                                                                                                                                                                  MD5:78BFCECB05ED1904EDCE3B60CB5C7E62
                                                                                                                                                                                                                                                                                                  SHA1:BF77A7461DE9D41D12AA88FBA056BA758793D9CE
                                                                                                                                                                                                                                                                                                  SHA-256:C257F929CFF0E4380BF08D9F36F310753F7B1CCB5CB2AB811B52760DD8CB9572
                                                                                                                                                                                                                                                                                                  SHA-512:2420DFF6EB853F5E1856CDAB99561A896EA0743FCFF3E04B37CB87EDDF063770608A30C6FFB0319E5D353B0132C5F8135B7082488E425666B2C22B753A6A4D73
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"net":{"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\fideo\Network\Network Persistent State~RF56b340.TMP (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\fideo\fideo.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):59
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.619434150836742
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:YLbkVKJq0nMb1KKqk1Yn:YHkVKJTnMRKXk1Yn
                                                                                                                                                                                                                                                                                                  MD5:78BFCECB05ED1904EDCE3B60CB5C7E62
                                                                                                                                                                                                                                                                                                  SHA1:BF77A7461DE9D41D12AA88FBA056BA758793D9CE
                                                                                                                                                                                                                                                                                                  SHA-256:C257F929CFF0E4380BF08D9F36F310753F7B1CCB5CB2AB811B52760DD8CB9572
                                                                                                                                                                                                                                                                                                  SHA-512:2420DFF6EB853F5E1856CDAB99561A896EA0743FCFF3E04B37CB87EDDF063770608A30C6FFB0319E5D353B0132C5F8135B7082488E425666B2C22B753A6A4D73
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"net":{"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\fideo\Network\Trust Tokens

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\fideo\fideo.exe
                                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3045002, file counter 3, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):36864
                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.3650098242300801
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:TL93lIIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:T531DtX5nDOvyKDhU1cSB
                                                                                                                                                                                                                                                                                                  MD5:BA18BF06E5B76061522CDEF07791AB8D
                                                                                                                                                                                                                                                                                                  SHA1:3A237D7DC0CE618F9DADD49D9841548E3DD1302A
                                                                                                                                                                                                                                                                                                  SHA-256:9E73B896C702A73BC8CC8B2D8F9B8FFA303581802EBB26F95C34793A4CD12FCA
                                                                                                                                                                                                                                                                                                  SHA-512:382012DB8AE451368AD429C60CB7CD8E21842DFBBE8C7E8D43EDE29CDFB06FB76774365D07E7EB1EC37874F4F99F75299D0629C4CA2583683A573919C026FD1C
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................v.......X..g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\fideo\Network\a95d87e4-4214-4898-b535-e90e33495b42.tmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\fideo\fideo.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):385
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.031420755873942
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6:YHpoNXR8+eqq59rWsDHF4h6nHOVWj2HEzCYZa9a1V3h6ubQ+a4MS7PMVKJTnMRKX:YHO8sqHWsBZHOg2HGcakubxnP7E4TX
                                                                                                                                                                                                                                                                                                  MD5:9AED056A51D31F50D99F324B91E15DDD
                                                                                                                                                                                                                                                                                                  SHA1:0AA238055AE8D01619230358CEBF815F1655B454
                                                                                                                                                                                                                                                                                                  SHA-256:825355EDD625E83075CC1B745FA8462922794E8BD94318FCB33D8FB0766B81D9
                                                                                                                                                                                                                                                                                                  SHA-512:4D33A38A66D8D33E0E0285DCC8812EDBD4097B9B0BF1ABB16F7D1A2F03E52A74885DEAC6562E4F9B51AF02282FDF6C1066638ECD55421D3CA25EB50878C7FC8D
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372071646326100","port":443,"protocol_str":"quic"}],"anonymization":[],"network_stats":{"srtt":392138},"server":"https://chrome.cloudflare-dns.com"}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\fideo\Preferences (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\fideo\fideo.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):57
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.283088322451805
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:YWVbSZAjMx/ALfnH4JaGqx41n:YWNlDGn
                                                                                                                                                                                                                                                                                                  MD5:329622F40165883B656ABAB0D93674C4
                                                                                                                                                                                                                                                                                                  SHA1:DD0DDF3B58BA7BF841B7664F890C65DC7B20CE87
                                                                                                                                                                                                                                                                                                  SHA-256:2A2BF0F32B2E88B7394AB518C2EF85880824317076DCE7E932BB8C9B8F218488
                                                                                                                                                                                                                                                                                                  SHA-512:BF9173F47118D3FD466378CA186B74EFB7481AF15AEABD0BDBA43331721D93F5F9E4D1FD94F38873B8DBA9352D2EB4BF8044A21C52A52409615E3E25894393CF
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"spellcheck":{"dictionaries":["en-GB"],"dictionary":""}}

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\fideo\Shared Dictionary\cache\index

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\fideo\fideo.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):24
                                                                                                                                                                                                                                                                                                  Entropy (8bit):2.1431558784658327
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:m+l:m
                                                                                                                                                                                                                                                                                                  MD5:54CB446F628B2EA4A5BCE5769910512E
                                                                                                                                                                                                                                                                                                  SHA1:C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
                                                                                                                                                                                                                                                                                                  SHA-256:FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
                                                                                                                                                                                                                                                                                                  SHA-512:8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:0\r..m..................

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\fideo\Shared Dictionary\cache\index-dir\temp-index

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\fideo\fideo.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):48
                                                                                                                                                                                                                                                                                                  Entropy (8bit):2.9972243200613975
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:eKaEG/+:eKc+
                                                                                                                                                                                                                                                                                                  MD5:B26DEA87E16D8424C78DA350E0F78478
                                                                                                                                                                                                                                                                                                  SHA1:39775D4EF4087E3D703E2410D27F0585CECFE230
                                                                                                                                                                                                                                                                                                  SHA-256:80D18D870768194C9FF030BADFE75F10991722340AFEDCF6253C14CFCB8EBAF8
                                                                                                                                                                                                                                                                                                  SHA-512:769EEDEE4BA23617B209C10A7BB5AF58A08EDCE05094DFFEF4E38DB80CD10F4103064B7B211DD876295718B2FD11889C68C9D96A54AC643BFD560AD291855BE3
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:(....?_.oy retne..........................5./.

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\fideo\Shared Dictionary\cache\index-dir\the-real-index (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\fideo\fideo.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):48
                                                                                                                                                                                                                                                                                                  Entropy (8bit):2.9972243200613975
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:eKaEG/+:eKc+
                                                                                                                                                                                                                                                                                                  MD5:B26DEA87E16D8424C78DA350E0F78478
                                                                                                                                                                                                                                                                                                  SHA1:39775D4EF4087E3D703E2410D27F0585CECFE230
                                                                                                                                                                                                                                                                                                  SHA-256:80D18D870768194C9FF030BADFE75F10991722340AFEDCF6253C14CFCB8EBAF8
                                                                                                                                                                                                                                                                                                  SHA-512:769EEDEE4BA23617B209C10A7BB5AF58A08EDCE05094DFFEF4E38DB80CD10F4103064B7B211DD876295718B2FD11889C68C9D96A54AC643BFD560AD291855BE3
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:(....?_.oy retne..........................5./.

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\fideo\Shared Dictionary\db

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\fideo\fideo.exe
                                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3045002, file counter 2, database pages 11, cookie 0x8, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):45056
                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.42922658759693877
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:TL6/gJhPwMuz6G0ZestjteX4yNQeYlv+1b3IeNS6+6Uwg89oIPq81fBG:T/OIy4m1b3fbUdSo2qSB
                                                                                                                                                                                                                                                                                                  MD5:358D089087AA109E41F38DDDA1FF8368
                                                                                                                                                                                                                                                                                                  SHA1:42F68E8E7C6806485AAB068AD2EF9D8992FE3867
                                                                                                                                                                                                                                                                                                  SHA-256:E1EA1994A9C238120944C0009B25C9B75C3B8ACB5CC137A78CD4A8450C809130
                                                                                                                                                                                                                                                                                                  SHA-512:4630EBA964CE1DCCFBB8663F04141C91FF0A3CEE399621637BDEF17C696735316DA23A5BF6F7235B9616005652D175E276E83C8ACA5F99F9F3B4D9C713818553
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................v..........g...|.*.../...W............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\fideo\WebStorage\QuotaManager

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\fideo\fideo.exe
                                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3045002, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                                  Category:modified
                                                                                                                                                                                                                                                                                                  Size (bytes):40960
                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.4540774387820629
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:48:T1j7dojKsKmjKZKAsjZNOjAhts3N8g1j3UcB290T:d7doKsKuKZKlZNmu46yjxeO
                                                                                                                                                                                                                                                                                                  MD5:182E8EB43CCEE342A48371E03554CFF5
                                                                                                                                                                                                                                                                                                  SHA1:2CDB872CBADAC4C5A87CA3EA40F31C3F8FDD605B
                                                                                                                                                                                                                                                                                                  SHA-256:0F5F77DC503BE69CDE7574D91437DA7A4414B8A08927105AB7C01714D43FDE11
                                                                                                                                                                                                                                                                                                  SHA-512:C7C60006978DCADC7BF5CB916D133306E649293E74D65BD0ED17FA983F7123ED8C71F099677CE363F21DCF16AE1DFECE5A6053D0B678F8BBF1271BA4EBA2FB8F
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................v.......w..g...........M...w..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\fideo\e0f1c858-8915-47bc-8fa5-d70c44e7458b.tmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\fideo\fideo.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):57
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.283088322451805
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:YWVbSZAjMx/ALfnH4JaGqx41n:YWNlDGn
                                                                                                                                                                                                                                                                                                  MD5:329622F40165883B656ABAB0D93674C4
                                                                                                                                                                                                                                                                                                  SHA1:DD0DDF3B58BA7BF841B7664F890C65DC7B20CE87
                                                                                                                                                                                                                                                                                                  SHA-256:2A2BF0F32B2E88B7394AB518C2EF85880824317076DCE7E932BB8C9B8F218488
                                                                                                                                                                                                                                                                                                  SHA-512:BF9173F47118D3FD466378CA186B74EFB7481AF15AEABD0BDBA43331721D93F5F9E4D1FD94F38873B8DBA9352D2EB4BF8044A21C52A52409615E3E25894393CF
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"spellcheck":{"dictionaries":["en-GB"],"dictionary":""}}

                                                                                                                                                                                                                                                                                                  \Device\Null

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\fideo\fideo.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):58
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.435506969885884
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:25LFoZDUkh4EaKC5QBAiJov:OLuN9aZ5QBhCv
                                                                                                                                                                                                                                                                                                  MD5:2B86842B89127A40E3111203301B60C1
                                                                                                                                                                                                                                                                                                  SHA1:BDEE51AA6A4B4DAB16A41F97CFB050C7133CA673
                                                                                                                                                                                                                                                                                                  SHA-256:1E4F4750CBAB51B5252DD3CF631B2CF0F5A81D2D5B50A75085D15D86010A4BF5
                                                                                                                                                                                                                                                                                                  SHA-512:E4083DB6E1D5E96B9B8C14370816CF5C40642CBCA53393B8C876B927F58E2AA419A77E94E2F9C022F4BD3AA73F21B8C7E2F9D4A1420EA2856CD4D95949EF6B34
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:logPrefixPath: C:\Users\user\AppData\Roaming\fideo\logs.

                                                                                                                                                                                                                                                                                                  Static File Info

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.999987290900507
                                                                                                                                                                                                                                                                                                  TrID:
                                                                                                                                                                                                                                                                                                  • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                                                                  • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                                                                  • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                                                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                                                                  File name:fideo-1.0.5.exe
                                                                                                                                                                                                                                                                                                  File size:83'114'406 bytes
                                                                                                                                                                                                                                                                                                  MD5:ba835cdf19310218103f9596c0e5ab4e
                                                                                                                                                                                                                                                                                                  SHA1:3435fe83a01d637c2ea001bdf9c17eb1a99bc760
                                                                                                                                                                                                                                                                                                  SHA256:68b2c094a9db953e19588e032c462de9070d8370fe909dfd4ccefc9557f7993c
                                                                                                                                                                                                                                                                                                  SHA512:0fed74887cfae8401e76ac0645ab4dbe54e8fbb5b3d521f6ffa1e642d2fbd7993c3d837b2a7ff4bbfec97386069552912398276e64f9d6efa4a72c4fc8d0b057
                                                                                                                                                                                                                                                                                                  SSDEEP:1572864:9Hu/mfe954TNGJQKyt3o7NwwZ1qW4EqD208gb4U7QHP5GGyp1yRsUB:9H96Y4lZ1x4RD20b4KQHP5BRsUB
                                                                                                                                                                                                                                                                                                  TLSH:9608332DB7E0C4A9C1AF9C3913353F9588AE1B07562AE0BA358628F1DF41A5F37DC425
                                                                                                                                                                                                                                                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L......\.................h...8...@.

                                                                                                                                                                                                                                                                                                  File Icon

                                                                                                                                                                                                                                                                                                  Icon Hash:8c65a5a2e3830cdd

                                                                                                                                                                                                                                                                                                  Static PE Info

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Entrypoint:0x40338f
                                                                                                                                                                                                                                                                                                  Entrypoint Section:.text
                                                                                                                                                                                                                                                                                                  Digitally signed:false
                                                                                                                                                                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                                                                                                                                                                  Subsystem:windows gui
                                                                                                                                                                                                                                                                                                  Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                                                                                                                                                                                                                                  DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                                                  Time Stamp:0x5C157F86 [Sat Dec 15 22:26:14 2018 UTC]
                                                                                                                                                                                                                                                                                                  TLS Callbacks:
                                                                                                                                                                                                                                                                                                  CLR (.Net) Version:
                                                                                                                                                                                                                                                                                                  OS Version Major:4
                                                                                                                                                                                                                                                                                                  OS Version Minor:0
                                                                                                                                                                                                                                                                                                  File Version Major:4
                                                                                                                                                                                                                                                                                                  File Version Minor:0
                                                                                                                                                                                                                                                                                                  Subsystem Version Major:4
                                                                                                                                                                                                                                                                                                  Subsystem Version Minor:0
                                                                                                                                                                                                                                                                                                  Import Hash:b34f154ec913d2d2c435cbd644e91687

                                                                                                                                                                                                                                                                                                  Entrypoint Preview

                                                                                                                                                                                                                                                                                                  Instruction
                                                                                                                                                                                                                                                                                                  sub esp, 000002D4h
                                                                                                                                                                                                                                                                                                  push ebx
                                                                                                                                                                                                                                                                                                  push esi
                                                                                                                                                                                                                                                                                                  push edi
                                                                                                                                                                                                                                                                                                  push 00000020h
                                                                                                                                                                                                                                                                                                  pop edi
                                                                                                                                                                                                                                                                                                  xor ebx, ebx
                                                                                                                                                                                                                                                                                                  push 00008001h
                                                                                                                                                                                                                                                                                                  mov dword ptr [esp+14h], ebx
                                                                                                                                                                                                                                                                                                  mov dword ptr [esp+10h], 0040A2E0h
                                                                                                                                                                                                                                                                                                  mov dword ptr [esp+1Ch], ebx
                                                                                                                                                                                                                                                                                                  call dword ptr [004080A8h]
                                                                                                                                                                                                                                                                                                  call dword ptr [004080A4h]
                                                                                                                                                                                                                                                                                                  and eax, BFFFFFFFh
                                                                                                                                                                                                                                                                                                  cmp ax, 00000006h
                                                                                                                                                                                                                                                                                                  mov dword ptr [0047AEECh], eax
                                                                                                                                                                                                                                                                                                  je 00007F8ABCF8B073h
                                                                                                                                                                                                                                                                                                  push ebx
                                                                                                                                                                                                                                                                                                  call 00007F8ABCF8E325h
                                                                                                                                                                                                                                                                                                  cmp eax, ebx
                                                                                                                                                                                                                                                                                                  je 00007F8ABCF8B069h
                                                                                                                                                                                                                                                                                                  push 00000C00h
                                                                                                                                                                                                                                                                                                  call eax
                                                                                                                                                                                                                                                                                                  mov esi, 004082B0h
                                                                                                                                                                                                                                                                                                  push esi
                                                                                                                                                                                                                                                                                                  call 00007F8ABCF8E29Fh
                                                                                                                                                                                                                                                                                                  push esi
                                                                                                                                                                                                                                                                                                  call dword ptr [00408150h]
                                                                                                                                                                                                                                                                                                  lea esi, dword ptr [esi+eax+01h]
                                                                                                                                                                                                                                                                                                  cmp byte ptr [esi], 00000000h
                                                                                                                                                                                                                                                                                                  jne 00007F8ABCF8B04Ch
                                                                                                                                                                                                                                                                                                  push 0000000Ah
                                                                                                                                                                                                                                                                                                  call 00007F8ABCF8E2F8h
                                                                                                                                                                                                                                                                                                  push 00000008h
                                                                                                                                                                                                                                                                                                  call 00007F8ABCF8E2F1h
                                                                                                                                                                                                                                                                                                  push 00000006h
                                                                                                                                                                                                                                                                                                  mov dword ptr [0047AEE4h], eax
                                                                                                                                                                                                                                                                                                  call 00007F8ABCF8E2E5h
                                                                                                                                                                                                                                                                                                  cmp eax, ebx
                                                                                                                                                                                                                                                                                                  je 00007F8ABCF8B071h
                                                                                                                                                                                                                                                                                                  push 0000001Eh
                                                                                                                                                                                                                                                                                                  call eax
                                                                                                                                                                                                                                                                                                  test eax, eax
                                                                                                                                                                                                                                                                                                  je 00007F8ABCF8B069h
                                                                                                                                                                                                                                                                                                  or byte ptr [0047AEEFh], 00000040h
                                                                                                                                                                                                                                                                                                  push ebp
                                                                                                                                                                                                                                                                                                  call dword ptr [00408044h]
                                                                                                                                                                                                                                                                                                  push ebx
                                                                                                                                                                                                                                                                                                  call dword ptr [004082A0h]
                                                                                                                                                                                                                                                                                                  mov dword ptr [0047AFB8h], eax
                                                                                                                                                                                                                                                                                                  push ebx
                                                                                                                                                                                                                                                                                                  lea eax, dword ptr [esp+34h]
                                                                                                                                                                                                                                                                                                  push 000002B4h
                                                                                                                                                                                                                                                                                                  push eax
                                                                                                                                                                                                                                                                                                  push ebx
                                                                                                                                                                                                                                                                                                  push 00440208h
                                                                                                                                                                                                                                                                                                  call dword ptr [00408188h]
                                                                                                                                                                                                                                                                                                  push 0040A2C8h

                                                                                                                                                                                                                                                                                                  Rich Headers

                                                                                                                                                                                                                                                                                                  Programming Language:
                                                                                                                                                                                                                                                                                                  • [EXP] VC++ 6.0 SP5 build 8804

                                                                                                                                                                                                                                                                                                  Data Directories

                                                                                                                                                                                                                                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x86100xa0.rdata
                                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x1ff0000x5bd0.rsrc
                                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x80000x2b0.rdata
                                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                                                                  Sections

                                                                                                                                                                                                                                                                                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                                                  .text0x10000x66270x68007618d4c0cd8bb67ea9595b4266b3a91fFalse0.6646259014423077data6.450282348506287IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                  .rdata0x80000x14a20x1600eecac1fed9cc6b447d50940d178404d8False0.4405184659090909data5.025178929113415IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                  .data0xa0000x70ff80x600db8f31a08a2242d80c29e1f9500c6527False0.5182291666666666data4.037117731448378IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                                  .ndata0x7b0000x1840000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                                  .rsrc0x1ff0000x5bd00x5c00ba719530dbc547286fa32e8c72742cc0False0.6338315217391305data6.521018565833996IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                                                                  Resources

                                                                                                                                                                                                                                                                                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                                                                  RT_ICON0x1ff5c80x31f7PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9770150887342662
                                                                                                                                                                                                                                                                                                  RT_DIALOG0x2027c00x120dataEnglishUnited States0.5138888888888888
                                                                                                                                                                                                                                                                                                  RT_DIALOG0x2028e00x202dataEnglishUnited States0.4085603112840467
                                                                                                                                                                                                                                                                                                  RT_DIALOG0x202ae80xf8dataEnglishUnited States0.6290322580645161
                                                                                                                                                                                                                                                                                                  RT_DIALOG0x202be00xeedataEnglishUnited States0.6260504201680672
                                                                                                                                                                                                                                                                                                  RT_DIALOG0x202cd00x118dataEnglishUnited States0.5321428571428571
                                                                                                                                                                                                                                                                                                  RT_DIALOG0x202de80x1fadataEnglishUnited States0.40118577075098816
                                                                                                                                                                                                                                                                                                  RT_DIALOG0x202fe80xf0dataEnglishUnited States0.6666666666666666
                                                                                                                                                                                                                                                                                                  RT_DIALOG0x2030d80xe6dataEnglishUnited States0.6565217391304348
                                                                                                                                                                                                                                                                                                  RT_DIALOG0x2031c00x10cdataEnglishUnited States0.5111940298507462
                                                                                                                                                                                                                                                                                                  RT_DIALOG0x2032d00x1eedataEnglishUnited States0.38866396761133604
                                                                                                                                                                                                                                                                                                  RT_DIALOG0x2034c00xe4dataEnglishUnited States0.6447368421052632
                                                                                                                                                                                                                                                                                                  RT_DIALOG0x2035a80xdadataEnglishUnited States0.6422018348623854
                                                                                                                                                                                                                                                                                                  RT_DIALOG0x2036880x10cdataEnglishUnited States0.5111940298507462
                                                                                                                                                                                                                                                                                                  RT_DIALOG0x2037980x1eedataEnglishUnited States0.3866396761133603
                                                                                                                                                                                                                                                                                                  RT_DIALOG0x2039880xe4dataEnglishUnited States0.6359649122807017
                                                                                                                                                                                                                                                                                                  RT_DIALOG0x203a700xdadataEnglishUnited States0.6376146788990825
                                                                                                                                                                                                                                                                                                  RT_DIALOG0x203b500x110dataEnglishUnited States0.5183823529411765
                                                                                                                                                                                                                                                                                                  RT_DIALOG0x203c600x1f2dataEnglishUnited States0.39759036144578314
                                                                                                                                                                                                                                                                                                  RT_DIALOG0x203e580xe8dataEnglishUnited States0.6508620689655172
                                                                                                                                                                                                                                                                                                  RT_DIALOG0x203f400xdedataEnglishUnited States0.6486486486486487
                                                                                                                                                                                                                                                                                                  RT_DIALOG0x2040200x120dataEnglishUnited States0.5381944444444444
                                                                                                                                                                                                                                                                                                  RT_DIALOG0x2041400x202dataEnglishUnited States0.42217898832684825
                                                                                                                                                                                                                                                                                                  RT_DIALOG0x2043480xf8dataEnglishUnited States0.6653225806451613
                                                                                                                                                                                                                                                                                                  RT_DIALOG0x2044400xeedataEnglishUnited States0.6512605042016807
                                                                                                                                                                                                                                                                                                  RT_GROUP_ICON0x2045300x14dataEnglishUnited States1.05
                                                                                                                                                                                                                                                                                                  RT_VERSION0x2045480x254dataEnglishUnited States0.4966442953020134
                                                                                                                                                                                                                                                                                                  RT_MANIFEST0x2047a00x42eXML 1.0 document, ASCII text, with very long lines (1070), with no line terminatorsEnglishUnited States0.5130841121495328

                                                                                                                                                                                                                                                                                                  Imports

                                                                                                                                                                                                                                                                                                  DLLImport
                                                                                                                                                                                                                                                                                                  KERNEL32.dllSetEnvironmentVariableW, SetFileAttributesW, Sleep, GetTickCount, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, SetCurrentDirectoryW, GetFileAttributesW, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, GetVersion, SetErrorMode, lstrlenW, lstrcpynW, GetDiskFreeSpaceW, ExitProcess, GetShortPathNameW, CreateThread, GetLastError, CreateDirectoryW, CreateProcessW, RemoveDirectoryW, lstrcmpiA, CreateFileW, GetTempFileNameW, WriteFile, lstrcpyA, MoveFileExW, lstrcatW, GetSystemDirectoryW, GetProcAddress, GetModuleHandleA, GetExitCodeProcess, WaitForSingleObject, lstrcmpiW, MoveFileW, GetFullPathNameW, SetFileTime, SearchPathW, CompareFileTime, lstrcmpW, CloseHandle, ExpandEnvironmentStringsW, GlobalFree, GlobalLock, GlobalUnlock, GlobalAlloc, FindFirstFileW, FindNextFileW, DeleteFileW, SetFilePointer, ReadFile, FindClose, lstrlenA, MulDiv, MultiByteToWideChar, WideCharToMultiByte, GetPrivateProfileStringW, WritePrivateProfileStringW, FreeLibrary, LoadLibraryExW, GetModuleHandleW
                                                                                                                                                                                                                                                                                                  USER32.dllGetSystemMenu, SetClassLongW, EnableMenuItem, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongW, SetCursor, LoadCursorW, CheckDlgButton, GetMessagePos, LoadBitmapW, CallWindowProcW, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, ScreenToClient, GetWindowRect, GetDlgItem, GetSystemMetrics, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharPrevW, CharNextA, wsprintfA, DispatchMessageW, PeekMessageW, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, GetDC, SetTimer, SetWindowTextW, LoadImageW, SetForegroundWindow, ShowWindow, IsWindow, SetWindowLongW, FindWindowExW, TrackPopupMenu, AppendMenuW, CreatePopupMenu, EndPaint, CreateDialogParamW, SendMessageTimeoutW, wsprintfW, PostQuitMessage
                                                                                                                                                                                                                                                                                                  GDI32.dllSelectObject, SetBkMode, CreateFontIndirectW, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
                                                                                                                                                                                                                                                                                                  SHELL32.dllSHGetSpecialFolderLocation, ShellExecuteExW, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, SHFileOperationW
                                                                                                                                                                                                                                                                                                  ADVAPI32.dllAdjustTokenPrivileges, RegCreateKeyExW, RegOpenKeyExW, SetFileSecurityW, OpenProcessToken, LookupPrivilegeValueW, RegEnumValueW, RegDeleteKeyW, RegDeleteValueW, RegCloseKey, RegSetValueExW, RegQueryValueExW, RegEnumKeyW
                                                                                                                                                                                                                                                                                                  COMCTL32.dllImageList_Create, ImageList_AddMasked, ImageList_Destroy
                                                                                                                                                                                                                                                                                                  ole32.dllOleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance

                                                                                                                                                                                                                                                                                                  Possible Origin

                                                                                                                                                                                                                                                                                                  Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                                                                  EnglishUnited States

                                                                                                                                                                                                                                                                                                  Network Behavior

                                                                                                                                                                                                                                                                                                  Network Port Distribution

                                                                                                                                                                                                                                                                                                  TCP Packets

                                                                                                                                                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:36.039480925 CEST49711443192.168.2.5172.65.251.78
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:36.039536953 CEST44349711172.65.251.78192.168.2.5
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:36.039638042 CEST49711443192.168.2.5172.65.251.78
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:36.040081978 CEST49711443192.168.2.5172.65.251.78
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:36.040095091 CEST44349711172.65.251.78192.168.2.5
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:36.526585102 CEST44349711172.65.251.78192.168.2.5
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:36.527018070 CEST49711443192.168.2.5172.65.251.78
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:36.527051926 CEST44349711172.65.251.78192.168.2.5
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:36.528606892 CEST44349711172.65.251.78192.168.2.5
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:36.528661966 CEST49711443192.168.2.5172.65.251.78
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:36.530611992 CEST49711443192.168.2.5172.65.251.78
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:36.530649900 CEST44349711172.65.251.78192.168.2.5
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:36.530700922 CEST49711443192.168.2.5172.65.251.78
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:36.965629101 CEST49714443192.168.2.5140.82.121.5
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:36.965667963 CEST44349714140.82.121.5192.168.2.5
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:36.965729952 CEST49714443192.168.2.5140.82.121.5
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:36.966295958 CEST49714443192.168.2.5140.82.121.5
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:36.966327906 CEST44349714140.82.121.5192.168.2.5
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:37.616157055 CEST44349714140.82.121.5192.168.2.5
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:37.669954062 CEST49714443192.168.2.5140.82.121.5
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:37.709481955 CEST49714443192.168.2.5140.82.121.5
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:37.709490061 CEST44349714140.82.121.5192.168.2.5
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:37.710539103 CEST44349714140.82.121.5192.168.2.5
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:37.710551023 CEST44349714140.82.121.5192.168.2.5
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:37.710793972 CEST49714443192.168.2.5140.82.121.5
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:37.711575031 CEST49714443192.168.2.5140.82.121.5
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:37.711621046 CEST44349714140.82.121.5192.168.2.5
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:37.711703062 CEST49714443192.168.2.5140.82.121.5
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:46.515835047 CEST49719443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:46.515891075 CEST44349719162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:46.515969992 CEST49719443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:46.516721010 CEST49719443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:46.516757011 CEST44349719162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:46.552651882 CEST49720443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:46.552695036 CEST44349720172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:46.552752972 CEST49720443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:46.553145885 CEST49720443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:46.553163052 CEST44349720172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:47.815793037 CEST44349719162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:47.815900087 CEST49719443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:47.815972090 CEST44349720172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:47.816029072 CEST44349720172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:47.816560030 CEST49720443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:47.816585064 CEST44349720172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:47.819206953 CEST49719443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:47.819235086 CEST44349719162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:47.821964025 CEST49720443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:47.821980000 CEST44349720172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:47.914786100 CEST44349719162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:47.922458887 CEST44349720172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:47.974057913 CEST49720443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:47.977967024 CEST49719443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:21:32.928545952 CEST49719443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:21:32.928570032 CEST44349719162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:21:32.928608894 CEST49720443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:21:32.928622007 CEST44349720172.64.41.3192.168.2.5

                                                                                                                                                                                                                                                                                                  UDP Packets

                                                                                                                                                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:36.027945995 CEST5931053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:36.035238028 CEST53593101.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:36.943094969 CEST5902253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:36.964525938 CEST53590221.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:46.505124092 CEST6419753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:46.505188942 CEST5583453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:46.512193918 CEST53641971.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:46.512872934 CEST53558341.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:46.515014887 CEST60024443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:46.515090942 CEST60024443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:46.543772936 CEST5472853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:46.544162035 CEST6241153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:46.550571918 CEST53547281.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:46.551008940 CEST53624111.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:46.552237988 CEST59221443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:46.552275896 CEST59221443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:46.816135883 CEST60024443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:46.863363028 CEST59221443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:47.087855101 CEST44360024162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:47.087872028 CEST44360024162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:47.087882042 CEST44360024162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:47.087930918 CEST44360024162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:47.087943077 CEST44360024162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:47.087954044 CEST44359221172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:47.087964058 CEST44359221172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:47.087973118 CEST44359221172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:47.088423014 CEST44359221172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:47.088433027 CEST44359221172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:47.091451883 CEST59221443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:47.092428923 CEST60024443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:47.096117973 CEST60024443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:47.098355055 CEST60024443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:47.098557949 CEST60024443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:47.099734068 CEST59221443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:47.108411074 CEST59221443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:47.108531952 CEST59221443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:47.108967066 CEST60024443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:47.109407902 CEST59221443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:47.178105116 CEST44360024162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:47.182506084 CEST44359221172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:47.192506075 CEST44360024162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:47.192517996 CEST44360024162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:47.192605019 CEST44360024162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:47.192612886 CEST44360024162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:47.192950964 CEST60024443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:47.193097115 CEST60024443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:47.203775883 CEST44360024162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:47.204233885 CEST44360024162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:47.206029892 CEST44359221172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:47.206173897 CEST44359221172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:47.206185102 CEST44359221172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:47.206199884 CEST44359221172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:47.206209898 CEST44359221172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:47.207402945 CEST59221443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:47.207506895 CEST59221443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:47.209889889 CEST44359221172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:47.210896015 CEST44359221172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:47.238154888 CEST59221443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:47.238161087 CEST60024443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:47.287170887 CEST44360024162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:47.305146933 CEST44359221172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:47.316426992 CEST60024443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:47.333420038 CEST59221443192.168.2.5172.64.41.3

                                                                                                                                                                                                                                                                                                  DNS Queries

                                                                                                                                                                                                                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:36.027945995 CEST192.168.2.51.1.1.10x393bStandard query (0)gitlab.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:36.943094969 CEST192.168.2.51.1.1.10x5528Standard query (0)api.github.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:46.505124092 CEST192.168.2.51.1.1.10xc85aStandard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:46.505188942 CEST192.168.2.51.1.1.10x89a8Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:46.543772936 CEST192.168.2.51.1.1.10x436dStandard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:46.544162035 CEST192.168.2.51.1.1.10x9843Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false

                                                                                                                                                                                                                                                                                                  DNS Answers

                                                                                                                                                                                                                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:36.035238028 CEST1.1.1.1192.168.2.50x393bNo error (0)gitlab.com172.65.251.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:36.964525938 CEST1.1.1.1192.168.2.50x5528No error (0)api.github.com140.82.121.5A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:46.512193918 CEST1.1.1.1192.168.2.50xc85aNo error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:46.512193918 CEST1.1.1.1192.168.2.50xc85aNo error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:46.512872934 CEST1.1.1.1192.168.2.50x89a8No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:46.550571918 CEST1.1.1.1192.168.2.50x436dNo error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:46.550571918 CEST1.1.1.1192.168.2.50x436dNo error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Sep 28, 2024 10:20:46.551008940 CEST1.1.1.1192.168.2.50x9843No error (0)chrome.cloudflare-dns.com65IN (0x0001)false

                                                                                                                                                                                                                                                                                                  Statistics

                                                                                                                                                                                                                                                                                                  CPU Usage

                                                                                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                                                                                  Memory Usage

                                                                                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                                                                                  High Level Behavior Distribution

                                                                                                                                                                                                                                                                                                  Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                                                  Behavior

                                                                                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                                                                                  System Behavior

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:0
                                                                                                                                                                                                                                                                                                  Start time:04:19:58
                                                                                                                                                                                                                                                                                                  Start date:28/09/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Users\user\Desktop\fideo-1.0.5.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                  Commandline:"C:\Users\user\Desktop\fideo-1.0.5.exe"
                                                                                                                                                                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                                                                                                                                                                  File size:83'114'406 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:BA835CDF19310218103F9596C0E5AB4E
                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:4
                                                                                                                                                                                                                                                                                                  Start time:04:20:32
                                                                                                                                                                                                                                                                                                  Start date:28/09/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Program Files\fideo\fideo.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                  Commandline:"C:\Program Files\fideo\fideo.exe"
                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff614370000
                                                                                                                                                                                                                                                                                                  File size:180'356'608 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:F877855851D8A48ADC29431B6B46A3B7
                                                                                                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:6
                                                                                                                                                                                                                                                                                                  Start time:04:20:35
                                                                                                                                                                                                                                                                                                  Start date:28/09/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Program Files\fideo\fideo.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                  Commandline:"C:\Program Files\fideo\fideo.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\fideo" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1800,i,17151387384183765936,16765276755101112878,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1768 /prefetch:2
                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff614370000
                                                                                                                                                                                                                                                                                                  File size:180'356'608 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:F877855851D8A48ADC29431B6B46A3B7
                                                                                                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:7
                                                                                                                                                                                                                                                                                                  Start time:04:20:35
                                                                                                                                                                                                                                                                                                  Start date:28/09/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                  Commandline:C:\Windows\Explorer.EXE
                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff674740000
                                                                                                                                                                                                                                                                                                  File size:5'141'208 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:662F4F92FDE3557E86D110526BB578D5
                                                                                                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:8
                                                                                                                                                                                                                                                                                                  Start time:04:20:38
                                                                                                                                                                                                                                                                                                  Start date:28/09/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Program Files\fideo\fideo.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                  Commandline:"C:\Program Files\fideo\fideo.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\fideo" --field-trial-handle=3108,i,17151387384183765936,16765276755101112878,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3228 /prefetch:3
                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff614370000
                                                                                                                                                                                                                                                                                                  File size:180'356'608 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:F877855851D8A48ADC29431B6B46A3B7
                                                                                                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:9
                                                                                                                                                                                                                                                                                                  Start time:04:20:41
                                                                                                                                                                                                                                                                                                  Start date:28/09/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Program Files\fideo\fideo.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                  Commandline:"C:\Program Files\fideo\fideo.exe" --type=renderer --user-data-dir="C:\Users\user\AppData\Roaming\fideo" --app-user-model-id=site.fideo.app --app-path="C:\Program Files\fideo\resources\app.asar" --no-sandbox --no-zygote --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --time-ticks-at-unix-epoch=-1727506034100756 --launch-time-ticks=5606445806 --field-trial-handle=3376,i,17151387384183765936,16765276755101112878,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3260 /prefetch:1
                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff614370000
                                                                                                                                                                                                                                                                                                  File size:180'356'608 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:F877855851D8A48ADC29431B6B46A3B7
                                                                                                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                                                                  Disassembly

                                                                                                                                                                                                                                                                                                  Reset < >

                                                                                                                                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                                                                                                                                    Execution Coverage:30.6%
                                                                                                                                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:4%
                                                                                                                                                                                                                                                                                                    Signature Coverage:21.4%
                                                                                                                                                                                                                                                                                                    Total number of Nodes:1392
                                                                                                                                                                                                                                                                                                    Total number of Limit Nodes:38
                                                                                                                                                                                                                                                                                                    execution_graph 3024 4015c1 3043 402c41 3024->3043 3028 401631 3030 401663 3028->3030 3031 401636 3028->3031 3034 401423 24 API calls 3030->3034 3067 401423 3031->3067 3039 40165b 3034->3039 3038 40164a SetCurrentDirectoryW 3038->3039 3040 4015d1 3040->3028 3041 401617 GetFileAttributesW 3040->3041 3055 405bbc 3040->3055 3059 40588b 3040->3059 3062 4057f1 CreateDirectoryW 3040->3062 3071 40586e CreateDirectoryW 3040->3071 3041->3040 3044 402c4d 3043->3044 3074 4062dc 3044->3074 3047 4015c8 3049 405c3a CharNextW CharNextW 3047->3049 3050 405c57 3049->3050 3053 405c69 3049->3053 3052 405c64 CharNextW 3050->3052 3050->3053 3051 405c8d 3051->3040 3052->3051 3053->3051 3054 405bbc CharNextW 3053->3054 3054->3053 3056 405bc2 3055->3056 3057 405bd8 3056->3057 3058 405bc9 CharNextW 3056->3058 3057->3040 3058->3056 3112 406694 GetModuleHandleA 3059->3112 3063 405842 GetLastError 3062->3063 3064 40583e 3062->3064 3063->3064 3065 405851 SetFileSecurityW 3063->3065 3064->3040 3065->3064 3066 405867 GetLastError 3065->3066 3066->3064 3121 405322 3067->3121 3070 4062ba lstrcpynW 3070->3038 3072 405882 GetLastError 3071->3072 3073 40587e 3071->3073 3072->3073 3073->3040 3089 4062e9 3074->3089 3075 406534 3076 402c6e 3075->3076 3107 4062ba lstrcpynW 3075->3107 3076->3047 3091 40654e 3076->3091 3078 406502 lstrlenW 3078->3089 3079 4062dc 10 API calls 3079->3078 3083 406417 GetSystemDirectoryW 3083->3089 3084 40642a GetWindowsDirectoryW 3084->3089 3085 40654e 5 API calls 3085->3089 3086 4062dc 10 API calls 3086->3089 3087 4064a5 lstrcatW 3087->3089 3088 40645e SHGetSpecialFolderLocation 3088->3089 3090 406476 SHGetPathFromIDListW CoTaskMemFree 3088->3090 3089->3075 3089->3078 3089->3079 3089->3083 3089->3084 3089->3085 3089->3086 3089->3087 3089->3088 3100 406188 3089->3100 3105 406201 wsprintfW 3089->3105 3106 4062ba lstrcpynW 3089->3106 3090->3089 3092 40655b 3091->3092 3094 4065d1 3092->3094 3095 4065c4 CharNextW 3092->3095 3097 405bbc CharNextW 3092->3097 3098 4065b0 CharNextW 3092->3098 3099 4065bf CharNextW 3092->3099 3093 4065d6 CharPrevW 3093->3094 3094->3093 3096 4065f7 3094->3096 3095->3092 3095->3094 3096->3047 3097->3092 3098->3092 3099->3095 3108 406127 3100->3108 3103 4061ec 3103->3089 3104 4061bc RegQueryValueExW RegCloseKey 3104->3103 3105->3089 3106->3089 3107->3076 3109 406136 3108->3109 3110 40613a 3109->3110 3111 40613f RegOpenKeyExW 3109->3111 3110->3103 3110->3104 3111->3110 3113 4066b0 3112->3113 3114 4066ba GetProcAddress 3112->3114 3118 406624 GetSystemDirectoryW 3113->3118 3117 405892 3114->3117 3116 4066b6 3116->3114 3116->3117 3117->3040 3119 406646 wsprintfW LoadLibraryExW 3118->3119 3119->3116 3122 40533d 3121->3122 3131 401431 3121->3131 3123 405359 lstrlenW 3122->3123 3124 4062dc 17 API calls 3122->3124 3125 405382 3123->3125 3126 405367 lstrlenW 3123->3126 3124->3123 3127 405395 3125->3127 3128 405388 SetWindowTextW 3125->3128 3129 405379 lstrcatW 3126->3129 3126->3131 3130 40539b SendMessageW SendMessageW SendMessageW 3127->3130 3127->3131 3128->3127 3129->3125 3130->3131 3131->3070 3132 401941 3133 401943 3132->3133 3134 402c41 17 API calls 3133->3134 3135 401948 3134->3135 3138 4059cc 3135->3138 3174 405c97 3138->3174 3141 4059f4 DeleteFileW 3172 401951 3141->3172 3142 405a0b 3143 405b2b 3142->3143 3188 4062ba lstrcpynW 3142->3188 3143->3172 3207 4065fd FindFirstFileW 3143->3207 3145 405a31 3146 405a44 3145->3146 3147 405a37 lstrcatW 3145->3147 3190 405bdb lstrlenW 3146->3190 3149 405a4a 3147->3149 3152 405a5a lstrcatW 3149->3152 3153 405a65 lstrlenW FindFirstFileW 3149->3153 3152->3153 3153->3143 3156 405a87 3153->3156 3157 405b0e FindNextFileW 3156->3157 3167 4059cc 60 API calls 3156->3167 3169 405322 24 API calls 3156->3169 3171 405322 24 API calls 3156->3171 3189 4062ba lstrcpynW 3156->3189 3194 405984 3156->3194 3202 406080 MoveFileExW 3156->3202 3157->3156 3161 405b24 FindClose 3157->3161 3158 405984 5 API calls 3160 405b66 3158->3160 3162 405b80 3160->3162 3163 405b6a 3160->3163 3161->3143 3165 405322 24 API calls 3162->3165 3166 405322 24 API calls 3163->3166 3163->3172 3165->3172 3168 405b77 3166->3168 3167->3156 3170 406080 36 API calls 3168->3170 3169->3157 3170->3172 3171->3156 3213 4062ba lstrcpynW 3174->3213 3176 405ca8 3177 405c3a 4 API calls 3176->3177 3178 405cae 3177->3178 3179 4059ec 3178->3179 3180 40654e 5 API calls 3178->3180 3179->3141 3179->3142 3186 405cbe 3180->3186 3181 405cef lstrlenW 3182 405cfa 3181->3182 3181->3186 3184 405b8f 3 API calls 3182->3184 3183 4065fd 2 API calls 3183->3186 3185 405cff GetFileAttributesW 3184->3185 3185->3179 3186->3179 3186->3181 3186->3183 3187 405bdb 2 API calls 3186->3187 3187->3181 3188->3145 3189->3156 3191 405be9 3190->3191 3192 405bfb 3191->3192 3193 405bef CharPrevW 3191->3193 3192->3149 3193->3191 3193->3192 3214 405d8b GetFileAttributesW 3194->3214 3197 4059b1 3197->3156 3198 4059a7 DeleteFileW 3200 4059ad 3198->3200 3199 40599f RemoveDirectoryW 3199->3200 3200->3197 3201 4059bd SetFileAttributesW 3200->3201 3201->3197 3203 4060a3 3202->3203 3204 406094 3202->3204 3203->3156 3217 405f06 3204->3217 3208 406613 FindClose 3207->3208 3209 405b50 3207->3209 3208->3209 3209->3172 3210 405b8f lstrlenW CharPrevW 3209->3210 3211 405b5a 3210->3211 3212 405bab lstrcatW 3210->3212 3211->3158 3212->3211 3213->3176 3215 405990 3214->3215 3216 405d9d SetFileAttributesW 3214->3216 3215->3197 3215->3198 3215->3199 3216->3215 3218 405f36 3217->3218 3219 405f5c GetShortPathNameW 3217->3219 3244 405db0 GetFileAttributesW CreateFileW 3218->3244 3221 405f71 3219->3221 3222 40607b 3219->3222 3221->3222 3224 405f79 wsprintfA 3221->3224 3222->3203 3223 405f40 CloseHandle GetShortPathNameW 3223->3222 3226 405f54 3223->3226 3225 4062dc 17 API calls 3224->3225 3227 405fa1 3225->3227 3226->3219 3226->3222 3245 405db0 GetFileAttributesW CreateFileW 3227->3245 3229 405fae 3229->3222 3230 405fbd GetFileSize GlobalAlloc 3229->3230 3231 406074 CloseHandle 3230->3231 3232 405fdf 3230->3232 3231->3222 3246 405e33 ReadFile 3232->3246 3237 406012 3240 405d15 4 API calls 3237->3240 3238 405ffe lstrcpyA 3239 406020 3238->3239 3241 406057 SetFilePointer 3239->3241 3240->3239 3253 405e62 WriteFile 3241->3253 3244->3223 3245->3229 3247 405e51 3246->3247 3247->3231 3248 405d15 lstrlenA 3247->3248 3249 405d56 lstrlenA 3248->3249 3250 405d5e 3249->3250 3251 405d2f lstrcmpiA 3249->3251 3250->3237 3250->3238 3251->3250 3252 405d4d CharNextA 3251->3252 3252->3249 3254 405e80 GlobalFree 3253->3254 3254->3231 3511 401e49 3512 402c1f 17 API calls 3511->3512 3513 401e4f 3512->3513 3514 402c1f 17 API calls 3513->3514 3515 401e5b 3514->3515 3516 401e72 EnableWindow 3515->3516 3517 401e67 ShowWindow 3515->3517 3518 402ac5 3516->3518 3517->3518 4034 40264a 4035 402c1f 17 API calls 4034->4035 4044 402659 4035->4044 4036 402796 4037 4026a3 ReadFile 4037->4036 4037->4044 4038 405e33 ReadFile 4038->4044 4040 4026e3 MultiByteToWideChar 4040->4044 4041 402798 4056 406201 wsprintfW 4041->4056 4043 402709 SetFilePointer MultiByteToWideChar 4043->4044 4044->4036 4044->4037 4044->4038 4044->4040 4044->4041 4044->4043 4045 4027a9 4044->4045 4047 405e91 SetFilePointer 4044->4047 4045->4036 4046 4027ca SetFilePointer 4045->4046 4046->4036 4048 405ead 4047->4048 4050 405ec5 4047->4050 4049 405e33 ReadFile 4048->4049 4051 405eb9 4049->4051 4050->4044 4051->4050 4052 405ef6 SetFilePointer 4051->4052 4053 405ece SetFilePointer 4051->4053 4052->4050 4053->4052 4054 405ed9 4053->4054 4055 405e62 WriteFile 4054->4055 4055->4050 4056->4036 3519 4fc1377 3526 4fc143a 3519->3526 3527 4fc13a3 3526->3527 3528 4fc1443 3526->3528 3531 4fc10d0 GetVersionExW 3527->3531 3528->3527 3529 4fc1473 GlobalFree 3528->3529 3530 4fc145f lstrcpynW 3528->3530 3529->3527 3530->3529 3532 4fc110a 3531->3532 3545 4fc1100 3531->3545 3533 4fc112c LoadLibraryW 3532->3533 3534 4fc1115 3532->3534 3536 4fc1145 GetProcAddress 3533->3536 3544 4fc11af 3533->3544 3535 4fc1227 LoadLibraryA 3534->3535 3534->3545 3537 4fc123f GetProcAddress GetProcAddress GetProcAddress 3535->3537 3535->3545 3538 4fc1198 3536->3538 3539 4fc1158 LocalAlloc 3536->3539 3541 4fc133a FreeLibrary 3537->3541 3555 4fc126e 3537->3555 3542 4fc11a4 FreeLibrary 3538->3542 3540 4fc1193 3539->3540 3540->3538 3543 4fc1166 NtQuerySystemInformation 3540->3543 3541->3545 3542->3544 3543->3542 3546 4fc1179 LocalFree 3543->3546 3544->3545 3547 4fc11c9 lstrcpynW lstrcmpiW 3544->3547 3549 4fc1219 LocalFree 3544->3549 3550 4fc11f9 3544->3550 3557 4fc14cf wsprintfW 3545->3557 3546->3538 3548 4fc118a LocalAlloc 3546->3548 3547->3544 3548->3540 3549->3545 3550->3544 3560 4fc103f OpenProcess 3550->3560 3552 4fc12a8 lstrlenW 3552->3555 3553 4fc1333 CloseHandle 3553->3541 3554 4fc12c9 lstrlenA MultiByteToWideChar lstrcmpiW 3554->3555 3555->3541 3555->3552 3555->3553 3555->3554 3556 4fc103f 8 API calls 3555->3556 3556->3555 3573 4fc1489 3557->3573 3561 4fc10cb 3560->3561 3562 4fc1060 3560->3562 3561->3550 3563 4fc10ac TerminateProcess 3562->3563 3564 4fc106b EnumWindows 3562->3564 3566 4fc10be CloseHandle 3563->3566 3567 4fc10a7 3563->3567 3564->3563 3565 4fc107f GetExitCodeProcess 3564->3565 3570 4fc1007 GetWindowThreadProcessId 3564->3570 3565->3567 3568 4fc108e 3565->3568 3566->3561 3567->3566 3568->3567 3569 4fc1097 WaitForSingleObject 3568->3569 3569->3563 3569->3567 3571 4fc1024 PostMessageW 3570->3571 3572 4fc1036 3570->3572 3571->3572 3574 4fc13b6 3573->3574 3575 4fc1492 GlobalAlloc lstrcpynW 3573->3575 3575->3574 4060 4016cc 4061 402c41 17 API calls 4060->4061 4062 4016d2 GetFullPathNameW 4061->4062 4063 4016ec 4062->4063 4064 40170e 4062->4064 4063->4064 4067 4065fd 2 API calls 4063->4067 4065 401723 GetShortPathNameW 4064->4065 4066 402ac5 4064->4066 4065->4066 4068 4016fe 4067->4068 4068->4064 4070 4062ba lstrcpynW 4068->4070 4070->4064 4071 40234e 4072 402c41 17 API calls 4071->4072 4073 40235d 4072->4073 4074 402c41 17 API calls 4073->4074 4075 402366 4074->4075 4076 402c41 17 API calls 4075->4076 4077 402370 GetPrivateProfileStringW 4076->4077 3853 4038d0 3854 4038e8 3853->3854 3855 4038da CloseHandle 3853->3855 3860 403915 3854->3860 3855->3854 3858 4059cc 67 API calls 3859 4038f9 3858->3859 3861 403923 3860->3861 3862 4038ed 3861->3862 3863 403928 FreeLibrary GlobalFree 3861->3863 3862->3858 3863->3862 3863->3863 4078 401b53 4079 402c41 17 API calls 4078->4079 4080 401b5a 4079->4080 4081 402c1f 17 API calls 4080->4081 4082 401b63 wsprintfW 4081->4082 4083 402ac5 4082->4083 4084 401956 4085 402c41 17 API calls 4084->4085 4086 40195d lstrlenW 4085->4086 4087 402592 4086->4087 4088 4014d7 4089 402c1f 17 API calls 4088->4089 4090 4014dd Sleep 4089->4090 4092 402ac5 4090->4092 3912 403d58 3913 403d70 3912->3913 3914 403eab 3912->3914 3913->3914 3917 403d7c 3913->3917 3915 403efc 3914->3915 3916 403ebc GetDlgItem GetDlgItem 3914->3916 3921 403f56 3915->3921 3929 401389 2 API calls 3915->3929 3920 404231 18 API calls 3916->3920 3918 403d87 SetWindowPos 3917->3918 3919 403d9a 3917->3919 3918->3919 3922 403db7 3919->3922 3923 403d9f ShowWindow 3919->3923 3924 403ee6 KiUserCallbackDispatcher 3920->3924 3925 40427d SendMessageW 3921->3925 3943 403ea6 3921->3943 3926 403dd9 3922->3926 3927 403dbf DestroyWindow 3922->3927 3923->3922 3928 40140b 2 API calls 3924->3928 3938 403f68 3925->3938 3930 403dde SetWindowLongW 3926->3930 3931 403def 3926->3931 3980 4041ba 3927->3980 3928->3915 3932 403f2e 3929->3932 3930->3943 3935 403dfb GetDlgItem 3931->3935 3950 403e66 3931->3950 3932->3921 3936 403f32 SendMessageW 3932->3936 3933 40140b 2 API calls 3933->3938 3934 4041bc DestroyWindow KiUserCallbackDispatcher 3934->3980 3939 403e2b 3935->3939 3940 403e0e SendMessageW IsWindowEnabled 3935->3940 3936->3943 3937 4041eb ShowWindow 3937->3943 3938->3933 3938->3934 3942 4062dc 17 API calls 3938->3942 3938->3943 3953 404231 18 API calls 3938->3953 3955 404231 18 API calls 3938->3955 3971 4040fc DestroyWindow 3938->3971 3944 403e38 3939->3944 3945 403e4b 3939->3945 3946 403e7f SendMessageW 3939->3946 3954 403e30 3939->3954 3940->3939 3940->3943 3941 404298 8 API calls 3941->3943 3942->3938 3944->3946 3944->3954 3948 403e53 3945->3948 3949 403e68 3945->3949 3946->3950 3947 40420a SendMessageW 3947->3950 3951 40140b 2 API calls 3948->3951 3952 40140b 2 API calls 3949->3952 3950->3941 3951->3954 3952->3954 3953->3938 3954->3947 3954->3950 3956 403fe3 GetDlgItem 3955->3956 3957 404000 ShowWindow KiUserCallbackDispatcher 3956->3957 3958 403ff8 3956->3958 3981 404253 KiUserCallbackDispatcher 3957->3981 3958->3957 3960 40402a KiUserCallbackDispatcher 3965 40403e 3960->3965 3961 404043 GetSystemMenu EnableMenuItem SendMessageW 3962 404073 SendMessageW 3961->3962 3961->3965 3962->3965 3964 403d39 18 API calls 3964->3965 3965->3961 3965->3964 3982 404266 SendMessageW 3965->3982 3983 4062ba lstrcpynW 3965->3983 3967 4040a2 lstrlenW 3968 4062dc 17 API calls 3967->3968 3969 4040b8 SetWindowTextW 3968->3969 3970 401389 2 API calls 3969->3970 3970->3938 3972 404116 CreateDialogParamW 3971->3972 3971->3980 3973 404149 3972->3973 3972->3980 3974 404231 18 API calls 3973->3974 3975 404154 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 3974->3975 3976 401389 2 API calls 3975->3976 3977 40419a 3976->3977 3977->3943 3978 4041a2 ShowWindow 3977->3978 3979 40427d SendMessageW 3978->3979 3979->3980 3980->3937 3980->3943 3981->3960 3982->3965 3983->3967 4093 401f58 4094 402c41 17 API calls 4093->4094 4095 401f5f 4094->4095 4096 4065fd 2 API calls 4095->4096 4097 401f65 4096->4097 4099 401f76 4097->4099 4100 406201 wsprintfW 4097->4100 4100->4099 3984 402259 3985 402c41 17 API calls 3984->3985 3986 40225f 3985->3986 3987 402c41 17 API calls 3986->3987 3988 402268 3987->3988 3989 402c41 17 API calls 3988->3989 3990 402271 3989->3990 3991 4065fd 2 API calls 3990->3991 3992 40227a 3991->3992 3993 40228b lstrlenW lstrlenW 3992->3993 3994 40227e 3992->3994 3996 405322 24 API calls 3993->3996 3995 405322 24 API calls 3994->3995 3998 402286 3994->3998 3995->3998 3997 4022c9 SHFileOperationW 3996->3997 3997->3994 3997->3998 4101 4046db 4102 404711 4101->4102 4103 4046eb 4101->4103 4105 404298 8 API calls 4102->4105 4104 404231 18 API calls 4103->4104 4106 4046f8 SetDlgItemTextW 4104->4106 4107 40471d 4105->4107 4106->4102 3999 40175c 4000 402c41 17 API calls 3999->4000 4001 401763 4000->4001 4002 405ddf 2 API calls 4001->4002 4003 40176a 4002->4003 4004 405ddf 2 API calls 4003->4004 4004->4003 4108 401d5d GetDlgItem GetClientRect 4109 402c41 17 API calls 4108->4109 4110 401d8f LoadImageW SendMessageW 4109->4110 4111 402ac5 4110->4111 4112 401dad DeleteObject 4110->4112 4112->4111 4113 4022dd 4114 4022e4 4113->4114 4117 4022f7 4113->4117 4115 4062dc 17 API calls 4114->4115 4116 4022f1 4115->4116 4118 405920 MessageBoxIndirectW 4116->4118 4118->4117 3255 405461 3256 405482 GetDlgItem GetDlgItem GetDlgItem 3255->3256 3257 40560b 3255->3257 3300 404266 SendMessageW 3256->3300 3259 405614 GetDlgItem CreateThread CloseHandle 3257->3259 3260 40563c 3257->3260 3259->3260 3323 4053f5 OleInitialize 3259->3323 3262 405667 3260->3262 3263 405653 ShowWindow ShowWindow 3260->3263 3264 40568c 3260->3264 3261 4054f2 3269 4054f9 GetClientRect GetSystemMetrics SendMessageW SendMessageW 3261->3269 3266 4056a1 ShowWindow 3262->3266 3267 40567b 3262->3267 3270 4056c7 3262->3270 3305 404266 SendMessageW 3263->3305 3309 404298 3264->3309 3274 4056c1 3266->3274 3275 4056b3 3266->3275 3306 40420a 3267->3306 3276 405567 3269->3276 3277 40554b SendMessageW SendMessageW 3269->3277 3270->3264 3271 4056d5 SendMessageW 3270->3271 3273 40569a 3271->3273 3278 4056ee CreatePopupMenu 3271->3278 3282 40420a SendMessageW 3274->3282 3281 405322 24 API calls 3275->3281 3279 40557a 3276->3279 3280 40556c SendMessageW 3276->3280 3277->3276 3283 4062dc 17 API calls 3278->3283 3301 404231 3279->3301 3280->3279 3281->3274 3282->3270 3285 4056fe AppendMenuW 3283->3285 3287 40571b GetWindowRect 3285->3287 3288 40572e TrackPopupMenu 3285->3288 3286 40558a 3289 405593 ShowWindow 3286->3289 3290 4055c7 GetDlgItem SendMessageW 3286->3290 3287->3288 3288->3273 3291 405749 3288->3291 3292 4055b6 3289->3292 3293 4055a9 ShowWindow 3289->3293 3290->3273 3294 4055ee SendMessageW SendMessageW 3290->3294 3295 405765 SendMessageW 3291->3295 3304 404266 SendMessageW 3292->3304 3293->3292 3294->3273 3295->3295 3296 405782 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 3295->3296 3298 4057a7 SendMessageW 3296->3298 3298->3298 3299 4057d0 GlobalUnlock SetClipboardData CloseClipboard 3298->3299 3299->3273 3300->3261 3302 4062dc 17 API calls 3301->3302 3303 40423c SetDlgItemTextW 3302->3303 3303->3286 3304->3290 3305->3262 3307 404211 3306->3307 3308 404217 SendMessageW 3306->3308 3307->3308 3308->3264 3310 40435b 3309->3310 3311 4042b0 GetWindowLongW 3309->3311 3310->3273 3311->3310 3312 4042c5 3311->3312 3312->3310 3313 4042f2 GetSysColor 3312->3313 3314 4042f5 3312->3314 3313->3314 3315 404305 SetBkMode 3314->3315 3316 4042fb SetTextColor 3314->3316 3317 404323 3315->3317 3318 40431d GetSysColor 3315->3318 3316->3315 3319 404334 3317->3319 3320 40432a SetBkColor 3317->3320 3318->3317 3319->3310 3321 404347 DeleteObject 3319->3321 3322 40434e CreateBrushIndirect 3319->3322 3320->3319 3321->3322 3322->3310 3330 40427d 3323->3330 3325 405418 3329 40543f 3325->3329 3333 401389 3325->3333 3326 40427d SendMessageW 3327 405451 CoUninitialize 3326->3327 3329->3326 3331 404295 3330->3331 3332 404286 SendMessageW 3330->3332 3331->3325 3332->3331 3335 401390 3333->3335 3334 4013fe 3334->3325 3335->3334 3336 4013cb MulDiv SendMessageW 3335->3336 3336->3335 4119 401563 4120 402a6b 4119->4120 4123 406201 wsprintfW 4120->4123 4122 402a70 4123->4122 3426 4023e4 3427 402c41 17 API calls 3426->3427 3428 4023f6 3427->3428 3429 402c41 17 API calls 3428->3429 3430 402400 3429->3430 3443 402cd1 3430->3443 3433 402ac5 3434 402438 3436 402444 3434->3436 3447 402c1f 3434->3447 3435 402c41 17 API calls 3437 40242e lstrlenW 3435->3437 3439 402463 RegSetValueExW 3436->3439 3450 403116 3436->3450 3437->3434 3441 402479 RegCloseKey 3439->3441 3441->3433 3444 402cec 3443->3444 3470 406155 3444->3470 3448 4062dc 17 API calls 3447->3448 3449 402c34 3448->3449 3449->3436 3451 40312f 3450->3451 3452 40315d 3451->3452 3477 403347 SetFilePointer 3451->3477 3474 403331 3452->3474 3456 4032b4 3456->3439 3457 4032ca 3459 40330c 3457->3459 3462 4032ce 3457->3462 3458 40317a GetTickCount 3458->3456 3466 4031c9 3458->3466 3461 403331 ReadFile 3459->3461 3460 403331 ReadFile 3460->3466 3461->3456 3462->3456 3463 403331 ReadFile 3462->3463 3464 405e62 WriteFile 3462->3464 3463->3462 3464->3462 3465 40321f GetTickCount 3465->3466 3466->3456 3466->3460 3466->3465 3467 403244 MulDiv wsprintfW 3466->3467 3469 405e62 WriteFile 3466->3469 3468 405322 24 API calls 3467->3468 3468->3466 3469->3466 3471 406164 3470->3471 3472 402410 3471->3472 3473 40616f RegCreateKeyExW 3471->3473 3472->3433 3472->3434 3472->3435 3473->3472 3475 405e33 ReadFile 3474->3475 3476 403168 3475->3476 3476->3456 3476->3457 3476->3458 3477->3452 4124 404367 lstrcpynW lstrlenW 4125 401968 4126 402c1f 17 API calls 4125->4126 4127 40196f 4126->4127 4128 402c1f 17 API calls 4127->4128 4129 40197c 4128->4129 4130 402c41 17 API calls 4129->4130 4131 401993 lstrlenW 4130->4131 4132 4019a4 4131->4132 4136 4019e5 4132->4136 4137 4062ba lstrcpynW 4132->4137 4134 4019d5 4135 4019da lstrlenW 4134->4135 4134->4136 4135->4136 4137->4134 4138 402868 4139 402c41 17 API calls 4138->4139 4140 40286f FindFirstFileW 4139->4140 4141 402897 4140->4141 4145 402882 4140->4145 4146 406201 wsprintfW 4141->4146 4143 4028a0 4147 4062ba lstrcpynW 4143->4147 4146->4143 4147->4145 4148 403968 4149 403973 4148->4149 4150 40397a GlobalAlloc 4149->4150 4151 403977 4149->4151 4150->4151 4152 40166a 4153 402c41 17 API calls 4152->4153 4154 401670 4153->4154 4155 4065fd 2 API calls 4154->4155 4156 401676 4155->4156 3576 40176f 3577 402c41 17 API calls 3576->3577 3578 401776 3577->3578 3579 401796 3578->3579 3580 40179e 3578->3580 3615 4062ba lstrcpynW 3579->3615 3616 4062ba lstrcpynW 3580->3616 3583 40179c 3587 40654e 5 API calls 3583->3587 3584 4017a9 3585 405b8f 3 API calls 3584->3585 3586 4017af lstrcatW 3585->3586 3586->3583 3603 4017bb 3587->3603 3588 4065fd 2 API calls 3588->3603 3589 405d8b 2 API calls 3589->3603 3591 4017cd CompareFileTime 3591->3603 3592 40188d 3594 405322 24 API calls 3592->3594 3593 401864 3595 405322 24 API calls 3593->3595 3605 401879 3593->3605 3596 401897 3594->3596 3595->3605 3597 403116 31 API calls 3596->3597 3598 4018aa 3597->3598 3600 4018be SetFileTime 3598->3600 3601 4018d0 CloseHandle 3598->3601 3599 4062ba lstrcpynW 3599->3603 3600->3601 3604 4018e1 3601->3604 3601->3605 3602 4062dc 17 API calls 3602->3603 3603->3588 3603->3589 3603->3591 3603->3592 3603->3593 3603->3599 3603->3602 3614 405db0 GetFileAttributesW CreateFileW 3603->3614 3617 405920 3603->3617 3606 4018e6 3604->3606 3607 4018f9 3604->3607 3608 4062dc 17 API calls 3606->3608 3609 4062dc 17 API calls 3607->3609 3611 4018ee lstrcatW 3608->3611 3612 401901 3609->3612 3611->3612 3613 405920 MessageBoxIndirectW 3612->3613 3613->3605 3614->3603 3615->3583 3616->3584 3618 405935 3617->3618 3619 405981 3618->3619 3620 405949 MessageBoxIndirectW 3618->3620 3619->3603 3620->3619 4157 4027ef 4158 4027f6 4157->4158 4160 402a70 4157->4160 4159 402c1f 17 API calls 4158->4159 4161 4027fd 4159->4161 4162 40280c SetFilePointer 4161->4162 4162->4160 4163 40281c 4162->4163 4165 406201 wsprintfW 4163->4165 4165->4160 4166 4043f0 4167 404522 4166->4167 4170 404408 4166->4170 4168 40458c 4167->4168 4169 404656 4167->4169 4175 40455d GetDlgItem SendMessageW 4167->4175 4168->4169 4171 404596 GetDlgItem 4168->4171 4177 404298 8 API calls 4169->4177 4172 404231 18 API calls 4170->4172 4173 4045b0 4171->4173 4174 404617 4171->4174 4176 40446f 4172->4176 4173->4174 4182 4045d6 SendMessageW LoadCursorW SetCursor 4173->4182 4174->4169 4178 404629 4174->4178 4199 404253 KiUserCallbackDispatcher 4175->4199 4180 404231 18 API calls 4176->4180 4181 404651 4177->4181 4183 40463f 4178->4183 4184 40462f SendMessageW 4178->4184 4186 40447c CheckDlgButton 4180->4186 4200 40469f 4182->4200 4183->4181 4188 404645 SendMessageW 4183->4188 4184->4183 4185 404587 4189 40467b SendMessageW 4185->4189 4197 404253 KiUserCallbackDispatcher 4186->4197 4188->4181 4189->4168 4192 40449a GetDlgItem 4198 404266 SendMessageW 4192->4198 4194 4044b0 SendMessageW 4195 4044d6 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 4194->4195 4196 4044cd GetSysColor 4194->4196 4195->4181 4196->4195 4197->4192 4198->4194 4199->4185 4203 4058e6 ShellExecuteExW 4200->4203 4202 404605 LoadCursorW SetCursor 4202->4174 4203->4202 4204 401a72 4205 402c1f 17 API calls 4204->4205 4206 401a7b 4205->4206 4207 402c1f 17 API calls 4206->4207 4208 401a20 4207->4208 4209 401573 4210 401583 ShowWindow 4209->4210 4211 40158c 4209->4211 4210->4211 4212 40159a ShowWindow 4211->4212 4213 402ac5 4211->4213 4212->4213 4214 402df3 4215 402e05 SetTimer 4214->4215 4216 402e1e 4214->4216 4215->4216 4217 402e73 4216->4217 4218 402e38 MulDiv wsprintfW SetWindowTextW SetDlgItemTextW 4216->4218 4218->4217 4219 401cf3 4220 402c1f 17 API calls 4219->4220 4221 401cf9 IsWindow 4220->4221 4222 401a20 4221->4222 4223 4014f5 SetForegroundWindow 4224 402ac5 4223->4224 4225 402576 4226 402c41 17 API calls 4225->4226 4227 40257d 4226->4227 4230 405db0 GetFileAttributesW CreateFileW 4227->4230 4229 402589 4230->4229 3889 401b77 3890 401b84 3889->3890 3891 401bc8 3889->3891 3894 4022e4 3890->3894 3899 401b9b 3890->3899 3892 401bf2 GlobalAlloc 3891->3892 3893 401bcd 3891->3893 3895 4062dc 17 API calls 3892->3895 3904 401c0d 3893->3904 3908 4062ba lstrcpynW 3893->3908 3896 4062dc 17 API calls 3894->3896 3895->3904 3898 4022f1 3896->3898 3903 405920 MessageBoxIndirectW 3898->3903 3909 4062ba lstrcpynW 3899->3909 3900 401bdf GlobalFree 3900->3904 3902 401baa 3910 4062ba lstrcpynW 3902->3910 3903->3904 3906 401bb9 3911 4062ba lstrcpynW 3906->3911 3908->3900 3909->3902 3910->3906 3911->3904 4231 404a78 4232 404aa4 4231->4232 4233 404a88 4231->4233 4235 404ad7 4232->4235 4236 404aaa SHGetPathFromIDListW 4232->4236 4242 405904 GetDlgItemTextW 4233->4242 4238 404ac1 SendMessageW 4236->4238 4239 404aba 4236->4239 4237 404a95 SendMessageW 4237->4232 4238->4235 4240 40140b 2 API calls 4239->4240 4240->4238 4242->4237 4243 4024f8 4244 402c81 17 API calls 4243->4244 4245 402502 4244->4245 4246 402c1f 17 API calls 4245->4246 4247 40250b 4246->4247 4248 402533 RegEnumValueW 4247->4248 4249 402527 RegEnumKeyW 4247->4249 4251 40288b 4247->4251 4250 402548 RegCloseKey 4248->4250 4249->4250 4250->4251 4253 40167b 4254 402c41 17 API calls 4253->4254 4255 401682 4254->4255 4256 402c41 17 API calls 4255->4256 4257 40168b 4256->4257 4258 402c41 17 API calls 4257->4258 4259 401694 MoveFileW 4258->4259 4260 4016a7 4259->4260 4261 4016a0 4259->4261 4262 4065fd 2 API calls 4260->4262 4265 402250 4260->4265 4263 401423 24 API calls 4261->4263 4264 4016b6 4262->4264 4263->4265 4264->4265 4266 406080 36 API calls 4264->4266 4266->4261 4267 401e7d 4268 402c41 17 API calls 4267->4268 4269 401e83 4268->4269 4270 402c41 17 API calls 4269->4270 4271 401e8c 4270->4271 4272 402c41 17 API calls 4271->4272 4273 401e95 4272->4273 4274 402c41 17 API calls 4273->4274 4275 401e9e 4274->4275 4276 401423 24 API calls 4275->4276 4277 401ea5 4276->4277 4284 4058e6 ShellExecuteExW 4277->4284 4279 401ee7 4282 40288b 4279->4282 4285 406745 WaitForSingleObject 4279->4285 4281 401f01 CloseHandle 4281->4282 4284->4279 4286 40675f 4285->4286 4287 406771 GetExitCodeProcess 4286->4287 4288 4066d0 2 API calls 4286->4288 4287->4281 4289 406766 WaitForSingleObject 4288->4289 4289->4286 4290 4019ff 4291 402c41 17 API calls 4290->4291 4292 401a06 4291->4292 4293 402c41 17 API calls 4292->4293 4294 401a0f 4293->4294 4295 401a16 lstrcmpiW 4294->4295 4296 401a28 lstrcmpW 4294->4296 4297 401a1c 4295->4297 4296->4297 4298 401000 4299 401037 BeginPaint GetClientRect 4298->4299 4300 40100c DefWindowProcW 4298->4300 4301 4010f3 4299->4301 4303 401179 4300->4303 4304 401073 CreateBrushIndirect FillRect DeleteObject 4301->4304 4305 4010fc 4301->4305 4304->4301 4306 401102 CreateFontIndirectW 4305->4306 4307 401167 EndPaint 4305->4307 4306->4307 4308 401112 6 API calls 4306->4308 4307->4303 4308->4307 4309 401503 4310 40150b 4309->4310 4312 40151e 4309->4312 4311 402c1f 17 API calls 4310->4311 4311->4312 3478 402104 3479 402c41 17 API calls 3478->3479 3480 40210b 3479->3480 3481 402c41 17 API calls 3480->3481 3482 402115 3481->3482 3483 402c41 17 API calls 3482->3483 3484 40211f 3483->3484 3485 402c41 17 API calls 3484->3485 3486 402129 3485->3486 3487 402c41 17 API calls 3486->3487 3489 402133 3487->3489 3488 402172 CoCreateInstance 3493 402191 3488->3493 3489->3488 3490 402c41 17 API calls 3489->3490 3490->3488 3491 401423 24 API calls 3492 402250 3491->3492 3493->3491 3493->3492 3494 402484 3505 402c81 3494->3505 3497 402c41 17 API calls 3498 402497 3497->3498 3499 4024a2 RegQueryValueExW 3498->3499 3500 40288b 3498->3500 3501 4024c2 3499->3501 3502 4024c8 RegCloseKey 3499->3502 3501->3502 3510 406201 wsprintfW 3501->3510 3502->3500 3506 402c41 17 API calls 3505->3506 3507 402c98 3506->3507 3508 406127 RegOpenKeyExW 3507->3508 3509 40248e 3508->3509 3509->3497 3510->3502 4313 4fc13b8 4314 4fc143a 2 API calls 4313->4314 4315 4fc13e4 4314->4315 4316 4fc10d0 29 API calls 4315->4316 4317 4fc13ee 4316->4317 4318 4fc14cf 3 API calls 4317->4318 4319 4fc13f7 4318->4319 4320 401f06 4321 402c41 17 API calls 4320->4321 4322 401f0c 4321->4322 4323 405322 24 API calls 4322->4323 4324 401f16 4323->4324 4325 4058a3 2 API calls 4324->4325 4326 401f1c 4325->4326 4327 401f3f CloseHandle 4326->4327 4328 406745 5 API calls 4326->4328 4331 40288b 4326->4331 4327->4331 4330 401f31 4328->4330 4330->4327 4333 406201 wsprintfW 4330->4333 4333->4327 4334 40190c 4335 401943 4334->4335 4336 402c41 17 API calls 4335->4336 4337 401948 4336->4337 4338 4059cc 67 API calls 4337->4338 4339 401951 4338->4339 4340 40230c 4341 402314 4340->4341 4343 40231a 4340->4343 4342 402c41 17 API calls 4341->4342 4342->4343 4344 402c41 17 API calls 4343->4344 4347 402328 4343->4347 4344->4347 4345 402c41 17 API calls 4348 402336 4345->4348 4346 402c41 17 API calls 4349 40233f WritePrivateProfileStringW 4346->4349 4347->4345 4347->4348 4348->4346 4350 401f8c 4351 402c41 17 API calls 4350->4351 4352 401f93 4351->4352 4353 406694 5 API calls 4352->4353 4354 401fa2 4353->4354 4355 401fbe GlobalAlloc 4354->4355 4357 402026 4354->4357 4356 401fd2 4355->4356 4355->4357 4358 406694 5 API calls 4356->4358 4359 401fd9 4358->4359 4360 406694 5 API calls 4359->4360 4361 401fe3 4360->4361 4361->4357 4365 406201 wsprintfW 4361->4365 4363 402018 4366 406201 wsprintfW 4363->4366 4365->4363 4366->4357 4367 40238e 4368 4023c1 4367->4368 4369 402396 4367->4369 4371 402c41 17 API calls 4368->4371 4370 402c81 17 API calls 4369->4370 4372 40239d 4370->4372 4373 4023c8 4371->4373 4375 4023d5 4372->4375 4376 402c41 17 API calls 4372->4376 4378 402cff 4373->4378 4377 4023ae RegDeleteValueW RegCloseKey 4376->4377 4377->4375 4379 402d13 4378->4379 4381 402d0c 4378->4381 4379->4381 4382 402d44 4379->4382 4381->4375 4383 406127 RegOpenKeyExW 4382->4383 4384 402d72 4383->4384 4385 402d98 RegEnumKeyW 4384->4385 4386 402daf RegCloseKey 4384->4386 4387 402dd0 RegCloseKey 4384->4387 4389 402d44 6 API calls 4384->4389 4392 402dc3 4384->4392 4385->4384 4385->4386 4388 406694 5 API calls 4386->4388 4387->4392 4390 402dbf 4388->4390 4389->4384 4391 402de0 RegDeleteKeyW 4390->4391 4390->4392 4391->4392 4392->4381 3621 40338f SetErrorMode GetVersion 3622 4033ce 3621->3622 3623 4033d4 3621->3623 3624 406694 5 API calls 3622->3624 3625 406624 3 API calls 3623->3625 3624->3623 3626 4033ea lstrlenA 3625->3626 3626->3623 3627 4033fa 3626->3627 3628 406694 5 API calls 3627->3628 3629 403401 3628->3629 3630 406694 5 API calls 3629->3630 3631 403408 3630->3631 3632 406694 5 API calls 3631->3632 3633 403414 #17 OleInitialize SHGetFileInfoW 3632->3633 3711 4062ba lstrcpynW 3633->3711 3636 403460 GetCommandLineW 3712 4062ba lstrcpynW 3636->3712 3638 403472 3639 405bbc CharNextW 3638->3639 3640 403497 CharNextW 3639->3640 3641 4035c1 GetTempPathW 3640->3641 3652 4034b0 3640->3652 3713 40335e 3641->3713 3643 4035d9 3644 403633 DeleteFileW 3643->3644 3645 4035dd GetWindowsDirectoryW lstrcatW 3643->3645 3723 402edd GetTickCount GetModuleFileNameW 3644->3723 3646 40335e 12 API calls 3645->3646 3649 4035f9 3646->3649 3647 405bbc CharNextW 3647->3652 3649->3644 3653 4035fd GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 3649->3653 3650 403647 3651 4036fe ExitProcess CoUninitialize 3650->3651 3659 405bbc CharNextW 3650->3659 3694 4036ea 3650->3694 3655 403834 3651->3655 3656 403714 3651->3656 3652->3647 3654 4035aa 3652->3654 3657 4035ac 3652->3657 3658 40335e 12 API calls 3653->3658 3654->3641 3663 4038b8 ExitProcess 3655->3663 3664 40383c GetCurrentProcess OpenProcessToken 3655->3664 3662 405920 MessageBoxIndirectW 3656->3662 3807 4062ba lstrcpynW 3657->3807 3665 40362b 3658->3665 3676 403666 3659->3676 3668 403722 ExitProcess 3662->3668 3669 403854 LookupPrivilegeValueW AdjustTokenPrivileges 3664->3669 3670 403888 3664->3670 3665->3644 3665->3651 3666 4036fa 3666->3651 3669->3670 3671 406694 5 API calls 3670->3671 3674 40388f 3671->3674 3672 4036c4 3678 405c97 18 API calls 3672->3678 3673 40372a 3677 40588b 5 API calls 3673->3677 3675 4038a4 ExitWindowsEx 3674->3675 3679 4038b1 3674->3679 3675->3663 3675->3679 3676->3672 3676->3673 3680 40372f lstrcatW 3677->3680 3684 4036d0 3678->3684 3681 40140b 2 API calls 3679->3681 3682 403740 lstrcatW 3680->3682 3683 40374b lstrcatW lstrcmpiW 3680->3683 3681->3663 3682->3683 3683->3651 3685 403767 3683->3685 3684->3651 3808 4062ba lstrcpynW 3684->3808 3687 403773 3685->3687 3688 40376c 3685->3688 3692 40586e 2 API calls 3687->3692 3690 4057f1 4 API calls 3688->3690 3689 4036df 3809 4062ba lstrcpynW 3689->3809 3693 403771 3690->3693 3695 403778 SetCurrentDirectoryW 3692->3695 3693->3695 3751 4039aa 3694->3751 3696 403793 3695->3696 3697 403788 3695->3697 3811 4062ba lstrcpynW 3696->3811 3810 4062ba lstrcpynW 3697->3810 3700 4062dc 17 API calls 3701 4037d2 DeleteFileW 3700->3701 3702 4037df CopyFileW 3701->3702 3708 4037a1 3701->3708 3702->3708 3703 403828 3704 406080 36 API calls 3703->3704 3706 40382f 3704->3706 3705 406080 36 API calls 3705->3708 3706->3651 3707 4062dc 17 API calls 3707->3708 3708->3700 3708->3703 3708->3705 3708->3707 3710 403813 CloseHandle 3708->3710 3812 4058a3 CreateProcessW 3708->3812 3710->3708 3711->3636 3712->3638 3714 40654e 5 API calls 3713->3714 3716 40336a 3714->3716 3715 403374 3715->3643 3716->3715 3717 405b8f 3 API calls 3716->3717 3718 40337c 3717->3718 3719 40586e 2 API calls 3718->3719 3720 403382 3719->3720 3815 405ddf 3720->3815 3819 405db0 GetFileAttributesW CreateFileW 3723->3819 3725 402f1d 3745 402f2d 3725->3745 3820 4062ba lstrcpynW 3725->3820 3727 402f43 3728 405bdb 2 API calls 3727->3728 3729 402f49 3728->3729 3821 4062ba lstrcpynW 3729->3821 3731 402f54 GetFileSize 3732 403050 3731->3732 3733 402f6b 3731->3733 3822 402e79 3732->3822 3733->3732 3736 403331 ReadFile 3733->3736 3740 4030bc 3733->3740 3733->3745 3747 402e79 6 API calls 3733->3747 3735 403059 3737 403089 GlobalAlloc 3735->3737 3735->3745 3834 403347 SetFilePointer 3735->3834 3736->3733 3833 403347 SetFilePointer 3737->3833 3742 402e79 6 API calls 3740->3742 3741 4030a4 3744 403116 31 API calls 3741->3744 3742->3745 3743 403072 3746 403331 ReadFile 3743->3746 3749 4030b0 3744->3749 3745->3650 3748 40307d 3746->3748 3747->3733 3748->3737 3748->3745 3749->3745 3750 4030ed SetFilePointer 3749->3750 3750->3745 3752 406694 5 API calls 3751->3752 3753 4039be 3752->3753 3754 4039c4 3753->3754 3755 4039d6 3753->3755 3847 406201 wsprintfW 3754->3847 3756 406188 3 API calls 3755->3756 3757 403a06 3756->3757 3759 403a25 lstrcatW 3757->3759 3760 406188 3 API calls 3757->3760 3761 4039d4 3759->3761 3760->3759 3839 403c80 3761->3839 3764 405c97 18 API calls 3765 403a57 3764->3765 3766 403aeb 3765->3766 3768 406188 3 API calls 3765->3768 3767 405c97 18 API calls 3766->3767 3769 403af1 3767->3769 3770 403a89 3768->3770 3771 403b01 LoadImageW 3769->3771 3772 4062dc 17 API calls 3769->3772 3770->3766 3777 403aaa lstrlenW 3770->3777 3781 405bbc CharNextW 3770->3781 3773 403ba7 3771->3773 3774 403b28 RegisterClassW 3771->3774 3772->3771 3776 40140b 2 API calls 3773->3776 3775 403b5e SystemParametersInfoW CreateWindowExW 3774->3775 3806 403bb1 3774->3806 3775->3773 3780 403bad 3776->3780 3778 403ab8 lstrcmpiW 3777->3778 3779 403ade 3777->3779 3778->3779 3782 403ac8 GetFileAttributesW 3778->3782 3783 405b8f 3 API calls 3779->3783 3786 403c80 18 API calls 3780->3786 3780->3806 3784 403aa7 3781->3784 3785 403ad4 3782->3785 3787 403ae4 3783->3787 3784->3777 3785->3779 3788 405bdb 2 API calls 3785->3788 3789 403bbe 3786->3789 3848 4062ba lstrcpynW 3787->3848 3788->3779 3791 403bca ShowWindow 3789->3791 3792 403c4d 3789->3792 3794 406624 3 API calls 3791->3794 3793 4053f5 5 API calls 3792->3793 3795 403c53 3793->3795 3796 403be2 3794->3796 3797 403c57 3795->3797 3798 403c6f 3795->3798 3799 403bf0 GetClassInfoW 3796->3799 3801 406624 3 API calls 3796->3801 3805 40140b 2 API calls 3797->3805 3797->3806 3800 40140b 2 API calls 3798->3800 3802 403c04 GetClassInfoW RegisterClassW 3799->3802 3803 403c1a DialogBoxParamW 3799->3803 3800->3806 3801->3799 3802->3803 3804 40140b 2 API calls 3803->3804 3804->3806 3805->3806 3806->3666 3807->3654 3808->3689 3809->3694 3810->3696 3811->3708 3813 4058e2 3812->3813 3814 4058d6 CloseHandle 3812->3814 3813->3708 3814->3813 3816 405dec GetTickCount GetTempFileNameW 3815->3816 3817 405e22 3816->3817 3818 40338d 3816->3818 3817->3816 3817->3818 3818->3643 3819->3725 3820->3727 3821->3731 3823 402e82 3822->3823 3824 402e9a 3822->3824 3827 402e92 3823->3827 3828 402e8b DestroyWindow 3823->3828 3825 402ea2 3824->3825 3826 402eaa GetTickCount 3824->3826 3835 4066d0 3825->3835 3830 402eb8 CreateDialogParamW ShowWindow 3826->3830 3831 402edb 3826->3831 3827->3735 3828->3827 3830->3831 3831->3735 3833->3741 3834->3743 3836 4066ed PeekMessageW 3835->3836 3837 4066e3 DispatchMessageW 3836->3837 3838 402ea8 3836->3838 3837->3836 3838->3735 3840 403c94 3839->3840 3849 406201 wsprintfW 3840->3849 3842 403d05 3850 403d39 3842->3850 3844 403a35 3844->3764 3845 403d0a 3845->3844 3846 4062dc 17 API calls 3845->3846 3846->3845 3847->3761 3848->3766 3849->3842 3851 4062dc 17 API calls 3850->3851 3852 403d47 SetWindowTextW 3851->3852 3852->3845 4393 40190f 4394 402c41 17 API calls 4393->4394 4395 401916 4394->4395 4396 405920 MessageBoxIndirectW 4395->4396 4397 40191f 4396->4397 4398 401491 4399 405322 24 API calls 4398->4399 4400 401498 4399->4400 4401 401d14 4402 402c1f 17 API calls 4401->4402 4403 401d1b 4402->4403 4404 402c1f 17 API calls 4403->4404 4405 401d27 GetDlgItem 4404->4405 4406 402592 4405->4406 4407 405296 4408 4052a6 4407->4408 4409 4052ba 4407->4409 4410 405303 4408->4410 4411 4052ac 4408->4411 4412 4052c2 IsWindowVisible 4409->4412 4418 4052d9 4409->4418 4413 405308 CallWindowProcW 4410->4413 4414 40427d SendMessageW 4411->4414 4412->4410 4415 4052cf 4412->4415 4416 4052b6 4413->4416 4414->4416 4420 404bec SendMessageW 4415->4420 4418->4413 4425 404c6c 4418->4425 4421 404c4b SendMessageW 4420->4421 4422 404c0f GetMessagePos ScreenToClient SendMessageW 4420->4422 4423 404c43 4421->4423 4422->4423 4424 404c48 4422->4424 4423->4418 4424->4421 4434 4062ba lstrcpynW 4425->4434 4427 404c7f 4435 406201 wsprintfW 4427->4435 4429 404c89 4430 40140b 2 API calls 4429->4430 4431 404c92 4430->4431 4436 4062ba lstrcpynW 4431->4436 4433 404c99 4433->4410 4434->4427 4435->4429 4436->4433 4437 402598 4438 4025c7 4437->4438 4439 4025ac 4437->4439 4441 4025fb 4438->4441 4442 4025cc 4438->4442 4440 402c1f 17 API calls 4439->4440 4449 4025b3 4440->4449 4444 402c41 17 API calls 4441->4444 4443 402c41 17 API calls 4442->4443 4445 4025d3 WideCharToMultiByte lstrlenA 4443->4445 4446 402602 lstrlenW 4444->4446 4445->4449 4446->4449 4447 40262f 4448 402645 4447->4448 4450 405e62 WriteFile 4447->4450 4449->4447 4449->4448 4451 405e91 5 API calls 4449->4451 4450->4448 4451->4447 4452 40149e 4453 4022f7 4452->4453 4454 4014ac PostQuitMessage 4452->4454 4454->4453 4455 404c9e GetDlgItem GetDlgItem 4456 404cf0 7 API calls 4455->4456 4465 404f09 4455->4465 4457 404d93 DeleteObject 4456->4457 4458 404d86 SendMessageW 4456->4458 4459 404d9c 4457->4459 4458->4457 4460 404dd3 4459->4460 4464 4062dc 17 API calls 4459->4464 4462 404231 18 API calls 4460->4462 4461 404fed 4463 405099 4461->4463 4473 405046 SendMessageW 4461->4473 4498 404efc 4461->4498 4466 404de7 4462->4466 4468 4050a3 SendMessageW 4463->4468 4469 4050ab 4463->4469 4470 404db5 SendMessageW SendMessageW 4464->4470 4465->4461 4467 404f7a 4465->4467 4471 404bec 5 API calls 4465->4471 4472 404231 18 API calls 4466->4472 4467->4461 4475 404fdf SendMessageW 4467->4475 4468->4469 4476 4050c4 4469->4476 4477 4050bd ImageList_Destroy 4469->4477 4485 4050d4 4469->4485 4470->4459 4471->4467 4489 404df5 4472->4489 4479 40505b SendMessageW 4473->4479 4473->4498 4474 404298 8 API calls 4480 40528f 4474->4480 4475->4461 4481 4050cd GlobalFree 4476->4481 4476->4485 4477->4476 4478 405243 4486 405255 ShowWindow GetDlgItem ShowWindow 4478->4486 4478->4498 4483 40506e 4479->4483 4481->4485 4482 404eca GetWindowLongW SetWindowLongW 4484 404ee3 4482->4484 4493 40507f SendMessageW 4483->4493 4487 404f01 4484->4487 4488 404ee9 ShowWindow 4484->4488 4485->4478 4497 404c6c 4 API calls 4485->4497 4502 40510f 4485->4502 4486->4498 4507 404266 SendMessageW 4487->4507 4506 404266 SendMessageW 4488->4506 4489->4482 4492 404e45 SendMessageW 4489->4492 4494 404ec4 4489->4494 4495 404e81 SendMessageW 4489->4495 4496 404e92 SendMessageW 4489->4496 4492->4489 4493->4463 4494->4482 4494->4484 4495->4489 4496->4489 4497->4502 4498->4474 4499 405219 InvalidateRect 4499->4478 4500 40522f 4499->4500 4503 404ba7 20 API calls 4500->4503 4501 40513d SendMessageW 4505 405153 4501->4505 4502->4501 4502->4505 4503->4478 4504 4051c7 SendMessageW SendMessageW 4504->4505 4505->4499 4505->4504 4506->4498 4507->4465 4005 401c1f 4006 402c1f 17 API calls 4005->4006 4007 401c26 4006->4007 4008 402c1f 17 API calls 4007->4008 4009 401c33 4008->4009 4010 402c41 17 API calls 4009->4010 4014 401c48 4009->4014 4010->4014 4011 402c41 17 API calls 4015 401c58 4011->4015 4012 401c63 4016 402c1f 17 API calls 4012->4016 4013 401caf 4017 402c41 17 API calls 4013->4017 4014->4011 4014->4015 4015->4012 4015->4013 4018 401c68 4016->4018 4019 401cb4 4017->4019 4020 402c1f 17 API calls 4018->4020 4021 402c41 17 API calls 4019->4021 4022 401c74 4020->4022 4023 401cbd FindWindowExW 4021->4023 4024 401c81 SendMessageTimeoutW 4022->4024 4025 401c9f SendMessageW 4022->4025 4026 401cdf 4023->4026 4024->4026 4025->4026 3021 402aa0 SendMessageW 3022 402ac5 3021->3022 3023 402aba InvalidateRect 3021->3023 3023->3022 4508 402821 4509 402827 4508->4509 4510 402ac5 4509->4510 4511 40282f FindClose 4509->4511 4511->4510 4512 4043a1 lstrlenW 4513 4043c0 4512->4513 4514 4043c2 WideCharToMultiByte 4512->4514 4513->4514 3337 404722 3338 40474e 3337->3338 3339 40475f 3337->3339 3417 405904 GetDlgItemTextW 3338->3417 3341 40476b GetDlgItem 3339->3341 3347 4047d7 3339->3347 3343 40477f 3341->3343 3342 404759 3345 40654e 5 API calls 3342->3345 3346 404793 SetWindowTextW 3343->3346 3353 405c3a 4 API calls 3343->3353 3344 4048ae 3400 404a5d 3344->3400 3404 405904 GetDlgItemTextW 3344->3404 3345->3339 3351 404231 18 API calls 3346->3351 3347->3344 3349 4062dc 17 API calls 3347->3349 3347->3400 3354 40483e SHBrowseForFolderW 3349->3354 3350 4048de 3355 405c97 18 API calls 3350->3355 3356 4047af 3351->3356 3352 404298 8 API calls 3357 404a71 3352->3357 3358 404789 3353->3358 3354->3344 3359 404856 CoTaskMemFree 3354->3359 3360 4048e4 3355->3360 3361 404231 18 API calls 3356->3361 3358->3346 3364 405b8f 3 API calls 3358->3364 3362 405b8f 3 API calls 3359->3362 3405 4062ba lstrcpynW 3360->3405 3363 4047bd 3361->3363 3365 404863 3362->3365 3403 404266 SendMessageW 3363->3403 3364->3346 3368 40489a SetDlgItemTextW 3365->3368 3373 4062dc 17 API calls 3365->3373 3368->3344 3369 4048fb 3371 406694 5 API calls 3369->3371 3370 4047c3 3372 406694 5 API calls 3370->3372 3374 404902 3371->3374 3375 4047ca 3372->3375 3376 404882 lstrcmpiW 3373->3376 3377 404943 3374->3377 3381 404911 GetDiskFreeSpaceExW 3374->3381 3385 405bdb 2 API calls 3374->3385 3378 4047d2 SHAutoComplete 3375->3378 3375->3400 3376->3368 3380 404893 lstrcatW 3376->3380 3418 4062ba lstrcpynW 3377->3418 3378->3347 3380->3368 3381->3374 3390 40499b 3381->3390 3382 40494a 3383 405c3a 4 API calls 3382->3383 3384 404950 3383->3384 3386 404956 3384->3386 3387 404959 GetDiskFreeSpaceW 3384->3387 3385->3374 3386->3387 3388 404974 MulDiv 3387->3388 3387->3390 3388->3390 3389 404a0c 3392 404a2f 3389->3392 3419 40140b 3389->3419 3390->3389 3406 404ba7 3390->3406 3422 404253 KiUserCallbackDispatcher 3392->3422 3396 404a0e SetDlgItemTextW 3396->3389 3397 4049fe 3409 404ade 3397->3409 3398 404a4b 3398->3400 3401 404a58 3398->3401 3400->3352 3423 40467b 3401->3423 3403->3370 3404->3350 3405->3369 3407 404ade 20 API calls 3406->3407 3408 4049f9 3407->3408 3408->3396 3408->3397 3410 404af7 3409->3410 3411 4062dc 17 API calls 3410->3411 3412 404b5b 3411->3412 3413 4062dc 17 API calls 3412->3413 3414 404b66 3413->3414 3415 4062dc 17 API calls 3414->3415 3416 404b7c lstrlenW wsprintfW SetDlgItemTextW 3415->3416 3416->3389 3417->3342 3418->3382 3420 401389 2 API calls 3419->3420 3421 401420 3420->3421 3421->3392 3422->3398 3424 404689 3423->3424 3425 40468e SendMessageW 3423->3425 3424->3425 3425->3400 4515 4015a3 4516 402c41 17 API calls 4515->4516 4517 4015aa SetFileAttributesW 4516->4517 4518 4015bc 4517->4518 4519 4029a8 4520 402c1f 17 API calls 4519->4520 4521 4029ae 4520->4521 4522 4029d5 4521->4522 4523 4029ee 4521->4523 4529 40288b 4521->4529 4524 4029da 4522->4524 4532 4029eb 4522->4532 4525 402a08 4523->4525 4526 4029f8 4523->4526 4533 4062ba lstrcpynW 4524->4533 4528 4062dc 17 API calls 4525->4528 4527 402c1f 17 API calls 4526->4527 4527->4532 4528->4532 4532->4529 4534 406201 wsprintfW 4532->4534 4533->4529 4534->4529 4535 4028ad 4536 402c41 17 API calls 4535->4536 4538 4028bb 4536->4538 4537 4028d1 4540 405d8b 2 API calls 4537->4540 4538->4537 4539 402c41 17 API calls 4538->4539 4539->4537 4541 4028d7 4540->4541 4563 405db0 GetFileAttributesW CreateFileW 4541->4563 4543 4028e4 4544 4028f0 GlobalAlloc 4543->4544 4545 402987 4543->4545 4546 402909 4544->4546 4547 40297e CloseHandle 4544->4547 4548 4029a2 4545->4548 4549 40298f DeleteFileW 4545->4549 4564 403347 SetFilePointer 4546->4564 4547->4545 4549->4548 4551 40290f 4552 403331 ReadFile 4551->4552 4553 402918 GlobalAlloc 4552->4553 4554 402928 4553->4554 4555 40295c 4553->4555 4557 403116 31 API calls 4554->4557 4556 405e62 WriteFile 4555->4556 4558 402968 GlobalFree 4556->4558 4562 402935 4557->4562 4559 403116 31 API calls 4558->4559 4561 40297b 4559->4561 4560 402953 GlobalFree 4560->4555 4561->4547 4562->4560 4563->4543 4564->4551 4565 401a30 4566 402c41 17 API calls 4565->4566 4567 401a39 ExpandEnvironmentStringsW 4566->4567 4568 401a4d 4567->4568 4570 401a60 4567->4570 4569 401a52 lstrcmpW 4568->4569 4568->4570 4569->4570 3864 402032 3865 402044 3864->3865 3874 4020f6 3864->3874 3866 402c41 17 API calls 3865->3866 3867 40204b 3866->3867 3869 402c41 17 API calls 3867->3869 3868 401423 24 API calls 3875 402250 3868->3875 3870 402054 3869->3870 3871 40206a LoadLibraryExW 3870->3871 3872 40205c GetModuleHandleW 3870->3872 3873 40207b 3871->3873 3871->3874 3872->3871 3872->3873 3886 406703 WideCharToMultiByte 3873->3886 3874->3868 3878 4020c5 3880 405322 24 API calls 3878->3880 3879 40208c 3881 402094 3879->3881 3882 4020ab KiUserCallbackDispatcher 3879->3882 3883 40209c 3880->3883 3884 401423 24 API calls 3881->3884 3882->3883 3883->3875 3885 4020e8 FreeLibrary 3883->3885 3884->3883 3885->3875 3887 40672d GetProcAddress 3886->3887 3888 402086 3886->3888 3887->3888 3888->3878 3888->3879 4576 401735 4577 402c41 17 API calls 4576->4577 4578 40173c SearchPathW 4577->4578 4579 401757 4578->4579 4580 402a35 4581 402c1f 17 API calls 4580->4581 4582 402a3b 4581->4582 4583 402a72 4582->4583 4584 402a4d 4582->4584 4586 40288b 4582->4586 4585 4062dc 17 API calls 4583->4585 4583->4586 4584->4586 4588 406201 wsprintfW 4584->4588 4585->4586 4588->4586 4589 4014b8 4590 4014be 4589->4590 4591 401389 2 API calls 4590->4591 4592 4014c6 4591->4592 4593 401db9 GetDC 4594 402c1f 17 API calls 4593->4594 4595 401dcb GetDeviceCaps MulDiv ReleaseDC 4594->4595 4596 402c1f 17 API calls 4595->4596 4597 401dfc 4596->4597 4598 4062dc 17 API calls 4597->4598 4599 401e39 CreateFontIndirectW 4598->4599 4600 402592 4599->4600 4601 40283b 4602 402843 4601->4602 4603 402847 FindNextFileW 4602->4603 4606 402859 4602->4606 4604 4028a0 4603->4604 4603->4606 4607 4062ba lstrcpynW 4604->4607 4607->4606

                                                                                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                                                                                    Function 0040338F Relevance: 75.7, APIs: 33, Strings: 10, Instructions: 410stringfilecomCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                    control_flow_graph 0 40338f-4033cc SetErrorMode GetVersion 1 4033ce-4033d6 call 406694 0->1 2 4033df 0->2 1->2 7 4033d8 1->7 3 4033e4-4033f8 call 406624 lstrlenA 2->3 9 4033fa-403416 call 406694 * 3 3->9 7->2 16 403427-403486 #17 OleInitialize SHGetFileInfoW call 4062ba GetCommandLineW call 4062ba 9->16 17 403418-40341e 9->17 24 403490-4034aa call 405bbc CharNextW 16->24 25 403488-40348f 16->25 17->16 21 403420 17->21 21->16 28 4034b0-4034b6 24->28 29 4035c1-4035db GetTempPathW call 40335e 24->29 25->24 31 4034b8-4034bd 28->31 32 4034bf-4034c3 28->32 38 403633-40364d DeleteFileW call 402edd 29->38 39 4035dd-4035fb GetWindowsDirectoryW lstrcatW call 40335e 29->39 31->31 31->32 34 4034c5-4034c9 32->34 35 4034ca-4034ce 32->35 34->35 36 4034d4-4034da 35->36 37 40358d-40359a call 405bbc 35->37 40 4034f5-40352e 36->40 41 4034dc-4034e4 36->41 57 40359c-40359d 37->57 58 40359e-4035a4 37->58 52 403653-403659 38->52 53 4036fe-40370e ExitProcess CoUninitialize 38->53 39->38 56 4035fd-40362d GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 40335e 39->56 47 403530-403535 40->47 48 40354b-403585 40->48 45 4034e6-4034e9 41->45 46 4034eb 41->46 45->40 45->46 46->40 47->48 54 403537-40353f 47->54 48->37 55 403587-40358b 48->55 60 4036ee-4036f5 call 4039aa 52->60 61 40365f-40366a call 405bbc 52->61 62 403834-40383a 53->62 63 403714-403724 call 405920 ExitProcess 53->63 64 403541-403544 54->64 65 403546 54->65 55->37 66 4035ac-4035ba call 4062ba 55->66 56->38 56->53 57->58 58->28 59 4035aa 58->59 68 4035bf 59->68 77 4036fa 60->77 83 4036b8-4036c2 61->83 84 40366c-4036a1 61->84 73 4038b8-4038c0 62->73 74 40383c-403852 GetCurrentProcess OpenProcessToken 62->74 64->48 64->65 65->48 66->68 68->29 78 4038c2 73->78 79 4038c6-4038ca ExitProcess 73->79 81 403854-403882 LookupPrivilegeValueW AdjustTokenPrivileges 74->81 82 403888-403896 call 406694 74->82 77->53 78->79 81->82 90 4038a4-4038af ExitWindowsEx 82->90 91 403898-4038a2 82->91 87 4036c4-4036d2 call 405c97 83->87 88 40372a-40373e call 40588b lstrcatW 83->88 86 4036a3-4036a7 84->86 92 4036b0-4036b4 86->92 93 4036a9-4036ae 86->93 87->53 104 4036d4-4036ea call 4062ba * 2 87->104 102 403740-403746 lstrcatW 88->102 103 40374b-403765 lstrcatW lstrcmpiW 88->103 90->73 96 4038b1-4038b3 call 40140b 90->96 91->90 91->96 92->86 97 4036b6 92->97 93->92 93->97 96->73 97->83 102->103 103->53 105 403767-40376a 103->105 104->60 107 403773 call 40586e 105->107 108 40376c-403771 call 4057f1 105->108 115 403778-403786 SetCurrentDirectoryW 107->115 108->115 116 403793-4037bc call 4062ba 115->116 117 403788-40378e call 4062ba 115->117 121 4037c1-4037dd call 4062dc DeleteFileW 116->121 117->116 124 40381e-403826 121->124 125 4037df-4037ef CopyFileW 121->125 124->121 126 403828-40382f call 406080 124->126 125->124 127 4037f1-403811 call 406080 call 4062dc call 4058a3 125->127 126->53 127->124 136 403813-40381a CloseHandle 127->136 136->124
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • SetErrorMode.KERNEL32 ref: 004033B2
                                                                                                                                                                                                                                                                                                    • GetVersion.KERNEL32 ref: 004033B8
                                                                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 004033EB
                                                                                                                                                                                                                                                                                                    • #17.COMCTL32(?,00000006,00000008,0000000A), ref: 00403428
                                                                                                                                                                                                                                                                                                    • OleInitialize.OLE32(00000000), ref: 0040342F
                                                                                                                                                                                                                                                                                                    • SHGetFileInfoW.SHELL32(00440208,00000000,?,000002B4,00000000), ref: 0040344B
                                                                                                                                                                                                                                                                                                    • GetCommandLineW.KERNEL32(00472EE0,NSIS Error,?,00000006,00000008,0000000A), ref: 00403460
                                                                                                                                                                                                                                                                                                    • CharNextW.USER32(00000000,004CB000,00000020,004CB000,00000000,?,00000006,00000008,0000000A), ref: 00403498
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00406694: GetModuleHandleA.KERNEL32(?,00000020,?,00403401,0000000A), ref: 004066A6
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00406694: GetProcAddress.KERNEL32(00000000,?), ref: 004066C1
                                                                                                                                                                                                                                                                                                    • GetTempPathW.KERNEL32(00002000,004DF000,?,00000006,00000008,0000000A), ref: 004035D2
                                                                                                                                                                                                                                                                                                    • GetWindowsDirectoryW.KERNEL32(004DF000,00001FFB,?,00000006,00000008,0000000A), ref: 004035E3
                                                                                                                                                                                                                                                                                                    • lstrcatW.KERNEL32(004DF000,\Temp,?,00000006,00000008,0000000A), ref: 004035EF
                                                                                                                                                                                                                                                                                                    • GetTempPathW.KERNEL32(00001FFC,004DF000,004DF000,\Temp,?,00000006,00000008,0000000A), ref: 00403603
                                                                                                                                                                                                                                                                                                    • lstrcatW.KERNEL32(004DF000,Low,?,00000006,00000008,0000000A), ref: 0040360B
                                                                                                                                                                                                                                                                                                    • SetEnvironmentVariableW.KERNEL32(TEMP,004DF000,004DF000,Low,?,00000006,00000008,0000000A), ref: 0040361C
                                                                                                                                                                                                                                                                                                    • SetEnvironmentVariableW.KERNEL32(TMP,004DF000,?,00000006,00000008,0000000A), ref: 00403624
                                                                                                                                                                                                                                                                                                    • DeleteFileW.KERNEL32(004DB000,?,00000006,00000008,0000000A), ref: 00403638
                                                                                                                                                                                                                                                                                                      • Part of subcall function 004062BA: lstrcpynW.KERNEL32(?,?,00002000,00403460,00472EE0,NSIS Error,?,00000006,00000008,0000000A), ref: 004062C7
                                                                                                                                                                                                                                                                                                    • ExitProcess.KERNEL32(00000006,?,00000006,00000008,0000000A), ref: 004036FE
                                                                                                                                                                                                                                                                                                    • CoUninitialize.COMBASE(00000006,?,00000006,00000008,0000000A), ref: 00403703
                                                                                                                                                                                                                                                                                                    • ExitProcess.KERNEL32 ref: 00403724
                                                                                                                                                                                                                                                                                                    • lstrcatW.KERNEL32(004DF000,~nsu,004CB000,00000000,00000006,?,00000006,00000008,0000000A), ref: 00403737
                                                                                                                                                                                                                                                                                                    • lstrcatW.KERNEL32(004DF000,0040A26C,004DF000,~nsu,004CB000,00000000,00000006,?,00000006,00000008,0000000A), ref: 00403746
                                                                                                                                                                                                                                                                                                    • lstrcatW.KERNEL32(004DF000,.tmp,004DF000,~nsu,004CB000,00000000,00000006,?,00000006,00000008,0000000A), ref: 00403751
                                                                                                                                                                                                                                                                                                    • lstrcmpiW.KERNEL32(004DF000,004D7000,004DF000,.tmp,004DF000,~nsu,004CB000,00000000,00000006,?,00000006,00000008,0000000A), ref: 0040375D
                                                                                                                                                                                                                                                                                                    • SetCurrentDirectoryW.KERNEL32(004DF000,004DF000,?,00000006,00000008,0000000A), ref: 00403779
                                                                                                                                                                                                                                                                                                    • DeleteFileW.KERNEL32(0043C208,0043C208,?,0047B000,00000008,?,00000006,00000008,0000000A), ref: 004037D3
                                                                                                                                                                                                                                                                                                    • CopyFileW.KERNEL32(004E7000,0043C208,00000001,?,00000006,00000008,0000000A), ref: 004037E7
                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,0043C208,0043C208,?,0043C208,00000000,?,00000006,00000008,0000000A), ref: 00403814
                                                                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(00000028,0000000A,00000006,00000008,0000000A), ref: 00403843
                                                                                                                                                                                                                                                                                                    • OpenProcessToken.ADVAPI32(00000000), ref: 0040384A
                                                                                                                                                                                                                                                                                                    • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 0040385F
                                                                                                                                                                                                                                                                                                    • AdjustTokenPrivileges.ADVAPI32 ref: 00403882
                                                                                                                                                                                                                                                                                                    • ExitWindowsEx.USER32(00000002,80040002), ref: 004038A7
                                                                                                                                                                                                                                                                                                    • ExitProcess.KERNEL32 ref: 004038CA
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2385887924.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385836647.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385958800.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386954233.00000000005FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_fideo-1.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Processlstrcat$ExitFile$CurrentDeleteDirectoryEnvironmentHandlePathTempTokenVariableWindows$AddressAdjustCharCloseCommandCopyErrorInfoInitializeLineLookupModeModuleNextOpenPrivilegePrivilegesProcUninitializeValueVersionlstrcmpilstrcpynlstrlen
                                                                                                                                                                                                                                                                                                    • String ID: .tmp$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
                                                                                                                                                                                                                                                                                                    • API String ID: 424501083-3195845224
                                                                                                                                                                                                                                                                                                    • Opcode ID: d8143391da9922f0f8fdd9eae6183e51d391a53b8ae8d145ad5f2599bc791527
                                                                                                                                                                                                                                                                                                    • Instruction ID: 33fbdd78d52bfd04f2c73b4da217482bb076a8c6d1615cdfa2cd3638f3c4bec2
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d8143391da9922f0f8fdd9eae6183e51d391a53b8ae8d145ad5f2599bc791527
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 45D1F471100310AAE720BF769D45B2B3AADEB4070AF10447FF885B62E1DBBD8D55876E
                                                                                                                                                                                                                                                                                                    Function 00405461 Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 284windowclipboardmemoryCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                    control_flow_graph 137 405461-40547c 138 405482-405549 GetDlgItem * 3 call 404266 call 404bbf GetClientRect GetSystemMetrics SendMessageW * 2 137->138 139 40560b-405612 137->139 162 405567-40556a 138->162 163 40554b-405565 SendMessageW * 2 138->163 141 405614-405636 GetDlgItem CreateThread CloseHandle 139->141 142 40563c-405649 139->142 141->142 144 405667-405671 142->144 145 40564b-405651 142->145 148 405673-405679 144->148 149 4056c7-4056cb 144->149 146 405653-405662 ShowWindow * 2 call 404266 145->146 147 40568c-405695 call 404298 145->147 146->144 159 40569a-40569e 147->159 152 4056a1-4056b1 ShowWindow 148->152 153 40567b-405687 call 40420a 148->153 149->147 156 4056cd-4056d3 149->156 160 4056c1-4056c2 call 40420a 152->160 161 4056b3-4056bc call 405322 152->161 153->147 156->147 157 4056d5-4056e8 SendMessageW 156->157 164 4057ea-4057ec 157->164 165 4056ee-405719 CreatePopupMenu call 4062dc AppendMenuW 157->165 160->149 161->160 166 40557a-405591 call 404231 162->166 167 40556c-405578 SendMessageW 162->167 163->162 164->159 174 40571b-40572b GetWindowRect 165->174 175 40572e-405743 TrackPopupMenu 165->175 176 405593-4055a7 ShowWindow 166->176 177 4055c7-4055e8 GetDlgItem SendMessageW 166->177 167->166 174->175 175->164 178 405749-405760 175->178 179 4055b6 176->179 180 4055a9-4055b4 ShowWindow 176->180 177->164 181 4055ee-405606 SendMessageW * 2 177->181 182 405765-405780 SendMessageW 178->182 183 4055bc-4055c2 call 404266 179->183 180->183 181->164 182->182 184 405782-4057a5 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 182->184 183->177 186 4057a7-4057ce SendMessageW 184->186 186->186 187 4057d0-4057e4 GlobalUnlock SetClipboardData CloseClipboard 186->187 187->164
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,00000403), ref: 004054BF
                                                                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003EE), ref: 004054CE
                                                                                                                                                                                                                                                                                                    • GetClientRect.USER32(?,?), ref: 0040550B
                                                                                                                                                                                                                                                                                                    • GetSystemMetrics.USER32(00000002), ref: 00405512
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001061,00000000,?), ref: 00405533
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 00405544
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 00405557
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 00405565
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001024,00000000,?), ref: 00405578
                                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 0040559A
                                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(?,00000008), ref: 004055AE
                                                                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003EC), ref: 004055CF
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 004055DF
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004055F8
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 00405604
                                                                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003F8), ref: 004054DD
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00404266: SendMessageW.USER32(00000028,?,00000001,00404091), ref: 00404274
                                                                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003EC), ref: 00405621
                                                                                                                                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,Function_000053F5,00000000), ref: 0040562F
                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00405636
                                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(00000000), ref: 0040565A
                                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(?,00000008), ref: 0040565F
                                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(00000008), ref: 004056A9
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004056DD
                                                                                                                                                                                                                                                                                                    • CreatePopupMenu.USER32 ref: 004056EE
                                                                                                                                                                                                                                                                                                    • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 00405702
                                                                                                                                                                                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 00405722
                                                                                                                                                                                                                                                                                                    • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 0040573B
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405773
                                                                                                                                                                                                                                                                                                    • OpenClipboard.USER32(00000000), ref: 00405783
                                                                                                                                                                                                                                                                                                    • EmptyClipboard.USER32 ref: 00405789
                                                                                                                                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405795
                                                                                                                                                                                                                                                                                                    • GlobalLock.KERNEL32(00000000), ref: 0040579F
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001073,00000000,?), ref: 004057B3
                                                                                                                                                                                                                                                                                                    • GlobalUnlock.KERNEL32(00000000), ref: 004057D3
                                                                                                                                                                                                                                                                                                    • SetClipboardData.USER32(0000000D,00000000), ref: 004057DE
                                                                                                                                                                                                                                                                                                    • CloseClipboard.USER32 ref: 004057E4
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2385887924.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385836647.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385958800.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386954233.00000000005FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_fideo-1.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                                                                                                                                                                                                                                    • String ID: {
                                                                                                                                                                                                                                                                                                    • API String ID: 590372296-366298937
                                                                                                                                                                                                                                                                                                    • Opcode ID: 3f5756e17ddf514bb7e58e27119461a6e63aa272c655e6837988b65713ff16ec
                                                                                                                                                                                                                                                                                                    • Instruction ID: bae72a1d173c3811f2fd5642bc5838002141c6bee16c4b6d0499208050eeb164
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3f5756e17ddf514bb7e58e27119461a6e63aa272c655e6837988b65713ff16ec
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3CB12970900608FFDB119FA0DE89EAE7B79FB48354F00413AFA45A61A0CBB55E91DF58
                                                                                                                                                                                                                                                                                                    Function 04FC10D0 Relevance: 47.5, APIs: 21, Strings: 6, Instructions: 217COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                    control_flow_graph 293 4fc10d0-4fc10fe GetVersionExW 294 4fc110a-4fc1113 293->294 295 4fc1100-4fc1105 293->295 297 4fc112c-4fc1143 LoadLibraryW 294->297 298 4fc1115-4fc111c 294->298 296 4fc1374-4fc1376 295->296 301 4fc11af 297->301 302 4fc1145-4fc1156 GetProcAddress 297->302 299 4fc1227-4fc1239 LoadLibraryA 298->299 300 4fc1122-4fc1127 298->300 303 4fc123f-4fc1268 GetProcAddress * 3 299->303 304 4fc1349-4fc134e 299->304 306 4fc1372-4fc1373 300->306 305 4fc11b4-4fc11b6 301->305 307 4fc119f 302->307 308 4fc1158-4fc1164 LocalAlloc 302->308 310 4fc126e-4fc1270 303->310 311 4fc133a-4fc133d FreeLibrary 303->311 304->306 313 4fc11bf 305->313 314 4fc11b8-4fc11ba 305->314 306->296 312 4fc11a4-4fc11ad FreeLibrary 307->312 309 4fc1193-4fc1196 308->309 315 4fc1198-4fc119d 309->315 316 4fc1166-4fc1177 NtQuerySystemInformation 309->316 310->311 317 4fc1276-4fc1278 310->317 319 4fc1343-4fc1347 311->319 312->305 318 4fc11c2-4fc11c7 313->318 314->306 315->312 316->312 320 4fc1179-4fc1188 LocalFree 316->320 317->311 321 4fc127e-4fc1289 317->321 322 4fc120f-4fc1213 318->322 323 4fc11c9-4fc11ee lstrcpynW lstrcmpiW 318->323 319->304 324 4fc1350-4fc1354 319->324 320->315 325 4fc118a-4fc1191 LocalAlloc 320->325 321->311 336 4fc128f-4fc12a3 321->336 326 4fc1219-4fc1222 LocalFree 322->326 327 4fc1215-4fc1217 322->327 323->322 328 4fc11f0-4fc11f7 323->328 329 4fc1356-4fc135a 324->329 330 4fc1370 324->330 325->309 326->319 327->318 328->326 334 4fc11f9-4fc120c call 4fc103f 328->334 331 4fc135c-4fc1361 329->331 332 4fc1363-4fc1367 329->332 330->306 331->306 332->330 335 4fc1369-4fc136e 332->335 334->322 335->306 340 4fc132b-4fc132d 336->340 341 4fc12a8-4fc12bc lstrlenW 340->341 342 4fc1333-4fc1334 CloseHandle 340->342 343 4fc12c3-4fc12c7 341->343 342->311 344 4fc12be-4fc12c0 343->344 345 4fc12c9-4fc12fc lstrlenA MultiByteToWideChar lstrcmpiW 343->345 344->345 346 4fc12c2 344->346 347 4fc12fe-4fc1305 345->347 348 4fc1320-4fc1327 345->348 346->343 347->342 349 4fc1307-4fc131d call 4fc103f 347->349 348->340 349->348
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetVersionExW.KERNEL32(?), ref: 04FC10F6
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2389274477.0000000004FC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 04FC0000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2389236739.0000000004FC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2389309608.0000000004FC2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2389366405.0000000004FC4000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_4fc0000_fideo-1.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Version
                                                                                                                                                                                                                                                                                                    • String ID: CreateToolhelp32Snapshot$KERNEL32.DLL$NTDLL.DLL$NtQuerySystemInformation$Process32First$Process32Next
                                                                                                                                                                                                                                                                                                    • API String ID: 1889659487-877962304
                                                                                                                                                                                                                                                                                                    • Opcode ID: 7c54e82ccd6293fc41fbe2d5c119ff5dc1591901038baee40bae960cddd190a6
                                                                                                                                                                                                                                                                                                    • Instruction ID: 9d82f17d54892c80cff33d5cdd74415dce730c1a7135484baecadf11525c4a6e
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7c54e82ccd6293fc41fbe2d5c119ff5dc1591901038baee40bae960cddd190a6
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2271C271E4021AEFDB219FA4DF44BAE7BBDEB44349F0440AAE505E3101E774AA56CF90
                                                                                                                                                                                                                                                                                                    Function 00404722 Relevance: 24.8, APIs: 12, Strings: 2, Instructions: 275stringCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                    control_flow_graph 426 404722-40474c 427 40474e-40475a call 405904 call 40654e 426->427 428 40475f-404769 426->428 427->428 430 4047d7-4047de 428->430 431 40476b-404781 GetDlgItem call 405c06 428->431 434 4047e4-4047ed 430->434 435 4048b5-4048bc 430->435 442 404793-4047cc SetWindowTextW call 404231 * 2 call 404266 call 406694 431->442 443 404783-40478b call 405c3a 431->443 438 404807-40480c 434->438 439 4047ef-4047fa 434->439 440 4048cb-4048e6 call 405904 call 405c97 435->440 441 4048be-4048c5 435->441 438->435 446 404812-404854 call 4062dc SHBrowseForFolderW 438->446 444 404800 439->444 445 404a63-404a75 call 404298 439->445 464 4048e8 440->464 465 4048ef-404907 call 4062ba call 406694 440->465 441->440 441->445 442->445 484 4047d2-4047d5 SHAutoComplete 442->484 443->442 462 40478d-40478e call 405b8f 443->462 444->438 458 404856-404870 CoTaskMemFree call 405b8f 446->458 459 4048ae 446->459 471 404872-404878 458->471 472 40489a-4048ac SetDlgItemTextW 458->472 459->435 462->442 464->465 482 404943-404954 call 4062ba call 405c3a 465->482 483 404909-40490f 465->483 471->472 475 40487a-404891 call 4062dc lstrcmpiW 471->475 472->435 475->472 486 404893-404895 lstrcatW 475->486 498 404956 482->498 499 404959-404972 GetDiskFreeSpaceW 482->499 483->482 487 404911-404923 GetDiskFreeSpaceExW 483->487 484->430 486->472 489 404925-404927 487->489 490 40499b-4049b5 487->490 493 404929 489->493 494 40492c-404941 call 405bdb 489->494 492 4049b7 490->492 496 4049bc-4049c6 call 404bbf 492->496 493->494 494->482 494->487 504 4049e1-4049ea 496->504 505 4049c8-4049cf 496->505 498->499 499->492 502 404974-404999 MulDiv 499->502 502->496 506 404a1c-404a26 504->506 507 4049ec-4049fc call 404ba7 504->507 505->504 508 4049d1 505->508 510 404a32-404a38 506->510 511 404a28-404a2f call 40140b 506->511 519 404a0e-404a17 SetDlgItemTextW 507->519 520 4049fe-404a07 call 404ade 507->520 512 4049d3-4049d8 508->512 513 4049da 508->513 516 404a3a 510->516 517 404a3d-404a4e call 404253 510->517 511->510 512->504 512->513 513->504 516->517 524 404a50-404a56 517->524 525 404a5d 517->525 519->506 526 404a0c 520->526 524->525 527 404a58 call 40467b 524->527 525->445 526->506 527->525
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003FB), ref: 00404771
                                                                                                                                                                                                                                                                                                    • SetWindowTextW.USER32(00000000,?), ref: 0040479B
                                                                                                                                                                                                                                                                                                    • SHAutoComplete.SHLWAPI(00000000,00000001,00000007,00000000,?,00000014,?,?,00000001,?), ref: 004047D5
                                                                                                                                                                                                                                                                                                    • SHBrowseForFolderW.SHELL32(?), ref: 0040484C
                                                                                                                                                                                                                                                                                                    • CoTaskMemFree.OLE32(00000000), ref: 00404857
                                                                                                                                                                                                                                                                                                    • lstrcmpiW.KERNEL32(Delete on reboot: ,00450248,00000000,?,?), ref: 00404889
                                                                                                                                                                                                                                                                                                    • lstrcatW.KERNEL32(?,Delete on reboot: ), ref: 00404895
                                                                                                                                                                                                                                                                                                    • SetDlgItemTextW.USER32(?,000003FB,?), ref: 004048A7
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00405904: GetDlgItemTextW.USER32(?,?,00002000,004048DE), ref: 00405917
                                                                                                                                                                                                                                                                                                      • Part of subcall function 0040654E: CharNextW.USER32(?,*?|<>/":,00000000,00000000,004DF000,004DF000,004CB000,0040336A,004DF000,75923420,004035D9,?,00000006,00000008,0000000A), ref: 004065B1
                                                                                                                                                                                                                                                                                                      • Part of subcall function 0040654E: CharNextW.USER32(?,?,?,00000000,?,00000006,00000008,0000000A), ref: 004065C0
                                                                                                                                                                                                                                                                                                      • Part of subcall function 0040654E: CharNextW.USER32(?,00000000,004DF000,004DF000,004CB000,0040336A,004DF000,75923420,004035D9,?,00000006,00000008,0000000A), ref: 004065C5
                                                                                                                                                                                                                                                                                                      • Part of subcall function 0040654E: CharPrevW.USER32(?,?,004DF000,004DF000,004CB000,0040336A,004DF000,75923420,004035D9,?,00000006,00000008,0000000A), ref: 004065D8
                                                                                                                                                                                                                                                                                                    • GetDiskFreeSpaceExW.KERNEL32(00440218,?,?,?,00000001,00440218,?,?,000003FB,?), ref: 0040491E
                                                                                                                                                                                                                                                                                                    • GetDiskFreeSpaceW.KERNEL32(00440218,?,?,0000040F,?,00440218,00440218,?,00000001,00440218,?,?,000003FB,?), ref: 0040496A
                                                                                                                                                                                                                                                                                                    • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404985
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00404ADE: lstrlenW.KERNEL32(00450248,00450248,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404B7F
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00404ADE: wsprintfW.USER32 ref: 00404B88
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00404ADE: SetDlgItemTextW.USER32(?,00450248), ref: 00404B9B
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2385887924.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385836647.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385958800.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386954233.00000000005FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_fideo-1.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: CharItemText$FreeNext$DiskSpace$AutoBrowseCompleteFolderPrevTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                                                                                                                                    • String ID: A$Delete on reboot:
                                                                                                                                                                                                                                                                                                    • API String ID: 4039761011-2014378647
                                                                                                                                                                                                                                                                                                    • Opcode ID: c6be6ca5e1b27de1558029dfee920185e51e82fa4b8fea8ea968f54d08c5432d
                                                                                                                                                                                                                                                                                                    • Instruction ID: aec38ac33e169681c2ce75898e964705c21f391e9d8eef84a8e49708370a7c65
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c6be6ca5e1b27de1558029dfee920185e51e82fa4b8fea8ea968f54d08c5432d
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0CA173B1900208ABDB11AFA5CD45AAF77B8EF84314F10847BF605B62D1D77C99418F6D
                                                                                                                                                                                                                                                                                                    Function 004059CC Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 148filestringCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                    control_flow_graph 659 4059cc-4059f2 call 405c97 662 4059f4-405a06 DeleteFileW 659->662 663 405a0b-405a12 659->663 664 405b88-405b8c 662->664 665 405a14-405a16 663->665 666 405a25-405a35 call 4062ba 663->666 667 405b36-405b3b 665->667 668 405a1c-405a1f 665->668 672 405a44-405a45 call 405bdb 666->672 673 405a37-405a42 lstrcatW 666->673 667->664 671 405b3d-405b40 667->671 668->666 668->667 674 405b42-405b48 671->674 675 405b4a-405b52 call 4065fd 671->675 677 405a4a-405a4e 672->677 673->677 674->664 675->664 683 405b54-405b68 call 405b8f call 405984 675->683 680 405a50-405a58 677->680 681 405a5a-405a60 lstrcatW 677->681 680->681 682 405a65-405a81 lstrlenW FindFirstFileW 680->682 681->682 684 405a87-405a8f 682->684 685 405b2b-405b2f 682->685 699 405b80-405b83 call 405322 683->699 700 405b6a-405b6d 683->700 687 405a91-405a99 684->687 688 405aaf-405ac3 call 4062ba 684->688 685->667 690 405b31 685->690 691 405a9b-405aa3 687->691 692 405b0e-405b1e FindNextFileW 687->692 701 405ac5-405acd 688->701 702 405ada-405ae5 call 405984 688->702 690->667 691->688 695 405aa5-405aad 691->695 692->684 698 405b24-405b25 FindClose 692->698 695->688 695->692 698->685 699->664 700->674 703 405b6f-405b7e call 405322 call 406080 700->703 701->692 704 405acf-405ad3 call 4059cc 701->704 712 405b06-405b09 call 405322 702->712 713 405ae7-405aea 702->713 703->664 711 405ad8 704->711 711->692 712->692 714 405aec-405afc call 405322 call 406080 713->714 715 405afe-405b04 713->715 714->692 715->692
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • DeleteFileW.KERNEL32(?,?,004DF000,75923420,00000000), ref: 004059F5
                                                                                                                                                                                                                                                                                                    • lstrcatW.KERNEL32(00460250,\*.*,00460250,?,?,004DF000,75923420,00000000), ref: 00405A3D
                                                                                                                                                                                                                                                                                                    • lstrcatW.KERNEL32(?,0040A014,?,00460250,?,?,004DF000,75923420,00000000), ref: 00405A60
                                                                                                                                                                                                                                                                                                    • lstrlenW.KERNEL32(?,?,0040A014,?,00460250,?,?,004DF000,75923420,00000000), ref: 00405A66
                                                                                                                                                                                                                                                                                                    • FindFirstFileW.KERNEL32(00460250,?,?,?,0040A014,?,00460250,?,?,004DF000,75923420,00000000), ref: 00405A76
                                                                                                                                                                                                                                                                                                    • FindNextFileW.KERNELBASE(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405B16
                                                                                                                                                                                                                                                                                                    • FindClose.KERNEL32(00000000), ref: 00405B25
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2385887924.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385836647.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385958800.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386954233.00000000005FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_fideo-1.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                                                                                                                                                                                    • String ID: \*.*
                                                                                                                                                                                                                                                                                                    • API String ID: 2035342205-1173974218
                                                                                                                                                                                                                                                                                                    • Opcode ID: 381ae1539308b0fff5c23660480c7799636f68814d34eb948432fba1f876741c
                                                                                                                                                                                                                                                                                                    • Instruction ID: 3baa02bdf70247edfb0f680676f8bffda79515ede8bd61e7e13478a9eee65f3b
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 381ae1539308b0fff5c23660480c7799636f68814d34eb948432fba1f876741c
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E141D430900914AACB21AB618C89ABF7778EF45369F10427FF801711D1D77CAD81DE6E
                                                                                                                                                                                                                                                                                                    Function 004065FD Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • FindFirstFileW.KERNEL32(004DF000,00468298,00464250,00405CE0,00464250,00464250,00000000,00464250,00464250,004DF000,?,75923420,004059EC,?,004DF000,75923420), ref: 00406608
                                                                                                                                                                                                                                                                                                    • FindClose.KERNEL32(00000000), ref: 00406614
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2385887924.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385836647.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385958800.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386954233.00000000005FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_fideo-1.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 2295610775-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: f7cd178be2e6469beafc72b660366141f3ce998a63a06fca00c04ee689428cf9
                                                                                                                                                                                                                                                                                                    • Instruction ID: 086872f0bf6ffc0fec3bf9e050170664210a11ef237051a194e92f35cf11c1a2
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f7cd178be2e6469beafc72b660366141f3ce998a63a06fca00c04ee689428cf9
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 52D012315455205BC7001B386E0C85B7B599F553317158F37F46AF51E0DB758C62869D
                                                                                                                                                                                                                                                                                                    Function 00402104 Relevance: 1.6, APIs: 1, Instructions: 129comCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • CoCreateInstance.OLE32(004085F0,?,00000001,004085E0,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402183
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2385887924.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385836647.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385958800.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386954233.00000000005FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_fideo-1.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: CreateInstance
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 542301482-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 480e397dae40ebfa96f82ecc2c51ce6f9583f8d74ca207046111302e71a4974e
                                                                                                                                                                                                                                                                                                    • Instruction ID: 6590b0d0bd135a94e5278e34c2007f8374f9804fe0c2ec815525577e7f77d17f
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 480e397dae40ebfa96f82ecc2c51ce6f9583f8d74ca207046111302e71a4974e
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 01414C71A00208AFCF04DFE4C988A9D7BB5FF48314B24457AF915EB2E0DBB99981CB44
                                                                                                                                                                                                                                                                                                    Function 00403D58 Relevance: 48.3, APIs: 32, Instructions: 346windowstringCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                    control_flow_graph 188 403d58-403d6a 189 403d70-403d76 188->189 190 403eab-403eba 188->190 189->190 193 403d7c-403d85 189->193 191 403f09-403f1e 190->191 192 403ebc-403ef7 GetDlgItem * 2 call 404231 KiUserCallbackDispatcher call 40140b 190->192 197 403f20-403f23 191->197 198 403f5e-403f63 call 40427d 191->198 214 403efc-403f04 192->214 194 403d87-403d94 SetWindowPos 193->194 195 403d9a-403d9d 193->195 194->195 199 403db7-403dbd 195->199 200 403d9f-403db1 ShowWindow 195->200 202 403f25-403f30 call 401389 197->202 203 403f56-403f58 197->203 210 403f68-403f83 198->210 205 403dd9-403ddc 199->205 206 403dbf-403dd4 DestroyWindow 199->206 200->199 202->203 225 403f32-403f51 SendMessageW 202->225 203->198 209 4041fe 203->209 216 403dde-403dea SetWindowLongW 205->216 217 403def-403df5 205->217 213 4041db-4041e1 206->213 215 404200-404207 209->215 211 403f85-403f87 call 40140b 210->211 212 403f8c-403f92 210->212 211->212 221 403f98-403fa3 212->221 222 4041bc-4041d5 DestroyWindow KiUserCallbackDispatcher 212->222 213->209 220 4041e3-4041e9 213->220 214->191 216->215 223 403e98-403ea6 call 404298 217->223 224 403dfb-403e0c GetDlgItem 217->224 220->209 226 4041eb-4041f4 ShowWindow 220->226 221->222 227 403fa9-403ff6 call 4062dc call 404231 * 3 GetDlgItem 221->227 222->213 223->215 228 403e2b-403e2e 224->228 229 403e0e-403e25 SendMessageW IsWindowEnabled 224->229 225->215 226->209 258 404000-40403c ShowWindow KiUserCallbackDispatcher call 404253 KiUserCallbackDispatcher 227->258 259 403ff8-403ffd 227->259 232 403e30-403e31 228->232 233 403e33-403e36 228->233 229->209 229->228 236 403e61-403e66 call 40420a 232->236 237 403e44-403e49 233->237 238 403e38-403e3e 233->238 236->223 239 403e4b-403e51 237->239 240 403e7f-403e92 SendMessageW 237->240 238->240 243 403e40-403e42 238->243 244 403e53-403e59 call 40140b 239->244 245 403e68-403e71 call 40140b 239->245 240->223 243->236 254 403e5f 244->254 245->223 255 403e73-403e7d 245->255 254->236 255->254 262 404041 258->262 263 40403e-40403f 258->263 259->258 264 404043-404071 GetSystemMenu EnableMenuItem SendMessageW 262->264 263->264 265 404073-404084 SendMessageW 264->265 266 404086 264->266 267 40408c-4040cb call 404266 call 403d39 call 4062ba lstrlenW call 4062dc SetWindowTextW call 401389 265->267 266->267 267->210 278 4040d1-4040d3 267->278 278->210 279 4040d9-4040dd 278->279 280 4040fc-404110 DestroyWindow 279->280 281 4040df-4040e5 279->281 280->213 283 404116-404143 CreateDialogParamW 280->283 281->209 282 4040eb-4040f1 281->282 282->210 284 4040f7 282->284 283->213 285 404149-4041a0 call 404231 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 283->285 284->209 285->209 290 4041a2-4041b5 ShowWindow call 40427d 285->290 292 4041ba 290->292 292->213
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403D94
                                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(?), ref: 00403DB1
                                                                                                                                                                                                                                                                                                    • DestroyWindow.USER32 ref: 00403DC5
                                                                                                                                                                                                                                                                                                    • SetWindowLongW.USER32(?,00000000,00000000), ref: 00403DE1
                                                                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,?), ref: 00403E02
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00403E16
                                                                                                                                                                                                                                                                                                    • IsWindowEnabled.USER32(00000000), ref: 00403E1D
                                                                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,00000001), ref: 00403ECB
                                                                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,00000002), ref: 00403ED5
                                                                                                                                                                                                                                                                                                    • KiUserCallbackDispatcher.NTDLL(?,000000F2,?), ref: 00403EEF
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 00403F40
                                                                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,00000003), ref: 00403FE6
                                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(00000000,?), ref: 00404007
                                                                                                                                                                                                                                                                                                    • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00404019
                                                                                                                                                                                                                                                                                                    • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00404034
                                                                                                                                                                                                                                                                                                    • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 0040404A
                                                                                                                                                                                                                                                                                                    • EnableMenuItem.USER32(00000000), ref: 00404051
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 00404069
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 0040407C
                                                                                                                                                                                                                                                                                                    • lstrlenW.KERNEL32(00450248,?,00450248,00000000), ref: 004040A6
                                                                                                                                                                                                                                                                                                    • SetWindowTextW.USER32(?,00450248), ref: 004040BA
                                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(?,0000000A), ref: 004041EE
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2385887924.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385836647.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385958800.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386954233.00000000005FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_fideo-1.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Window$Item$MessageSend$CallbackDispatcherShowUser$Menu$DestroyEnableEnabledLongSystemTextlstrlen
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 2523155381-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: fc0f4d7be1e4c82c86fade982caad82dc734dafc7249948e3003efd3e17736fb
                                                                                                                                                                                                                                                                                                    • Instruction ID: ebd8885eb79f40fe398f9982bcc50e4b60f6275a3dc5f5776bcae5bce4ead0d0
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fc0f4d7be1e4c82c86fade982caad82dc734dafc7249948e3003efd3e17736fb
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AFC1D5B1500304ABDB206F61EE88E2B3A78FB95346F00053EF645B51F1CB799891DB6E
                                                                                                                                                                                                                                                                                                    Function 004039AA Relevance: 38.7, APIs: 13, Strings: 9, Instructions: 215stringregistryCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                    control_flow_graph 352 4039aa-4039c2 call 406694 355 4039c4-4039d4 call 406201 352->355 356 4039d6-403a0d call 406188 352->356 364 403a30-403a59 call 403c80 call 405c97 355->364 361 403a25-403a2b lstrcatW 356->361 362 403a0f-403a20 call 406188 356->362 361->364 362->361 370 403aeb-403af3 call 405c97 364->370 371 403a5f-403a64 364->371 377 403b01-403b26 LoadImageW 370->377 378 403af5-403afc call 4062dc 370->378 371->370 372 403a6a-403a92 call 406188 371->372 372->370 379 403a94-403a98 372->379 381 403ba7-403baf call 40140b 377->381 382 403b28-403b58 RegisterClassW 377->382 378->377 386 403aaa-403ab6 lstrlenW 379->386 387 403a9a-403aa7 call 405bbc 379->387 394 403bb1-403bb4 381->394 395 403bb9-403bc4 call 403c80 381->395 383 403c76 382->383 384 403b5e-403ba2 SystemParametersInfoW CreateWindowExW 382->384 392 403c78-403c7f 383->392 384->381 388 403ab8-403ac6 lstrcmpiW 386->388 389 403ade-403ae6 call 405b8f call 4062ba 386->389 387->386 388->389 393 403ac8-403ad2 GetFileAttributesW 388->393 389->370 398 403ad4-403ad6 393->398 399 403ad8-403ad9 call 405bdb 393->399 394->392 405 403bca-403be4 ShowWindow call 406624 395->405 406 403c4d-403c4e call 4053f5 395->406 398->389 398->399 399->389 413 403bf0-403c02 GetClassInfoW 405->413 414 403be6-403beb call 406624 405->414 409 403c53-403c55 406->409 411 403c57-403c5d 409->411 412 403c6f-403c71 call 40140b 409->412 411->394 415 403c63-403c6a call 40140b 411->415 412->383 418 403c04-403c14 GetClassInfoW RegisterClassW 413->418 419 403c1a-403c3d DialogBoxParamW call 40140b 413->419 414->413 415->394 418->419 422 403c42-403c4b call 4038fa 419->422 422->392
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00406694: GetModuleHandleA.KERNEL32(?,00000020,?,00403401,0000000A), ref: 004066A6
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00406694: GetProcAddress.KERNEL32(00000000,?), ref: 004066C1
                                                                                                                                                                                                                                                                                                    • lstrcatW.KERNEL32(004DB000,00450248,80000001,Control Panel\Desktop\ResourceLocale,00000000,00450248,00000000,00000002,004DF000,75923420,004CB000,00000000), ref: 00403A2B
                                                                                                                                                                                                                                                                                                    • lstrlenW.KERNEL32(Delete on reboot: ,?,?,?,Delete on reboot: ,00000000,004CF000,004DB000,00450248,80000001,Control Panel\Desktop\ResourceLocale,00000000,00450248,00000000,00000002,004DF000), ref: 00403AAB
                                                                                                                                                                                                                                                                                                    • lstrcmpiW.KERNEL32(?,.exe,Delete on reboot: ,?,?,?,Delete on reboot: ,00000000,004CF000,004DB000,00450248,80000001,Control Panel\Desktop\ResourceLocale,00000000,00450248,00000000), ref: 00403ABE
                                                                                                                                                                                                                                                                                                    • GetFileAttributesW.KERNEL32(Delete on reboot: ), ref: 00403AC9
                                                                                                                                                                                                                                                                                                    • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,004CF000), ref: 00403B12
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00406201: wsprintfW.USER32 ref: 0040620E
                                                                                                                                                                                                                                                                                                    • RegisterClassW.USER32(00472E80), ref: 00403B4F
                                                                                                                                                                                                                                                                                                    • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403B67
                                                                                                                                                                                                                                                                                                    • CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403B9C
                                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(00000005,00000000), ref: 00403BD2
                                                                                                                                                                                                                                                                                                    • GetClassInfoW.USER32(00000000,RichEdit20W,00472E80), ref: 00403BFE
                                                                                                                                                                                                                                                                                                    • GetClassInfoW.USER32(00000000,RichEdit,00472E80), ref: 00403C0B
                                                                                                                                                                                                                                                                                                    • RegisterClassW.USER32(00472E80), ref: 00403C14
                                                                                                                                                                                                                                                                                                    • DialogBoxParamW.USER32(?,00000000,00403D58,00000000), ref: 00403C33
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2385887924.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385836647.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385958800.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386954233.00000000005FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_fideo-1.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                                                                                                                                    • String ID: .DEFAULT\Control Panel\International$.exe$Control Panel\Desktop\ResourceLocale$Delete on reboot: $RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
                                                                                                                                                                                                                                                                                                    • API String ID: 1975747703-2967253400
                                                                                                                                                                                                                                                                                                    • Opcode ID: f1b2be5f89fac0cbf9958f47fdf3d8daba4c0bfed37b59ff3d0d792caf125e20
                                                                                                                                                                                                                                                                                                    • Instruction ID: e946f9b6b947081a315c1f95bc525aa973ad4f651662e5f5477bf26fdb3bf1de
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f1b2be5f89fac0cbf9958f47fdf3d8daba4c0bfed37b59ff3d0d792caf125e20
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B361C8302407007ED720AF669E45E2B3A6CEB8474AF40417FF985B51E2DBBD5951CB2E
                                                                                                                                                                                                                                                                                                    Function 004062DC Relevance: 19.5, APIs: 7, Strings: 4, Instructions: 209stringCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                    control_flow_graph 529 4062dc-4062e7 530 4062e9-4062f8 529->530 531 4062fa-406310 529->531 530->531 532 406316-406323 531->532 533 406528-40652e 531->533 532->533 534 406329-406330 532->534 535 406534-40653f 533->535 536 406335-406342 533->536 534->533 538 406541-406545 call 4062ba 535->538 539 40654a-40654b 535->539 536->535 537 406348-406354 536->537 540 406515 537->540 541 40635a-406398 537->541 538->539 545 406523-406526 540->545 546 406517-406521 540->546 543 4064b8-4064bc 541->543 544 40639e-4063a9 541->544 549 4064be-4064c4 543->549 550 4064ef-4064f3 543->550 547 4063c2 544->547 548 4063ab-4063b0 544->548 545->533 546->533 556 4063c9-4063d0 547->556 548->547 553 4063b2-4063b5 548->553 554 4064d4-4064e0 call 4062ba 549->554 555 4064c6-4064d2 call 406201 549->555 551 406502-406513 lstrlenW 550->551 552 4064f5-4064fd call 4062dc 550->552 551->533 552->551 553->547 558 4063b7-4063ba 553->558 563 4064e5-4064eb 554->563 555->563 560 4063d2-4063d4 556->560 561 4063d5-4063d7 556->561 558->547 564 4063bc-4063c0 558->564 560->561 566 406412-406415 561->566 567 4063d9-4063f7 call 406188 561->567 563->551 569 4064ed 563->569 564->556 570 406425-406428 566->570 571 406417-406423 GetSystemDirectoryW 566->571 572 4063fc-406400 567->572 573 4064b0-4064b6 call 40654e 569->573 575 406493-406495 570->575 576 40642a-406438 GetWindowsDirectoryW 570->576 574 406497-40649b 571->574 577 4064a0-4064a3 572->577 578 406406-40640d call 4062dc 572->578 573->551 574->573 580 40649d 574->580 575->574 579 40643a-406444 575->579 576->575 577->573 583 4064a5-4064ab lstrcatW 577->583 578->574 585 406446-406449 579->585 586 40645e-406474 SHGetSpecialFolderLocation 579->586 580->577 583->573 585->586 588 40644b-406452 585->588 589 406476-40648d SHGetPathFromIDListW CoTaskMemFree 586->589 590 40648f 586->590 591 40645a-40645c 588->591 589->574 589->590 590->575 591->574 591->586
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetSystemDirectoryW.KERNEL32(Delete on reboot: ,00002000), ref: 0040641D
                                                                                                                                                                                                                                                                                                    • GetWindowsDirectoryW.KERNEL32(Delete on reboot: ,00002000,00000000,Delete on reboot: C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\,?,00405359,Delete on reboot: C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\,00000000), ref: 00406430
                                                                                                                                                                                                                                                                                                    • SHGetSpecialFolderLocation.SHELL32(00405359,0042E800,00000000,Delete on reboot: C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\,?,00405359,Delete on reboot: C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\,00000000), ref: 0040646C
                                                                                                                                                                                                                                                                                                    • SHGetPathFromIDListW.SHELL32(0042E800,Delete on reboot: ), ref: 0040647A
                                                                                                                                                                                                                                                                                                    • CoTaskMemFree.OLE32(0042E800), ref: 00406485
                                                                                                                                                                                                                                                                                                    • lstrcatW.KERNEL32(Delete on reboot: ,\Microsoft\Internet Explorer\Quick Launch), ref: 004064AB
                                                                                                                                                                                                                                                                                                    • lstrlenW.KERNEL32(Delete on reboot: ,00000000,Delete on reboot: C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\,?,00405359,Delete on reboot: C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\,00000000), ref: 00406503
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2385887924.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385836647.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385958800.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386954233.00000000005FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_fideo-1.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskWindowslstrcatlstrlen
                                                                                                                                                                                                                                                                                                    • String ID: Delete on reboot: $Delete on reboot: C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                                                                                                                                                                                                    • API String ID: 717251189-3157081857
                                                                                                                                                                                                                                                                                                    • Opcode ID: 412c271bb9d070f278564469311d6f605cf1b48e62db3e13451b1dc2679c3c4f
                                                                                                                                                                                                                                                                                                    • Instruction ID: deb4280fb9253f119c0dee44fead77f8699473dbe43bed35a1e393a154a8df3c
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 412c271bb9d070f278564469311d6f605cf1b48e62db3e13451b1dc2679c3c4f
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 87612371A00115AADF209F64DC44BAE37A5EF45318F22803FE907B62D0D77D9AA1C75E
                                                                                                                                                                                                                                                                                                    Function 00402EDD Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 182COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                    control_flow_graph 592 402edd-402f2b GetTickCount GetModuleFileNameW call 405db0 595 402f37-402f65 call 4062ba call 405bdb call 4062ba GetFileSize 592->595 596 402f2d-402f32 592->596 604 403052-403060 call 402e79 595->604 605 402f6b 595->605 597 40310f-403113 596->597 611 403062-403065 604->611 612 4030b5-4030ba 604->612 607 402f70-402f87 605->607 609 402f89 607->609 610 402f8b-402f94 call 403331 607->610 609->610 619 402f9a-402fa1 610->619 620 4030bc-4030c4 call 402e79 610->620 614 403067-40307f call 403347 call 403331 611->614 615 403089-4030b3 GlobalAlloc call 403347 call 403116 611->615 612->597 614->612 643 403081-403087 614->643 615->612 641 4030c6-4030d7 615->641 621 402fa3-402fb7 call 405d6b 619->621 622 40301d-403021 619->622 620->612 630 40302b-403031 621->630 639 402fb9-402fc0 621->639 629 403023-40302a call 402e79 622->629 622->630 629->630 632 403040-40304a 630->632 633 403033-40303d call 406787 630->633 632->607 640 403050 632->640 633->632 639->630 645 402fc2-402fc9 639->645 640->604 646 4030d9 641->646 647 4030df-4030e4 641->647 643->612 643->615 645->630 648 402fcb-402fd2 645->648 646->647 649 4030e5-4030eb 647->649 648->630 650 402fd4-402fdb 648->650 649->649 651 4030ed-403108 SetFilePointer call 405d6b 649->651 650->630 652 402fdd-402ffd 650->652 655 40310d 651->655 652->612 654 403003-403007 652->654 656 403009-40300d 654->656 657 40300f-403017 654->657 655->597 656->640 656->657 657->630 658 403019-40301b 657->658 658->630
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 00402EEE
                                                                                                                                                                                                                                                                                                    • GetModuleFileNameW.KERNEL32(00000000,004E7000,00002000,?,00000006,00000008,0000000A), ref: 00402F0A
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00405DB0: GetFileAttributesW.KERNEL32(004E7000,00402F1D,004E7000,80000000,00000003,?,00000006,00000008,0000000A), ref: 00405DB4
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00405DB0: CreateFileW.KERNEL32(?,?,00000001,00000000,?,00000001,00000000,?,00000006,00000008,0000000A), ref: 00405DD6
                                                                                                                                                                                                                                                                                                    • GetFileSize.KERNEL32(00000000,00000000,004EB000,00000000,004D7000,004D7000,004E7000,004E7000,80000000,00000003,?,00000006,00000008,0000000A), ref: 00402F56
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    • Null, xrefs: 00402FD4
                                                                                                                                                                                                                                                                                                    • Inst, xrefs: 00402FC2
                                                                                                                                                                                                                                                                                                    • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author , xrefs: 004030B5
                                                                                                                                                                                                                                                                                                    • Error launching installer, xrefs: 00402F2D
                                                                                                                                                                                                                                                                                                    • soft, xrefs: 00402FCB
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2385887924.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385836647.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385958800.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386954233.00000000005FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_fideo-1.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                                                                                                                                                                                                                                                                    • String ID: Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                                                                                                                                                                                                                                                                    • API String ID: 4283519449-527102705
                                                                                                                                                                                                                                                                                                    • Opcode ID: b6f6648de98c24fa7c04dbba87c1fded15afc009f9c9acd1abae5bab2567aa71
                                                                                                                                                                                                                                                                                                    • Instruction ID: d807cc789e5c0b6659aec278a7977cb1897ccc82e3fedab9e592eb30a9b28e48
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b6f6648de98c24fa7c04dbba87c1fded15afc009f9c9acd1abae5bab2567aa71
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 23511671901205ABDB20AF61DD85B9F7FACEB0431AF20403BF914B62D5C7789E818B9D
                                                                                                                                                                                                                                                                                                    Function 0040176F Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 145stringtimeCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                    control_flow_graph 723 40176f-401794 call 402c41 call 405c06 728 401796-40179c call 4062ba 723->728 729 40179e-4017b0 call 4062ba call 405b8f lstrcatW 723->729 734 4017b5-4017b6 call 40654e 728->734 729->734 738 4017bb-4017bf 734->738 739 4017c1-4017cb call 4065fd 738->739 740 4017f2-4017f5 738->740 747 4017dd-4017ef 739->747 748 4017cd-4017db CompareFileTime 739->748 741 4017f7-4017f8 call 405d8b 740->741 742 4017fd-401819 call 405db0 740->742 741->742 750 40181b-40181e 742->750 751 40188d-4018b6 call 405322 call 403116 742->751 747->740 748->747 752 401820-40185e call 4062ba * 2 call 4062dc call 4062ba call 405920 750->752 753 40186f-401879 call 405322 750->753 763 4018b8-4018bc 751->763 764 4018be-4018ca SetFileTime 751->764 752->738 785 401864-401865 752->785 765 401882-401888 753->765 763->764 767 4018d0-4018db CloseHandle 763->767 764->767 768 402ace 765->768 771 4018e1-4018e4 767->771 772 402ac5-402ac8 767->772 773 402ad0-402ad4 768->773 775 4018e6-4018f7 call 4062dc lstrcatW 771->775 776 4018f9-4018fc call 4062dc 771->776 772->768 782 401901-4022fc call 405920 775->782 776->782 782->772 782->773 785->765 787 401867-401868 785->787 787->753
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • lstrcatW.KERNEL32(00000000,00000000,Call,004D3000,?,?,00000031), ref: 004017B0
                                                                                                                                                                                                                                                                                                    • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,004D3000,?,?,00000031), ref: 004017D5
                                                                                                                                                                                                                                                                                                      • Part of subcall function 004062BA: lstrcpynW.KERNEL32(?,?,00002000,00403460,00472EE0,NSIS Error,?,00000006,00000008,0000000A), ref: 004062C7
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00405322: lstrlenW.KERNEL32(Delete on reboot: C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\,00000000,0042E800,759223A0,?,?,?,?,?,?,?,?,?,0040327A,00000000,?), ref: 0040535A
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00405322: lstrlenW.KERNEL32(0040327A,Delete on reboot: C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\,00000000,0042E800,759223A0,?,?,?,?,?,?,?,?,?,0040327A,00000000), ref: 0040536A
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00405322: lstrcatW.KERNEL32(Delete on reboot: C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\,0040327A,0040327A,Delete on reboot: C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\,00000000,0042E800,759223A0), ref: 0040537D
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00405322: SetWindowTextW.USER32(Delete on reboot: C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\,Delete on reboot: C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\), ref: 0040538F
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00405322: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004053B5
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00405322: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004053CF
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00405322: SendMessageW.USER32(?,00001013,?,00000000), ref: 004053DD
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2385887924.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385836647.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385958800.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386954233.00000000005FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_fideo-1.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp$C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\System.dll$Call
                                                                                                                                                                                                                                                                                                    • API String ID: 1941528284-1437679751
                                                                                                                                                                                                                                                                                                    • Opcode ID: a6c63670490553b78cb7ef74819807d73a07892400cff63976de2c888a788389
                                                                                                                                                                                                                                                                                                    • Instruction ID: c6e8234c1d4b6e0ef99598e998ad36802638a9a190aaa2bd7459f070bf199d51
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a6c63670490553b78cb7ef74819807d73a07892400cff63976de2c888a788389
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9841B471900514BACF107BA5CD45DAF3A79EF05368F20423FF422B10E1DA3C86919A6E
                                                                                                                                                                                                                                                                                                    Function 00406624 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                    control_flow_graph 789 406624-406644 GetSystemDirectoryW 790 406646 789->790 791 406648-40664a 789->791 790->791 792 40665b-40665d 791->792 793 40664c-406655 791->793 794 40665e-406691 wsprintfW LoadLibraryExW 792->794 793->792 795 406657-406659 793->795 795->794
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 0040663B
                                                                                                                                                                                                                                                                                                    • wsprintfW.USER32 ref: 00406676
                                                                                                                                                                                                                                                                                                    • LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 0040668A
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2385887924.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385836647.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385958800.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386954233.00000000005FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_fideo-1.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                                                                                                                                                                                                                                    • String ID: %s%S.dll$UXTHEME$\
                                                                                                                                                                                                                                                                                                    • API String ID: 2200240437-1946221925
                                                                                                                                                                                                                                                                                                    • Opcode ID: fcd04411c5a1f64f7e9219edfc5ac0d332aa1f587fd7b062781a7321f30925af
                                                                                                                                                                                                                                                                                                    • Instruction ID: 9fa172bba6ca99a644905d2b6d7ed641771312ed853c50fe9922007c80c3d461
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fcd04411c5a1f64f7e9219edfc5ac0d332aa1f587fd7b062781a7321f30925af
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7CF0FC70501119A6CF10BB64DD0EF9B365CA700304F10447AA54AF10D1EBB9DB64CB99
                                                                                                                                                                                                                                                                                                    Function 00403116 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 166COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                    control_flow_graph 796 403116-40312d 797 403136-40313f 796->797 798 40312f 796->798 799 403141 797->799 800 403148-40314d 797->800 798->797 799->800 801 40315d-40316a call 403331 800->801 802 40314f-403158 call 403347 800->802 806 403170-403174 801->806 807 40331f 801->807 802->801 808 4032ca-4032cc 806->808 809 40317a-4031c3 GetTickCount 806->809 810 403321-403322 807->810 814 40330c-40330f 808->814 815 4032ce-4032d1 808->815 811 403327 809->811 812 4031c9-4031d1 809->812 813 40332a-40332e 810->813 811->813 817 4031d3 812->817 818 4031d6-4031e4 call 403331 812->818 819 403311 814->819 820 403314-40331d call 403331 814->820 815->811 816 4032d3 815->816 821 4032d6-4032dc 816->821 817->818 818->807 830 4031ea-4031f3 818->830 819->820 820->807 828 403324 820->828 824 4032e0-4032ee call 403331 821->824 825 4032de 821->825 824->807 833 4032f0-4032f5 call 405e62 824->833 825->824 828->811 832 4031f9-403219 call 4067f5 830->832 838 4032c2-4032c4 832->838 839 40321f-403232 GetTickCount 832->839 837 4032fa-4032fc 833->837 840 4032c6-4032c8 837->840 841 4032fe-403308 837->841 838->810 842 403234-40323c 839->842 843 40327d-40327f 839->843 840->810 841->821 846 40330a 841->846 847 403244-40327a MulDiv wsprintfW call 405322 842->847 848 40323e-403242 842->848 844 403281-403285 843->844 845 4032b6-4032ba 843->845 849 403287-40328e call 405e62 844->849 850 40329c-4032a7 844->850 845->812 851 4032c0 845->851 846->811 847->843 848->843 848->847 856 403293-403295 849->856 855 4032aa-4032ae 850->855 851->811 855->832 857 4032b4 855->857 856->840 858 403297-40329a 856->858 857->811 858->855
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2385887924.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385836647.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385958800.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386954233.00000000005FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_fideo-1.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: CountTick$wsprintf
                                                                                                                                                                                                                                                                                                    • String ID: ... %d%%
                                                                                                                                                                                                                                                                                                    • API String ID: 551687249-2449383134
                                                                                                                                                                                                                                                                                                    • Opcode ID: 791be84a4dbf0ce6e2b89685bbb0426d8c944effbebd544c9fcf1485a6d681ca
                                                                                                                                                                                                                                                                                                    • Instruction ID: f437ad28db75119c3a693f92e670aa5c34007c7df9fe8e0debaece40423bbb79
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 791be84a4dbf0ce6e2b89685bbb0426d8c944effbebd544c9fcf1485a6d681ca
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0D517D71900219DBDB10DF66EA44AAE7BB8AB04356F54417FEC14B72C0CB388A51CBA9
                                                                                                                                                                                                                                                                                                    Function 00401C1F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                    control_flow_graph 859 401c1f-401c3f call 402c1f * 2 864 401c41-401c48 call 402c41 859->864 865 401c4b-401c4f 859->865 864->865 867 401c51-401c58 call 402c41 865->867 868 401c5b-401c61 865->868 867->868 870 401c63-401c7f call 402c1f * 2 868->870 871 401caf-401cd9 call 402c41 * 2 FindWindowExW 868->871 882 401c81-401c9d SendMessageTimeoutW 870->882 883 401c9f-401cad SendMessageW 870->883 884 401cdf 871->884 885 401ce2-401ce5 882->885 883->884 884->885 886 402ac5-402ad4 885->886 887 401ceb 885->887 887->886
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C8F
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CA7
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2385887924.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385836647.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385958800.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386954233.00000000005FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_fideo-1.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: MessageSend$Timeout
                                                                                                                                                                                                                                                                                                    • String ID: !
                                                                                                                                                                                                                                                                                                    • API String ID: 1777923405-2657877971
                                                                                                                                                                                                                                                                                                    • Opcode ID: e28481b5bd09838613ba292ad7065b96dd02c52cd7aa95fff5e51c43cee07103
                                                                                                                                                                                                                                                                                                    • Instruction ID: 1af55e8da281c8781352e9764615226c40e2312ccaecb42dabcb88ef8baddf82
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e28481b5bd09838613ba292ad7065b96dd02c52cd7aa95fff5e51c43cee07103
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5621C371948209AEEF049FB5DE4AABE7BB4EF84304F14443EF605B61D0D7B889809B19
                                                                                                                                                                                                                                                                                                    Function 00404ADE Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                    control_flow_graph 890 404ade-404af5 891 404b02-404b0d 890->891 892 404af7-404b00 890->892 894 404b15-404b1b 891->894 895 404b0f-404b14 891->895 893 404b50-404ba4 call 4062dc * 3 lstrlenW wsprintfW SetDlgItemTextW 892->893 896 404b22-404b28 894->896 897 404b1d-404b21 894->897 895->894 900 404b37-404b4e 896->900 901 404b2a-404b35 896->901 897->896 900->893 901->900
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • lstrlenW.KERNEL32(00450248,00450248,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404B7F
                                                                                                                                                                                                                                                                                                    • wsprintfW.USER32 ref: 00404B88
                                                                                                                                                                                                                                                                                                    • SetDlgItemTextW.USER32(?,00450248), ref: 00404B9B
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2385887924.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385836647.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385958800.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386954233.00000000005FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_fideo-1.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: ItemTextlstrlenwsprintf
                                                                                                                                                                                                                                                                                                    • String ID: %u.%u%s%s
                                                                                                                                                                                                                                                                                                    • API String ID: 3540041739-3551169577
                                                                                                                                                                                                                                                                                                    • Opcode ID: c75ab1504dd8104253bdc04bf71218fd338cad173e8ef5afb4fab122f1cee964
                                                                                                                                                                                                                                                                                                    • Instruction ID: 65d6ef813479b3ccfd969ec0db039784a4d8c6b5967a53089d3579ec78c560c8
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c75ab1504dd8104253bdc04bf71218fd338cad173e8ef5afb4fab122f1cee964
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 401193736041282ADB00656D9C45F9E369C9B85334F25423BFA65F21D1E979D82582E8
                                                                                                                                                                                                                                                                                                    Function 004023E4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64registrystringCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                    control_flow_graph 906 4023e4-402415 call 402c41 * 2 call 402cd1 913 402ac5-402ad4 906->913 914 40241b-402425 906->914 915 402427-402434 call 402c41 lstrlenW 914->915 916 402438-40243b 914->916 915->916 919 40243d-40244e call 402c1f 916->919 920 40244f-402452 916->920 919->920 924 402463-402477 RegSetValueExW 920->924 925 402454-40245e call 403116 920->925 928 402479 924->928 929 40247c-40255d RegCloseKey 924->929 925->924 928->929 929->913
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp,00000023,?,00000000,00000002,00000011,00000002), ref: 0040242F
                                                                                                                                                                                                                                                                                                    • RegSetValueExW.KERNEL32(?,?,?,?,C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp,00000000,?,00000000,00000002,00000011,00000002), ref: 0040246F
                                                                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp,00000000,?,00000000,00000002,00000011,00000002), ref: 00402557
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2385887924.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385836647.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385958800.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386954233.00000000005FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_fideo-1.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: CloseValuelstrlen
                                                                                                                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp
                                                                                                                                                                                                                                                                                                    • API String ID: 2655323295-4249072316
                                                                                                                                                                                                                                                                                                    • Opcode ID: 5c6896ddf15ca2d8b19beafb6b457e81dfddb613cf0d424ea1b2145773266bd0
                                                                                                                                                                                                                                                                                                    • Instruction ID: a703f9f7a84a81219e2528cb215680d2185ac4e531b753f9c0eacf199e84c27d
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5c6896ddf15ca2d8b19beafb6b457e81dfddb613cf0d424ea1b2145773266bd0
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AF118471D00104BEEB10AFA5DE89EAEBA74AB44754F11803BF504F71D1D7F48D409B29
                                                                                                                                                                                                                                                                                                    Function 00402032 Relevance: 6.1, APIs: 4, Instructions: 73libraryCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(00000000,00000001,000000F0), ref: 0040205D
                                                                                                                                                                                                                                                                                                    • LoadLibraryExW.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 0040206E
                                                                                                                                                                                                                                                                                                    • KiUserCallbackDispatcher.NTDLL(?,00002000,?,0041E630,0040A000,?,?,?,00000008,00000001,000000F0), ref: 004020BE
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00405322: lstrlenW.KERNEL32(Delete on reboot: C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\,00000000,0042E800,759223A0,?,?,?,?,?,?,?,?,?,0040327A,00000000,?), ref: 0040535A
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00405322: lstrlenW.KERNEL32(0040327A,Delete on reboot: C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\,00000000,0042E800,759223A0,?,?,?,?,?,?,?,?,?,0040327A,00000000), ref: 0040536A
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00405322: lstrcatW.KERNEL32(Delete on reboot: C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\,0040327A,0040327A,Delete on reboot: C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\,00000000,0042E800,759223A0), ref: 0040537D
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00405322: SetWindowTextW.USER32(Delete on reboot: C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\,Delete on reboot: C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\), ref: 0040538F
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00405322: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004053B5
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00405322: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004053CF
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00405322: SendMessageW.USER32(?,00001013,?,00000000), ref: 004053DD
                                                                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(?,?,000000F7,?,?,?,?,00000008,00000001,000000F0), ref: 004020EB
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2385887924.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385836647.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385958800.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386954233.00000000005FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_fideo-1.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: MessageSend$Librarylstrlen$CallbackDispatcherFreeHandleLoadModuleTextUserWindowlstrcat
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 719239633-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 733c30ef688fd7cf93f443484f6eeb8b2f394f7d844699520a9e08b098a17dcc
                                                                                                                                                                                                                                                                                                    • Instruction ID: 3abd81b96889d1c7eb1cceed2e7b5e281284f1a6e6a9a5ff44b88a827c8e1d1c
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 733c30ef688fd7cf93f443484f6eeb8b2f394f7d844699520a9e08b098a17dcc
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8821B071D00205AACF20AFA5CE48A9E7A70BF04358F60413BF511B11E0DBBD8981DA6E
                                                                                                                                                                                                                                                                                                    Function 004057F1 Relevance: 6.0, APIs: 4, Instructions: 39COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • CreateDirectoryW.KERNEL32(?,?,00000000), ref: 00405834
                                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00405848
                                                                                                                                                                                                                                                                                                    • SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 0040585D
                                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00405867
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2385887924.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385836647.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385958800.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386954233.00000000005FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_fideo-1.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3449924974-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 817c7eeb2e6ade2cce28f3b9d2e4670c9c7091e2f59c9eba6f9578a5288f1365
                                                                                                                                                                                                                                                                                                    • Instruction ID: d156970015101e62572267df52bf1fb018b172c5ebb67f048bc3511340661aba
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 817c7eeb2e6ade2cce28f3b9d2e4670c9c7091e2f59c9eba6f9578a5288f1365
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EB010872D00219EADF009FA1C944BEFBBB8EF14304F00803AE945B6280D7789618CFA9
                                                                                                                                                                                                                                                                                                    Function 00405C97 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47stringCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 004062BA: lstrcpynW.KERNEL32(?,?,00002000,00403460,00472EE0,NSIS Error,?,00000006,00000008,0000000A), ref: 004062C7
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00405C3A: CharNextW.USER32(?,?,00464250,?,00405CAE,00464250,00464250,004DF000,?,75923420,004059EC,?,004DF000,75923420,00000000), ref: 00405C48
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00405C3A: CharNextW.USER32(00000000), ref: 00405C4D
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00405C3A: CharNextW.USER32(00000000), ref: 00405C65
                                                                                                                                                                                                                                                                                                    • lstrlenW.KERNEL32(00464250,00000000,00464250,00464250,004DF000,?,75923420,004059EC,?,004DF000,75923420,00000000), ref: 00405CF0
                                                                                                                                                                                                                                                                                                    • GetFileAttributesW.KERNEL32(00464250,00464250,00464250,00464250,00464250,00464250,00000000,00464250,00464250,004DF000,?,75923420,004059EC,?,004DF000,75923420), ref: 00405D00
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2385887924.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385836647.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385958800.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386954233.00000000005FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_fideo-1.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                                                                                                                                                                                                                                                    • String ID: PBF
                                                                                                                                                                                                                                                                                                    • API String ID: 3248276644-3456974464
                                                                                                                                                                                                                                                                                                    • Opcode ID: 1236b3014a845ece28ca986cac263987dd07c4e4a123605a37d0802bd6a8cdf3
                                                                                                                                                                                                                                                                                                    • Instruction ID: 4e01e145a0ed536ad24acc563e8a85444835dd946e40d448b56664b374cc0476
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1236b3014a845ece28ca986cac263987dd07c4e4a123605a37d0802bd6a8cdf3
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 21F0F43500DF6125F626333A1C45AAF2555CE82328B6A057FFC62B12D2DA3C89539D7E
                                                                                                                                                                                                                                                                                                    Function 00406188 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • RegQueryValueExW.KERNEL32(?,?,00000000,00000000,?,00004000,00000002,?,00000000,?,?,Delete on reboot: ,?,?,004063FC,80000002), ref: 004061CE
                                                                                                                                                                                                                                                                                                    • RegCloseKey.KERNEL32(?,?,004063FC,80000002,Software\Microsoft\Windows\CurrentVersion,Delete on reboot: ,Delete on reboot: ,Delete on reboot: ,00000000,Delete on reboot: C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\), ref: 004061D9
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2385887924.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385836647.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385958800.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386954233.00000000005FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_fideo-1.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: CloseQueryValue
                                                                                                                                                                                                                                                                                                    • String ID: Delete on reboot:
                                                                                                                                                                                                                                                                                                    • API String ID: 3356406503-2410499825
                                                                                                                                                                                                                                                                                                    • Opcode ID: 7e8f2b507172300fff4d18ea8023ba838134d56d13ff8a7450bb17b0ad457722
                                                                                                                                                                                                                                                                                                    • Instruction ID: 8659262355d6ebf2290daf59b07b2549fc881bd87fa0bb5ea6267207f8cb0b09
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7e8f2b507172300fff4d18ea8023ba838134d56d13ff8a7450bb17b0ad457722
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 68017C72500209EADF218F51DD09EDB3BB8EF55364F01403AFE16A61A1D378DA64EBA4
                                                                                                                                                                                                                                                                                                    Function 00405DDF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 00405DFD
                                                                                                                                                                                                                                                                                                    • GetTempFileNameW.KERNEL32(?,?,00000000,?,?,?,004CB000,0040338D,004DB000,004DF000,004DF000,004DF000,004DF000,004DF000,75923420,004035D9), ref: 00405E18
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2385887924.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385836647.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385958800.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386954233.00000000005FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_fideo-1.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: CountFileNameTempTick
                                                                                                                                                                                                                                                                                                    • String ID: nsa
                                                                                                                                                                                                                                                                                                    • API String ID: 1716503409-2209301699
                                                                                                                                                                                                                                                                                                    • Opcode ID: 579317ece081e1c49d3b274132234632dc0f80c8b4471fc5797a0d742f25062f
                                                                                                                                                                                                                                                                                                    • Instruction ID: af8b6ba947558e1b0daa3aed001b6e0f80e178ffca66ecedc63f3e0829e9a41e
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 579317ece081e1c49d3b274132234632dc0f80c8b4471fc5797a0d742f25062f
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 61F03076A00304FBEB009F69ED05E9FB7BCEB95710F10803AE941E7250E6B09A548B64
                                                                                                                                                                                                                                                                                                    Function 00401B77 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 72memoryCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GlobalFree.KERNEL32(0083DE90), ref: 00401BE7
                                                                                                                                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,00004004), ref: 00401BF9
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2385887924.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385836647.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385958800.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386954233.00000000005FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_fideo-1.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Global$AllocFree
                                                                                                                                                                                                                                                                                                    • String ID: Call
                                                                                                                                                                                                                                                                                                    • API String ID: 3394109436-1824292864
                                                                                                                                                                                                                                                                                                    • Opcode ID: 0ee5b69d2cfb3a0a2e0f3aae0319e9b1983c649d140d642359d16bc307d41886
                                                                                                                                                                                                                                                                                                    • Instruction ID: 2ffc4b8e8b305263ff1bfe934f744a2e7f0909984677ca7ca3d2d917788d1148
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0ee5b69d2cfb3a0a2e0f3aae0319e9b1983c649d140d642359d16bc307d41886
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 52210A76600100ABCB10FF95CE8499E73A8EB48318BA4443FF506F32D0DB78A852DB6D
                                                                                                                                                                                                                                                                                                    Function 00402259 Relevance: 4.6, APIs: 3, Instructions: 51stringCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 004065FD: FindFirstFileW.KERNEL32(004DF000,00468298,00464250,00405CE0,00464250,00464250,00000000,00464250,00464250,004DF000,?,75923420,004059EC,?,004DF000,75923420), ref: 00406608
                                                                                                                                                                                                                                                                                                      • Part of subcall function 004065FD: FindClose.KERNEL32(00000000), ref: 00406614
                                                                                                                                                                                                                                                                                                    • lstrlenW.KERNEL32 ref: 00402299
                                                                                                                                                                                                                                                                                                    • lstrlenW.KERNEL32(00000000), ref: 004022A4
                                                                                                                                                                                                                                                                                                    • SHFileOperationW.SHELL32(?,?,?,00000000), ref: 004022CD
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2385887924.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385836647.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385958800.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386954233.00000000005FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_fideo-1.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: FileFindlstrlen$CloseFirstOperation
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 1486964399-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 062f35bd25ec594713e9bacb5e8e7d42a2d599ab1320245f6c1f49b86b73afc7
                                                                                                                                                                                                                                                                                                    • Instruction ID: edc96df04b91ed766a503f65766f364d086ea8d205cfe5bb15309c141496b913
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 062f35bd25ec594713e9bacb5e8e7d42a2d599ab1320245f6c1f49b86b73afc7
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 57117071900318A6DB10EFF98E4999EB7B8AF04344F50443FB805F72D1D6B8C4419B59
                                                                                                                                                                                                                                                                                                    Function 00405984 Relevance: 4.5, APIs: 3, Instructions: 28fileCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00405D8B: GetFileAttributesW.KERNEL32(?,?,00405990,?,?,00000000,00405B66,?,?,?,?), ref: 00405D90
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00405D8B: SetFileAttributesW.KERNEL32(?,00000000), ref: 00405DA4
                                                                                                                                                                                                                                                                                                    • RemoveDirectoryW.KERNEL32(?,?,?,00000000,00405B66), ref: 0040599F
                                                                                                                                                                                                                                                                                                    • DeleteFileW.KERNEL32(?,?,?,00000000,00405B66), ref: 004059A7
                                                                                                                                                                                                                                                                                                    • SetFileAttributesW.KERNEL32(?,00000000), ref: 004059BF
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2385887924.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385836647.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385958800.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386954233.00000000005FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_fideo-1.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: File$Attributes$DeleteDirectoryRemove
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 1655745494-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 280825f6b60181aa2d378306bbdc3da53de5ab3d89a200e418c4f7b9ea6af3cc
                                                                                                                                                                                                                                                                                                    • Instruction ID: 825022a906987a8d14f11fb4079f6fb6242afe5a54bc5f1377d2c32e3c215ab4
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 280825f6b60181aa2d378306bbdc3da53de5ab3d89a200e418c4f7b9ea6af3cc
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D1E0E5B1119F5096D21067349A0CB5B2AA4DF86334F05093AF891F11C0DB3844068EBE
                                                                                                                                                                                                                                                                                                    Function 0040420A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000408,?,00000000,00403E66), ref: 00404228
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2385887924.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385836647.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385958800.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386954233.00000000005FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_fideo-1.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: MessageSend
                                                                                                                                                                                                                                                                                                    • String ID: x
                                                                                                                                                                                                                                                                                                    • API String ID: 3850602802-2363233923
                                                                                                                                                                                                                                                                                                    • Opcode ID: e82a7d21fa03904461fa10532b6b329160c9b8c64979419cd390d17c652ef76f
                                                                                                                                                                                                                                                                                                    • Instruction ID: 82fd7f65e594eab6243e90e7db6230d4dc4ac3147aa4acdd77266932ee49a333
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e82a7d21fa03904461fa10532b6b329160c9b8c64979419cd390d17c652ef76f
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AEC01272284200BADB108B90DF00F1A7A30E7E0702F20C03DF388200B086B108A1DB0D
                                                                                                                                                                                                                                                                                                    Function 004015C1 Relevance: 3.1, APIs: 2, Instructions: 65COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00405C3A: CharNextW.USER32(?,?,00464250,?,00405CAE,00464250,00464250,004DF000,?,75923420,004059EC,?,004DF000,75923420,00000000), ref: 00405C48
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00405C3A: CharNextW.USER32(00000000), ref: 00405C4D
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00405C3A: CharNextW.USER32(00000000), ref: 00405C65
                                                                                                                                                                                                                                                                                                    • GetFileAttributesW.KERNEL32(?,?,00000000,0000005C,00000000,000000F0), ref: 0040161A
                                                                                                                                                                                                                                                                                                      • Part of subcall function 004057F1: CreateDirectoryW.KERNEL32(?,?,00000000), ref: 00405834
                                                                                                                                                                                                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?,004D3000,?,00000000,000000F0), ref: 0040164D
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2385887924.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385836647.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385958800.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386954233.00000000005FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_fideo-1.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 1892508949-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: ee54970bfc7e3ee71f24920e54696bd448e0422c5998a1c0ff03b14504c5deaa
                                                                                                                                                                                                                                                                                                    • Instruction ID: 536d45c59d08a7b21130d9dbd5b0e10796a041e4a40079992e14d28e29d42f71
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ee54970bfc7e3ee71f24920e54696bd448e0422c5998a1c0ff03b14504c5deaa
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2211E231504505EBCF30AFA1CD0159F36A0EF14369B28493BFA45B22F1DB3E8A919B5E
                                                                                                                                                                                                                                                                                                    Function 00402484 Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • RegQueryValueExW.ADVAPI32(00000000,00000000,?,?,?,?), ref: 004024B5
                                                                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp,00000000,?,00000000,00000002,00000011,00000002), ref: 00402557
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2385887924.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385836647.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385958800.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386954233.00000000005FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_fideo-1.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: CloseQueryValue
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3356406503-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 403208d832c142c4943c3862644a2096e2da2602c55317de10467c08740d708e
                                                                                                                                                                                                                                                                                                    • Instruction ID: 1206e07bb255176646816810ef0290bee69920d7ecde6c9ccbb84b14c6b4306b
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 403208d832c142c4943c3862644a2096e2da2602c55317de10467c08740d708e
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E311A771D10205EBDF14DFA4CA585AE77B4EF44348B20843FE505B72C0D6B89A41EB5E
                                                                                                                                                                                                                                                                                                    Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000402,00000402,00000000), ref: 004013F4
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2385887924.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385836647.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385958800.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386954233.00000000005FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_fideo-1.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: MessageSend
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: be076caaca7df3d109edefedbdc7bfa3a965653d784c315eb79774cf5cfe89e5
                                                                                                                                                                                                                                                                                                    • Instruction ID: ea42f58d7670a619ed9131e80823b54190387dbc53765a55c310ef4228f9fff3
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: be076caaca7df3d109edefedbdc7bfa3a965653d784c315eb79774cf5cfe89e5
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AF0128316202109BE7095B789E04B2A3798E710315F10463FF855F62F1D6B8CC829B5C
                                                                                                                                                                                                                                                                                                    Function 004053F5 Relevance: 3.0, APIs: 2, Instructions: 32comCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • OleInitialize.OLE32(00000000), ref: 00405405
                                                                                                                                                                                                                                                                                                      • Part of subcall function 0040427D: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 0040428F
                                                                                                                                                                                                                                                                                                    • CoUninitialize.COMBASE(00000404,00000000), ref: 00405451
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2385887924.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385836647.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385958800.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386954233.00000000005FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_fideo-1.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: InitializeMessageSendUninitialize
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 2896919175-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: a1f8c397b5266fa352d60afbf9b4c77fa9abc53c67a054b05b22dcb893a39c3f
                                                                                                                                                                                                                                                                                                    • Instruction ID: 7813e2a1ccdf537c56c01956b79198a0443dbd649336f33e6835a7e221d2fb99
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a1f8c397b5266fa352d60afbf9b4c77fa9abc53c67a054b05b22dcb893a39c3f
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: ABF090B25406009BE7015B549D01BAB7760EFD431AF05443EFF89B22E0D77948928E6E
                                                                                                                                                                                                                                                                                                    Function 00401E49 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(00000000,00000000), ref: 00401E67
                                                                                                                                                                                                                                                                                                    • EnableWindow.USER32(00000000,00000000), ref: 00401E72
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2385887924.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385836647.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385958800.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386954233.00000000005FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_fideo-1.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Window$EnableShow
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 1136574915-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 87f8232cb56b7a5d6ce9856bfa50bd061077f9975d19b3a51d23438555d97d86
                                                                                                                                                                                                                                                                                                    • Instruction ID: fc8c1c2e7d4a5a8f9e35cd12a8e681b154a8316ed36a6d041aa31def844ca7e2
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 87f8232cb56b7a5d6ce9856bfa50bd061077f9975d19b3a51d23438555d97d86
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 61E01A72E082008FE724ABA5AA495AD77B4EB90365B20847FE211F11D1DA7858819F6A
                                                                                                                                                                                                                                                                                                    Function 00406694 Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetModuleHandleA.KERNEL32(?,00000020,?,00403401,0000000A), ref: 004066A6
                                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 004066C1
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00406624: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 0040663B
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00406624: wsprintfW.USER32 ref: 00406676
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00406624: LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 0040668A
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2385887924.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385836647.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385958800.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386954233.00000000005FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_fideo-1.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 2547128583-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 2c450699f5e5c6ed5e41876474a170b73f17b01a65d70064c3ee9ca103cb2d45
                                                                                                                                                                                                                                                                                                    • Instruction ID: 155b38c425e345f43688a0673e138072f65e923c2ca09dacbbabb210d44f0fbf
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2c450699f5e5c6ed5e41876474a170b73f17b01a65d70064c3ee9ca103cb2d45
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 50E0863250461156D31197709E4487762EC9B95750307483EF946F2091DB399C36A66D
                                                                                                                                                                                                                                                                                                    Function 00402AA0 Relevance: 3.0, APIs: 2, Instructions: 21windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000000B,?), ref: 00402AAF
                                                                                                                                                                                                                                                                                                    • InvalidateRect.USER32(?), ref: 00402ABF
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2385887924.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385836647.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385958800.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386954233.00000000005FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_fideo-1.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: InvalidateMessageRectSend
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 909852535-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 76c703c510b2b1cdda6c0307f26d758fcb9d339464c4a1492175234b68bd5591
                                                                                                                                                                                                                                                                                                    • Instruction ID: 3459e5e6f66cf7648d07927a76ddb317f2732314ad0b2276323b067b84cb0e35
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 76c703c510b2b1cdda6c0307f26d758fcb9d339464c4a1492175234b68bd5591
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E6E08CB2B10104BFDB00CBD4EEC89AE7BB9EB80355F20007AF101B00A0E7700C90DA38
                                                                                                                                                                                                                                                                                                    Function 00403915 Relevance: 3.0, APIs: 2, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(?,004DF000,00000000,75923420,004038ED,00403703,00000006,?,00000006,00000008,0000000A), ref: 0040392F
                                                                                                                                                                                                                                                                                                    • GlobalFree.KERNEL32(?), ref: 00403936
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2385887924.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385836647.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385958800.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386954233.00000000005FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_fideo-1.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Free$GlobalLibrary
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 1100898210-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: bd7b370b1f223a5589d226506ef49f546026ce3eccc4315b581019b2d362f361
                                                                                                                                                                                                                                                                                                    • Instruction ID: 228f896298dd83b048f64e6024dd5859bf02c68f9830d759f3998b57695c5827
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bd7b370b1f223a5589d226506ef49f546026ce3eccc4315b581019b2d362f361
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 12E0C2334122205BC6215F04ED08B5A776CAF49B32F15407AFA807B2A087B81C928FC8
                                                                                                                                                                                                                                                                                                    Function 00405DB0 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetFileAttributesW.KERNEL32(004E7000,00402F1D,004E7000,80000000,00000003,?,00000006,00000008,0000000A), ref: 00405DB4
                                                                                                                                                                                                                                                                                                    • CreateFileW.KERNEL32(?,?,00000001,00000000,?,00000001,00000000,?,00000006,00000008,0000000A), ref: 00405DD6
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2385887924.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385836647.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385958800.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386954233.00000000005FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_fideo-1.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: File$AttributesCreate
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 415043291-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: e3266cf20b616526e148e4639a7b0fb2c73eec3b674a7d239963b130731368bc
                                                                                                                                                                                                                                                                                                    • Instruction ID: 684cdbd871a87963be1dc25f749e3f1c2e3aca1a790447dc63e6e481d8426dbe
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e3266cf20b616526e148e4639a7b0fb2c73eec3b674a7d239963b130731368bc
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5DD09E31254301AFEF098F20DE16F2EBBA2EB84B05F11552CB786940E0DA7158199B15
                                                                                                                                                                                                                                                                                                    Function 00405D8B Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetFileAttributesW.KERNEL32(?,?,00405990,?,?,00000000,00405B66,?,?,?,?), ref: 00405D90
                                                                                                                                                                                                                                                                                                    • SetFileAttributesW.KERNEL32(?,00000000), ref: 00405DA4
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2385887924.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385836647.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385958800.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386954233.00000000005FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_fideo-1.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: AttributesFile
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3188754299-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: abb1859115452ae29e15aed1e23886b2a100c548e8c413493f0cbd9ae974b18a
                                                                                                                                                                                                                                                                                                    • Instruction ID: fe430eedc911e7c92ce83e5abbc00e08444bb0e311ec0623c818608bfa408f6d
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: abb1859115452ae29e15aed1e23886b2a100c548e8c413493f0cbd9ae974b18a
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1BD0C972504420ABD2512728AF0C89BBB95DB542717028B39FAA9A22B0CB304C568A98
                                                                                                                                                                                                                                                                                                    Function 004038D0 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 11COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(FFFFFFFF,00403703,00000006,?,00000006,00000008,0000000A), ref: 004038DB
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    • C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\, xrefs: 004038EF
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2385887924.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385836647.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385958800.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386954233.00000000005FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_fideo-1.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: CloseHandle
                                                                                                                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\
                                                                                                                                                                                                                                                                                                    • API String ID: 2962429428-1928678983
                                                                                                                                                                                                                                                                                                    • Opcode ID: 6cd6e50f5f17456ee504dea1d279a22ffa05636b30f87aa31bf8984a95f31d7c
                                                                                                                                                                                                                                                                                                    • Instruction ID: f79f1cdd038f729e9031bf35a7c7ad7adb8aafebcc14ea038f42f7e62efb972e
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6cd6e50f5f17456ee504dea1d279a22ffa05636b30f87aa31bf8984a95f31d7c
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 69C0127054070496C1206F759D4F6193E54AB8173BB604776B0B8B10F1C77C4B59595E
                                                                                                                                                                                                                                                                                                    Function 0040586E Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • CreateDirectoryW.KERNEL32(?,00000000,00403382,004DF000,004DF000,004DF000,004DF000,75923420,004035D9,?,00000006,00000008,0000000A), ref: 00405874
                                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00000006,00000008,0000000A), ref: 00405882
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2385887924.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385836647.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385958800.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386954233.00000000005FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_fideo-1.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: CreateDirectoryErrorLast
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 1375471231-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 5aaa147db34fee021f71137ce00f1128120fffe197b4e0338bd4cd09c611a0b2
                                                                                                                                                                                                                                                                                                    • Instruction ID: b5712d1dc6f90c91938fb9970759bfac189bcafefc635788875416fd9ee2894b
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5aaa147db34fee021f71137ce00f1128120fffe197b4e0338bd4cd09c611a0b2
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2FC04C712155019ED7546F619F08B277A50EB60781F158839A946E10E0DB348465ED2D
                                                                                                                                                                                                                                                                                                    Function 04FC1489 Relevance: 2.5, APIs: 2, Instructions: 21memorystringCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,?,04FC3020,04FC14FC,?), ref: 04FC149F
                                                                                                                                                                                                                                                                                                    • lstrcpynW.KERNEL32(00000004,?), ref: 04FC14B5
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2389274477.0000000004FC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 04FC0000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2389236739.0000000004FC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2389309608.0000000004FC2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2389366405.0000000004FC4000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_4fc0000_fideo-1.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: AllocGloballstrcpyn
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3204721840-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 61110394043456e76ed2061e46c1555ad0fc82b9fc76c16048d3d9d81ec749c3
                                                                                                                                                                                                                                                                                                    • Instruction ID: 380f3b79ec5c15b76dd4c3d3e06124b9e97049a6b199b9e078d8d87f011d5360
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 61110394043456e76ed2061e46c1555ad0fc82b9fc76c16048d3d9d81ec749c3
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7FF0E57A580209DFC311CF58FA48E91BBE8FB08358B018456FA49C7224C338AC44CF14
                                                                                                                                                                                                                                                                                                    Function 00406155 Relevance: 1.5, APIs: 1, Instructions: 24registryCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • RegCreateKeyExW.KERNEL32(00000000,?,00000000,00000000,00000000,?,00000000,?,00000000,?,?,?,00402CF2,00000000,?,?), ref: 0040617E
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2385887924.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385836647.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385958800.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386954233.00000000005FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_fideo-1.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Create
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 2289755597-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: e8292e86e66d8bfc399a73dea3ede4946860b06fd3b50e0b30bb299c90100862
                                                                                                                                                                                                                                                                                                    • Instruction ID: dcb86bc894ab99bc20e37dc8a6176b737b641c0fdee4176656c7f25b47436c56
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e8292e86e66d8bfc399a73dea3ede4946860b06fd3b50e0b30bb299c90100862
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 75E0E6B2110109BEEF195F50DD0AD7B375DE704304F01452EFA06D4091E6B5AD315634
                                                                                                                                                                                                                                                                                                    Function 00405E62 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,00000000,00000004,00000004,00000000,?,?,004032FA,000000FF,00428200,?,00428200,?,?,00000004,00000000), ref: 00405E76
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2385887924.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385836647.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385958800.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386954233.00000000005FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_fideo-1.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: FileWrite
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3934441357-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 02dc4867d73beddbae7b6aa94ca18310df5187db1130d79069d379e72bcbc858
                                                                                                                                                                                                                                                                                                    • Instruction ID: 8754e0b6f25d564075f0081c534dd79b85a2df0f0bc88b3642164a4a3ec1e455
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 02dc4867d73beddbae7b6aa94ca18310df5187db1130d79069d379e72bcbc858
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FDE0B63221065AAFDF109F95DC00AAB7B6CEB052A0F044437FD59E7150D671EA21DAE4
                                                                                                                                                                                                                                                                                                    Function 00405E33 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • ReadFile.KERNEL32(00000000,00000000,00000004,00000004,00000000,?,?,00403344,00000000,00000000,00403168,?,00000004,00000000,00000000,00000000), ref: 00405E47
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2385887924.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385836647.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385958800.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386954233.00000000005FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_fideo-1.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: FileRead
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 2738559852-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 7739e01b11ed9e02f3c754170f73e593db9a2046c62570b976e55369a775b70d
                                                                                                                                                                                                                                                                                                    • Instruction ID: bd732019988057c431ec21c3a2c50b1292625b962aa4d7912315599e48db2a91
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7739e01b11ed9e02f3c754170f73e593db9a2046c62570b976e55369a775b70d
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A9E08C3220021AABCF20AF54DC00FEB3B6CEB05760F004832FD65E6040E230EA219BE8
                                                                                                                                                                                                                                                                                                    Function 00406127 Relevance: 1.5, APIs: 1, Instructions: 19registryCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • RegOpenKeyExW.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,004061B5,?,00000000,?,?,Delete on reboot: ,?), ref: 0040614B
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2385887924.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385836647.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385958800.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386954233.00000000005FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_fideo-1.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Open
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 71445658-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: a8e94fdf895113144ef30ac0413fc9f69bed743b5e5124c6f76e238eb3875bc5
                                                                                                                                                                                                                                                                                                    • Instruction ID: b908bd292ce434c6339c018d18c1e3bfafdd2f7559b63d477f04a141d62eba1a
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a8e94fdf895113144ef30ac0413fc9f69bed743b5e5124c6f76e238eb3875bc5
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 94D0123214020DFBDF119E909D01FAB775DAB08350F014426FE06A9191D776D530AB14
                                                                                                                                                                                                                                                                                                    Function 00406080 Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • MoveFileExW.KERNEL32(?,?,00000005,00405B7E,?,00000000,000000F1,?,?,?,?,?), ref: 0040608A
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00405F06: CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,004060A1,?,?), ref: 00405F41
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00405F06: GetShortPathNameW.KERNEL32(?,004688E8,00000400), ref: 00405F4A
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00405F06: GetShortPathNameW.KERNEL32(?,004690E8,00000400), ref: 00405F67
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00405F06: wsprintfA.USER32 ref: 00405F85
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00405F06: GetFileSize.KERNEL32(00000000,00000000,004690E8,C0000000,00000004,004690E8,?,?,?,?,?), ref: 00405FC0
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00405F06: GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00405FCF
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00405F06: lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00406007
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00405F06: SetFilePointer.KERNEL32(0040A560,00000000,00000000,00000000,00000000,004684E8,00000000,-0000000A,0040A560,00000000,[Rename],00000000,00000000,00000000), ref: 0040605D
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2385887924.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385836647.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385958800.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386954233.00000000005FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_fideo-1.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: File$NamePathShort$AllocCloseGlobalHandleMovePointerSizelstrcpywsprintf
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 1930046112-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: a0a4fc277c167b836c478514f4bee1604d33cb824f5458dd384cc09b2e4e5c73
                                                                                                                                                                                                                                                                                                    • Instruction ID: 90c27e8b518d79db7b79f3353fecf9451eb8ea8c7f58bc67283902775dd808e1
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a0a4fc277c167b836c478514f4bee1604d33cb824f5458dd384cc09b2e4e5c73
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5FD0C932148201BEDB165B10ED05A1FBBA1FB90355F11D43EF28DA00B0EB3684B4EF0A
                                                                                                                                                                                                                                                                                                    Function 00404231 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • SetDlgItemTextW.USER32(?,?,00000000), ref: 0040424B
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2385887924.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385836647.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385958800.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386954233.00000000005FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_fideo-1.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: ItemText
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3367045223-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: fbaad98f197721c3337b4145f660dfcccd1462cc21775b0cc75c291dee439915
                                                                                                                                                                                                                                                                                                    • Instruction ID: 58c8b0ee816a9f079cb4560b894257bfb9dfa06490f5d5235509ae25e2c95a64
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fbaad98f197721c3337b4145f660dfcccd1462cc21775b0cc75c291dee439915
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 79C04C76148300BFD681BB55CC42F1FB79DEF94315F44C52EB59CA11E2C63A84309B26
                                                                                                                                                                                                                                                                                                    Function 0040427D Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000000,00000000,00000000), ref: 0040428F
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2385887924.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385836647.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385958800.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386954233.00000000005FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_fideo-1.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: MessageSend
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: df53f0ac968c80b2573d185eedc41732bb4466fa0b660203ffcc6a72f8356a2c
                                                                                                                                                                                                                                                                                                    • Instruction ID: 539d97cecbd0a6245bb22c05259f77f590d4a0b0d5c0f28d123e3a53dcb21da8
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: df53f0ac968c80b2573d185eedc41732bb4466fa0b660203ffcc6a72f8356a2c
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C6C09BB27403007BDE11CB909E49F1777545790740F18447DB348F51E0D6B4D490D61C
                                                                                                                                                                                                                                                                                                    Function 00403347 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • SetFilePointer.KERNEL32(?,00000000,00000000,004030A4,?,?,00000006,00000008,0000000A), ref: 00403355
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2385887924.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385836647.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385958800.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386954233.00000000005FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_fideo-1.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: FilePointer
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 973152223-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: d5a77a7b91dde00220c09aa0a832f43c90240fc94845358d4caa889c1b96a79f
                                                                                                                                                                                                                                                                                                    • Instruction ID: c7266a3154837caca095f11e7777f6dda2278cbf6cff4ee7664d3894fc3aa091
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d5a77a7b91dde00220c09aa0a832f43c90240fc94845358d4caa889c1b96a79f
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: ECB01271240300BFDA214F00DF09F057B21AB90700F10C034B348380F086711035EB0D
                                                                                                                                                                                                                                                                                                    Function 00404266 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000028,?,00000001,00404091), ref: 00404274
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2385887924.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385836647.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385958800.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386954233.00000000005FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_fideo-1.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: MessageSend
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 916ba585e608d634958797641490031ceb4b368d387894d1e0aab50b7c43ae9e
                                                                                                                                                                                                                                                                                                    • Instruction ID: 80b1fa8ab317a3fb83bf0bb9afc1fcb2ede285a6b5c9b7890d3d6fe7da01b763
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 916ba585e608d634958797641490031ceb4b368d387894d1e0aab50b7c43ae9e
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 69B092361C4600AAEE118B50DE49F497A62E7A4702F008138B244640B0CAB200E0DB09
                                                                                                                                                                                                                                                                                                    Function 00404253 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • KiUserCallbackDispatcher.NTDLL(?,0040402A), ref: 0040425D
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2385887924.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385836647.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385958800.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386954233.00000000005FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_fideo-1.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: CallbackDispatcherUser
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 2492992576-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: ea082ecd867c03a11dfd78164402b3a9c9d6e2ba96aa803d9d5c73deeff3904d
                                                                                                                                                                                                                                                                                                    • Instruction ID: 6a6b83ba7992c3eb947fe44f0607646ae594aefa1fc7371f7d6a783f6fb0b7b0
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ea082ecd867c03a11dfd78164402b3a9c9d6e2ba96aa803d9d5c73deeff3904d
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4EA002754445019BCF015B50DF098057A61F7A4701B114479B5555103596314860EB19

                                                                                                                                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                                                                                                                                    Function 00404C9E Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003F9), ref: 00404CB6
                                                                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,00000408), ref: 00404CC1
                                                                                                                                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,?), ref: 00404D0B
                                                                                                                                                                                                                                                                                                    • LoadBitmapW.USER32(0000006E), ref: 00404D1E
                                                                                                                                                                                                                                                                                                    • SetWindowLongW.USER32(?,000000FC,00405296), ref: 00404D37
                                                                                                                                                                                                                                                                                                    • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404D4B
                                                                                                                                                                                                                                                                                                    • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404D5D
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001109,00000002), ref: 00404D73
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404D7F
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404D91
                                                                                                                                                                                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 00404D94
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404DBF
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404DCB
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404E61
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000110A,00000003,00000000), ref: 00404E8C
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404EA0
                                                                                                                                                                                                                                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 00404ECF
                                                                                                                                                                                                                                                                                                    • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00404EDD
                                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(?,00000005), ref: 00404EEE
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000419,00000000,?), ref: 00404FEB
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 00405050
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00405065
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00405089
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 004050A9
                                                                                                                                                                                                                                                                                                    • ImageList_Destroy.COMCTL32(?), ref: 004050BE
                                                                                                                                                                                                                                                                                                    • GlobalFree.KERNEL32(?), ref: 004050CE
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00405147
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001102,?,?), ref: 004051F0
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 004051FF
                                                                                                                                                                                                                                                                                                    • InvalidateRect.USER32(?,00000000,00000001), ref: 0040521F
                                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(?,00000000), ref: 0040526D
                                                                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003FE), ref: 00405278
                                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(00000000), ref: 0040527F
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2385887924.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385836647.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385958800.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386954233.00000000005FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_fideo-1.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                                                                                                                                                                                                    • String ID: $M$N
                                                                                                                                                                                                                                                                                                    • API String ID: 1638840714-813528018
                                                                                                                                                                                                                                                                                                    • Opcode ID: 3b019a9e8d219d368d602818409f6a9b64d333d2832f2ae38c54831c8f3f794a
                                                                                                                                                                                                                                                                                                    • Instruction ID: 350e9793ba1948ff1935c4af006ad7833f39553502bf8ecbcf91bc97059cc7bb
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3b019a9e8d219d368d602818409f6a9b64d333d2832f2ae38c54831c8f3f794a
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4C0281B0900209AFDB10DFA4DD85AAE7BB5FB44314F10417AF614BA2E1C7799D92CF58
                                                                                                                                                                                                                                                                                                    Function 00402868 Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • FindFirstFileW.KERNEL32(00000000,?,00000002), ref: 00402877
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2385887924.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385836647.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385958800.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386954233.00000000005FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_fideo-1.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: FileFindFirst
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 1974802433-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 263323e5794f7559126a2b66b9cefb3983b41ff587fb3f65759d48402a8cb393
                                                                                                                                                                                                                                                                                                    • Instruction ID: 11d43fc069a5ea90b0fea77c2c23c6da8a8dfc92bb9fdb714ff4c9b8b345b962
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 263323e5794f7559126a2b66b9cefb3983b41ff587fb3f65759d48402a8cb393
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9BF08271A14104EFDB00EBA4DA499ADB378EF04314F6045BBF515F21D1DBB45D909B2A
                                                                                                                                                                                                                                                                                                    Function 00406B15 Relevance: .3, Instructions: 334COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2385887924.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385836647.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385958800.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386954233.00000000005FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_fideo-1.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 9639f9c0007cb4c124acbb6985d7f6f1a05031d6bc3fffd11e08744ca1378656
                                                                                                                                                                                                                                                                                                    • Instruction ID: 703def0becceeecb9d8561ea32c53bcab4b84ebc773a8a1d0b412cad538f794c
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9639f9c0007cb4c124acbb6985d7f6f1a05031d6bc3fffd11e08744ca1378656
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1EE1797190470ADFDB24CF99C880BAAB7F5FF44305F15852EE497A7291E378AA91CB04
                                                                                                                                                                                                                                                                                                    Function 004072EC Relevance: .3, Instructions: 300COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2385887924.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385836647.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385958800.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386954233.00000000005FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_fideo-1.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 0e4e8af0329ccb159007ad6c77c0af05cb35f857c46231da8f5d0a1659340364
                                                                                                                                                                                                                                                                                                    • Instruction ID: 59779062152899835760f0dc2f5c49596223a290c6efd11eddd93cbc7c663e45
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0e4e8af0329ccb159007ad6c77c0af05cb35f857c46231da8f5d0a1659340364
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0FC15831E04219DBDF18CF68C8905EEBBB2BF88314F25866AC85677380D734A942CF95
                                                                                                                                                                                                                                                                                                    Function 004043F0 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 204windowstringCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 0040448E
                                                                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003E8), ref: 004044A2
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 004044BF
                                                                                                                                                                                                                                                                                                    • GetSysColor.USER32(?), ref: 004044D0
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 004044DE
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 004044EC
                                                                                                                                                                                                                                                                                                    • lstrlenW.KERNEL32(?), ref: 004044F1
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 004044FE
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 00404513
                                                                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,0000040A), ref: 0040456C
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000), ref: 00404573
                                                                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003E8), ref: 0040459E
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 004045E1
                                                                                                                                                                                                                                                                                                    • LoadCursorW.USER32(00000000,00007F02), ref: 004045EF
                                                                                                                                                                                                                                                                                                    • SetCursor.USER32(00000000), ref: 004045F2
                                                                                                                                                                                                                                                                                                    • LoadCursorW.USER32(00000000,00007F00), ref: 0040460B
                                                                                                                                                                                                                                                                                                    • SetCursor.USER32(00000000), ref: 0040460E
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000111,00000001,00000000), ref: 0040463D
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000010,00000000,00000000), ref: 0040464F
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2385887924.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385836647.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385958800.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386954233.00000000005FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_fideo-1.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                                                                                                                                                                                                                                                                    • String ID: Delete on reboot: $N$gC@
                                                                                                                                                                                                                                                                                                    • API String ID: 3103080414-1763248576
                                                                                                                                                                                                                                                                                                    • Opcode ID: 96cce4fce431ccadf5917f17b99feddee1f1d895ae547b1ae29d71d99e1dfbb5
                                                                                                                                                                                                                                                                                                    • Instruction ID: 3402c350d7270d9961c63d8365249516a5ebc70a9ec23ab72cb453283ebd69b0
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 96cce4fce431ccadf5917f17b99feddee1f1d895ae547b1ae29d71d99e1dfbb5
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7761BEB1900209BFDB009F60DD85EAA7B69FB85305F00843AF705B62D0D77D9961CF99
                                                                                                                                                                                                                                                                                                    Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                                                                                                                                                                                                    • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                                                                                                                                                                                                    • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                                                                                                                                                                                                                    • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                                                                                                                                                                                                                    • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                                                                                                                                                                                                                                                    • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                                                                                                                                                                                                                    • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                                                                                                                                                                                                                                                                    • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                                                                                                                                                                                                                                    • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                                                                                                                                                                                                                                    • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                                                                                                                                                                                                                    • DrawTextW.USER32(00000000,00472EE0,000000FF,00000010,00000820), ref: 00401156
                                                                                                                                                                                                                                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                                                                                                                                                                                                                    • DeleteObject.GDI32(?), ref: 00401165
                                                                                                                                                                                                                                                                                                    • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2385887924.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385836647.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385958800.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386954233.00000000005FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_fideo-1.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                                                                                                                                                                                    • String ID: F
                                                                                                                                                                                                                                                                                                    • API String ID: 941294808-1304234792
                                                                                                                                                                                                                                                                                                    • Opcode ID: bf214f377d6857cb708af565e6f61848071267d92be3f24c40ffd1659e9a65ef
                                                                                                                                                                                                                                                                                                    • Instruction ID: 4eb8147a30471c2b969484520d7d1b1c24976f3a1718a772f7b725b3b94c1b26
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bf214f377d6857cb708af565e6f61848071267d92be3f24c40ffd1659e9a65ef
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5C418A71800249AFCF058FA5DE459AF7BB9FF44314F00842AF991AA1A0C778D954DFA4
                                                                                                                                                                                                                                                                                                    Function 00405F06 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 130memorystringCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,004060A1,?,?), ref: 00405F41
                                                                                                                                                                                                                                                                                                    • GetShortPathNameW.KERNEL32(?,004688E8,00000400), ref: 00405F4A
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00405D15: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405FFA,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D25
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00405D15: lstrlenA.KERNEL32(00000000,?,00000000,00405FFA,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D57
                                                                                                                                                                                                                                                                                                    • GetShortPathNameW.KERNEL32(?,004690E8,00000400), ref: 00405F67
                                                                                                                                                                                                                                                                                                    • wsprintfA.USER32 ref: 00405F85
                                                                                                                                                                                                                                                                                                    • GetFileSize.KERNEL32(00000000,00000000,004690E8,C0000000,00000004,004690E8,?,?,?,?,?), ref: 00405FC0
                                                                                                                                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00405FCF
                                                                                                                                                                                                                                                                                                    • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00406007
                                                                                                                                                                                                                                                                                                    • SetFilePointer.KERNEL32(0040A560,00000000,00000000,00000000,00000000,004684E8,00000000,-0000000A,0040A560,00000000,[Rename],00000000,00000000,00000000), ref: 0040605D
                                                                                                                                                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 0040606E
                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00406075
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00405DB0: GetFileAttributesW.KERNEL32(004E7000,00402F1D,004E7000,80000000,00000003,?,00000006,00000008,0000000A), ref: 00405DB4
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00405DB0: CreateFileW.KERNEL32(?,?,00000001,00000000,?,00000001,00000000,?,00000006,00000008,0000000A), ref: 00405DD6
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2385887924.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385836647.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385958800.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386954233.00000000005FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_fideo-1.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                                                                                                                                                                                                                                                                    • String ID: %ls=%ls$[Rename]
                                                                                                                                                                                                                                                                                                    • API String ID: 2171350718-461813615
                                                                                                                                                                                                                                                                                                    • Opcode ID: b694a888aaf83b7fce4c3b5560ec35c5a1d29ec5cfaa1e3dee45fb0367e4abd5
                                                                                                                                                                                                                                                                                                    • Instruction ID: 1ccef14564d3a4e3590f6d96bf23d62cdd24cd7414a0bd79904b9c13782922cd
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b694a888aaf83b7fce4c3b5560ec35c5a1d29ec5cfaa1e3dee45fb0367e4abd5
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 08312530641B05BBC220AB659D48F6B3AACDF45744F15003FFA42F72C2EB7C98118AAD
                                                                                                                                                                                                                                                                                                    Function 00405322 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72stringwindowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • lstrlenW.KERNEL32(Delete on reboot: C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\,00000000,0042E800,759223A0,?,?,?,?,?,?,?,?,?,0040327A,00000000,?), ref: 0040535A
                                                                                                                                                                                                                                                                                                    • lstrlenW.KERNEL32(0040327A,Delete on reboot: C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\,00000000,0042E800,759223A0,?,?,?,?,?,?,?,?,?,0040327A,00000000), ref: 0040536A
                                                                                                                                                                                                                                                                                                    • lstrcatW.KERNEL32(Delete on reboot: C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\,0040327A,0040327A,Delete on reboot: C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\,00000000,0042E800,759223A0), ref: 0040537D
                                                                                                                                                                                                                                                                                                    • SetWindowTextW.USER32(Delete on reboot: C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\,Delete on reboot: C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\), ref: 0040538F
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004053B5
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004053CF
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001013,?,00000000), ref: 004053DD
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2385887924.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385836647.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385958800.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386954233.00000000005FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_fideo-1.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                                                                                                                                                                                                                                    • String ID: Delete on reboot: C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\
                                                                                                                                                                                                                                                                                                    • API String ID: 2531174081-1028181269
                                                                                                                                                                                                                                                                                                    • Opcode ID: 03d69ce82fc4e5908464ead601bb3ac1f64f2a51dd32175340e58c4215b781fb
                                                                                                                                                                                                                                                                                                    • Instruction ID: c4a8b4fbc7344707c8dcd13f789004ac01d88f238d1262f53b2d1dabcf784db2
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 03d69ce82fc4e5908464ead601bb3ac1f64f2a51dd32175340e58c4215b781fb
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1F21A171900518BBCB11AFA5DD849CFBFB9EF45350F10807AF904B62A0C7B94A80DFA8
                                                                                                                                                                                                                                                                                                    Function 00404298 Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetWindowLongW.USER32(?,000000EB), ref: 004042B5
                                                                                                                                                                                                                                                                                                    • GetSysColor.USER32(00000000), ref: 004042F3
                                                                                                                                                                                                                                                                                                    • SetTextColor.GDI32(?,00000000), ref: 004042FF
                                                                                                                                                                                                                                                                                                    • SetBkMode.GDI32(?,?), ref: 0040430B
                                                                                                                                                                                                                                                                                                    • GetSysColor.USER32(?), ref: 0040431E
                                                                                                                                                                                                                                                                                                    • SetBkColor.GDI32(?,?), ref: 0040432E
                                                                                                                                                                                                                                                                                                    • DeleteObject.GDI32(?), ref: 00404348
                                                                                                                                                                                                                                                                                                    • CreateBrushIndirect.GDI32(?), ref: 00404352
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2385887924.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385836647.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385958800.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386954233.00000000005FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_fideo-1.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 2320649405-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: cedac81959eb3ef19a74f908d68e4e703a61b794166ebd5b231b869c6a402091
                                                                                                                                                                                                                                                                                                    • Instruction ID: a3c6a1d12b74a4a342abaca89036a15a37f51972f1e3113ed1cbee018e9c0b42
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cedac81959eb3ef19a74f908d68e4e703a61b794166ebd5b231b869c6a402091
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 772156716007059BC724DF78D948B5B77F4AF81710B04893DED96A26E0D734E544CB54
                                                                                                                                                                                                                                                                                                    Function 0040264A Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • ReadFile.KERNEL32(?,?,?,?), ref: 004026B6
                                                                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 004026F1
                                                                                                                                                                                                                                                                                                    • SetFilePointer.KERNEL32(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 00402714
                                                                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 0040272A
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00405E91: SetFilePointer.KERNEL32(?,00000000,00000000,00000001,?,00000000,?,?,0040262F,00000000,00000000,?,00000000,00000011), ref: 00405EA7
                                                                                                                                                                                                                                                                                                    • SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 004027D6
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2385887924.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385836647.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385958800.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386954233.00000000005FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_fideo-1.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: File$Pointer$ByteCharMultiWide$Read
                                                                                                                                                                                                                                                                                                    • String ID: 9
                                                                                                                                                                                                                                                                                                    • API String ID: 163830602-2366072709
                                                                                                                                                                                                                                                                                                    • Opcode ID: 14dc679b194e2ee8669cd1598f353bf1a997ac59cdf020ac1a3b5a5ea93b2031
                                                                                                                                                                                                                                                                                                    • Instruction ID: 75c70889326ed48cf653b65eedce39ba48716a77e36bbd16e72a3e0392bfe49c
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 14dc679b194e2ee8669cd1598f353bf1a997ac59cdf020ac1a3b5a5ea93b2031
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9C511975D00219AEDF219F95DA88AAEB779FF04304F10443BE901B72D0DBB89982CB58
                                                                                                                                                                                                                                                                                                    Function 00404BEC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404C07
                                                                                                                                                                                                                                                                                                    • GetMessagePos.USER32 ref: 00404C0F
                                                                                                                                                                                                                                                                                                    • ScreenToClient.USER32(?,?), ref: 00404C29
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404C3B
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404C61
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2385887924.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385836647.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385958800.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386954233.00000000005FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_fideo-1.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Message$Send$ClientScreen
                                                                                                                                                                                                                                                                                                    • String ID: f
                                                                                                                                                                                                                                                                                                    • API String ID: 41195575-1993550816
                                                                                                                                                                                                                                                                                                    • Opcode ID: e2d2d6aa42d138b4bf43a857dc2fb8cfa63f2fbdf5f441295addbf44c9bf4daa
                                                                                                                                                                                                                                                                                                    • Instruction ID: 457ccdd811883e010b73e4973708530e0d9e00004b69c5e73a61d7a3cd07de8f
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e2d2d6aa42d138b4bf43a857dc2fb8cfa63f2fbdf5f441295addbf44c9bf4daa
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CF015271900218BAEB10DBA4DD85BFEBBBCAF95711F10412BBA50B71D0D7B499018BA4
                                                                                                                                                                                                                                                                                                    Function 00401DB9 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetDC.USER32(?), ref: 00401DBC
                                                                                                                                                                                                                                                                                                    • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401DD6
                                                                                                                                                                                                                                                                                                    • MulDiv.KERNEL32(00000000,00000000), ref: 00401DDE
                                                                                                                                                                                                                                                                                                    • ReleaseDC.USER32(?,00000000), ref: 00401DEF
                                                                                                                                                                                                                                                                                                    • CreateFontIndirectW.GDI32(0041E5D0), ref: 00401E3E
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2385887924.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385836647.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385958800.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386954233.00000000005FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_fideo-1.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: CapsCreateDeviceFontIndirectRelease
                                                                                                                                                                                                                                                                                                    • String ID: MS Shell Dlg
                                                                                                                                                                                                                                                                                                    • API String ID: 3808545654-76309092
                                                                                                                                                                                                                                                                                                    • Opcode ID: 0e1e500c30e805fc948415589c08143fac03f34b0e69f739ebe91b2620e6c296
                                                                                                                                                                                                                                                                                                    • Instruction ID: 2f87ef527a079fcd98b3174ff93e15f92fad6858fb92d4176ae60913c966d855
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0e1e500c30e805fc948415589c08143fac03f34b0e69f739ebe91b2620e6c296
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1A01B575604240BFE700ABF1AE0ABDD7FB5AB55309F10887DF641B61E2DA7840458B2D
                                                                                                                                                                                                                                                                                                    Function 00402DF3 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402E11
                                                                                                                                                                                                                                                                                                    • MulDiv.KERNEL32(04F439A2,00000064,04F439A6), ref: 00402E3C
                                                                                                                                                                                                                                                                                                    • wsprintfW.USER32 ref: 00402E4C
                                                                                                                                                                                                                                                                                                    • SetWindowTextW.USER32(?,?), ref: 00402E5C
                                                                                                                                                                                                                                                                                                    • SetDlgItemTextW.USER32(?,00000406,?), ref: 00402E6E
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    • verifying installer: %d%%, xrefs: 00402E46
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2385887924.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385836647.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385958800.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386954233.00000000005FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_fideo-1.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                                                                                                                                                                                    • String ID: verifying installer: %d%%
                                                                                                                                                                                                                                                                                                    • API String ID: 1451636040-82062127
                                                                                                                                                                                                                                                                                                    • Opcode ID: 087799c81dd47644162d60d698aafe3a885b0c6ac9c219555e2ca42e9c1670eb
                                                                                                                                                                                                                                                                                                    • Instruction ID: dfd142ddc65d39fdaa73b229a9921dc7c235b7e072e3123d651e00bd55f03bcf
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 087799c81dd47644162d60d698aafe3a885b0c6ac9c219555e2ca42e9c1670eb
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 60014F7164020CABEF209F60DE49FAE3B69AB44304F008439FA06B51E0DBB895558B98
                                                                                                                                                                                                                                                                                                    Function 004028AD Relevance: 9.1, APIs: 6, Instructions: 86memoryfileCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000), ref: 00402901
                                                                                                                                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 0040291D
                                                                                                                                                                                                                                                                                                    • GlobalFree.KERNEL32(?), ref: 00402956
                                                                                                                                                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 00402969
                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,000000F0), ref: 00402981
                                                                                                                                                                                                                                                                                                    • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000), ref: 00402995
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2385887924.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385836647.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385958800.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386954233.00000000005FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_fideo-1.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 2667972263-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 7b02aa52ddb46eb4af798c7da0ad2edc27daea55ee0c167046c78316eb279fe7
                                                                                                                                                                                                                                                                                                    • Instruction ID: 85d8fb478e53a7d33050a02afe9876517184a336e4e72b82bbd0c3cba42884f9
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7b02aa52ddb46eb4af798c7da0ad2edc27daea55ee0c167046c78316eb279fe7
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D121AEB1800128BBDF116FA5DE89DDE7E79EF08364F14423AF960762E0CB794C418B98
                                                                                                                                                                                                                                                                                                    Function 04FC103F Relevance: 9.1, APIs: 6, Instructions: 55synchronizationCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • OpenProcess.KERNEL32(00100401,00000000,?,0000025E,?,00004000,?), ref: 04FC1054
                                                                                                                                                                                                                                                                                                    • EnumWindows.USER32(04FC1007,?), ref: 04FC1074
                                                                                                                                                                                                                                                                                                    • GetExitCodeProcess.KERNEL32(00000000,?), ref: 04FC1084
                                                                                                                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(00000000,00000BB8), ref: 04FC109D
                                                                                                                                                                                                                                                                                                    • TerminateProcess.KERNEL32(00000000,00000000), ref: 04FC10AE
                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 04FC10C5
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2389274477.0000000004FC1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 04FC0000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2389236739.0000000004FC0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2389309608.0000000004FC2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2389366405.0000000004FC4000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_4fc0000_fideo-1.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Process$CloseCodeEnumExitHandleObjectOpenSingleTerminateWaitWindows
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3465249596-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 57246fdbd0a733ae901a152165613f0a3f70dc4647173b9fa3e731b06acd18aa
                                                                                                                                                                                                                                                                                                    • Instruction ID: cd27db4f5e6dab754ada1bf5a212742a1e1a7055fa5c379c37148529a87c607e
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 57246fdbd0a733ae901a152165613f0a3f70dc4647173b9fa3e731b06acd18aa
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 21115E36E8025AEFDB109F94EB84AAE37BCEB45741B0140AEF501D3101D7B4AD12CF61
                                                                                                                                                                                                                                                                                                    Function 0040654E Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 69COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • CharNextW.USER32(?,*?|<>/":,00000000,00000000,004DF000,004DF000,004CB000,0040336A,004DF000,75923420,004035D9,?,00000006,00000008,0000000A), ref: 004065B1
                                                                                                                                                                                                                                                                                                    • CharNextW.USER32(?,?,?,00000000,?,00000006,00000008,0000000A), ref: 004065C0
                                                                                                                                                                                                                                                                                                    • CharNextW.USER32(?,00000000,004DF000,004DF000,004CB000,0040336A,004DF000,75923420,004035D9,?,00000006,00000008,0000000A), ref: 004065C5
                                                                                                                                                                                                                                                                                                    • CharPrevW.USER32(?,?,004DF000,004DF000,004CB000,0040336A,004DF000,75923420,004035D9,?,00000006,00000008,0000000A), ref: 004065D8
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2385887924.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385836647.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385958800.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386954233.00000000005FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_fideo-1.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Char$Next$Prev
                                                                                                                                                                                                                                                                                                    • String ID: *?|<>/":
                                                                                                                                                                                                                                                                                                    • API String ID: 589700163-165019052
                                                                                                                                                                                                                                                                                                    • Opcode ID: f2dbc7d310367101a7bf5127f564121aa95c210a65fb008c6410ea5a4ac792ac
                                                                                                                                                                                                                                                                                                    • Instruction ID: 36fae6fd7d65e337959ab81909abbfc549fe516cf0b4c9ff473ab524d2c4c229
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f2dbc7d310367101a7bf5127f564121aa95c210a65fb008c6410ea5a4ac792ac
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B611B65580061279DB302B14BC40EB762F8EF54764F56403FED86732C8EBBC5C9292AD
                                                                                                                                                                                                                                                                                                    Function 00402598 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 69stringCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp,000000FF,C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\System.dll,00002000,?,?,00000021), ref: 004025E8
                                                                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\System.dll,?,?,C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp,000000FF,C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\System.dll,00002000,?,?,00000021), ref: 004025F3
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2385887924.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385836647.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385958800.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386954233.00000000005FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_fideo-1.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: ByteCharMultiWidelstrlen
                                                                                                                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp$C:\Users\user\AppData\Local\Temp\nsfE7B8.tmp\System.dll
                                                                                                                                                                                                                                                                                                    • API String ID: 3109718747-3317566340
                                                                                                                                                                                                                                                                                                    • Opcode ID: b2f4003525800b6e43992f9b135d97d7eb08ff68f5afdbb7a810963f124aa3ca
                                                                                                                                                                                                                                                                                                    • Instruction ID: b23dc685b5da5394ac89c8ab13f2cbf985e24fd8d9932a4f5164fd221fdd45c5
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b2f4003525800b6e43992f9b135d97d7eb08ff68f5afdbb7a810963f124aa3ca
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 76110B72A04201BADB146FF18E89A9F76659F44398F204C3FF102F61D1EAFC89415B5D
                                                                                                                                                                                                                                                                                                    Function 00401D5D Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,?), ref: 00401D63
                                                                                                                                                                                                                                                                                                    • GetClientRect.USER32(00000000,?), ref: 00401D70
                                                                                                                                                                                                                                                                                                    • LoadImageW.USER32(?,00000000,?,?,?,?), ref: 00401D91
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000172,?,00000000), ref: 00401D9F
                                                                                                                                                                                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 00401DAE
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2385887924.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385836647.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385958800.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386954233.00000000005FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_fideo-1.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 1849352358-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 530df658d6ec3b55b280f53534df286e45b1d410178b7b9918a8c3f801b16ff1
                                                                                                                                                                                                                                                                                                    • Instruction ID: d9fd13ec482603559a9c09f77eb5ae76b99fbdc016b4c624d38ebcad95bf5f4c
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 530df658d6ec3b55b280f53534df286e45b1d410178b7b9918a8c3f801b16ff1
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 28F0FF72A04518AFDB01DBE4DF88CEEB7BCEB48341B14047AF641F61A0CA749D519B78
                                                                                                                                                                                                                                                                                                    Function 00402D44 Relevance: 6.1, APIs: 4, Instructions: 63registryCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402DA9
                                                                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,?), ref: 00402DB2
                                                                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,?), ref: 00402DD3
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2385887924.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385836647.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385958800.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386954233.00000000005FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_fideo-1.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Close$Enum
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 464197530-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: a4e23b119c2c64eb18a4fa0724f9b8d9fe0ec592ff9815e45bdb7592abe1cef3
                                                                                                                                                                                                                                                                                                    • Instruction ID: fc7ade2e12cd9e993d25f9a328d8db16c9603ee1eb20de8c24b8f84b94a82c23
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a4e23b119c2c64eb18a4fa0724f9b8d9fe0ec592ff9815e45bdb7592abe1cef3
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B4116A32500109FBDF02AB90CE09FEE7B7DAF54340F100076B904B51E1E7B59E21AB68
                                                                                                                                                                                                                                                                                                    Function 00402E79 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • DestroyWindow.USER32(00000000,00000000,00403059,00000001,?,00000006,00000008,0000000A), ref: 00402E8C
                                                                                                                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 00402EAA
                                                                                                                                                                                                                                                                                                    • CreateDialogParamW.USER32(0000006F,00000000,00402DF3,00000000), ref: 00402EC7
                                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(00000000,00000005,?,00000006,00000008,0000000A), ref: 00402ED5
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2385887924.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385836647.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385958800.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386954233.00000000005FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_fideo-1.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 2102729457-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 924f9f108daf828ee83ef716cb3535c52cefc1d4ff45c1c6af266e6598bfdb86
                                                                                                                                                                                                                                                                                                    • Instruction ID: 9c0cd9c85579b1f1539786df4f617efd254904ce91a486f6a135d178cfad0ab8
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 924f9f108daf828ee83ef716cb3535c52cefc1d4ff45c1c6af266e6598bfdb86
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7AF05E30485630EBD6506B20FE0CACB7BA5FB84B41B0149BAF005B11E4D7B85880CBDC
                                                                                                                                                                                                                                                                                                    Function 00405296 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • IsWindowVisible.USER32(?), ref: 004052C5
                                                                                                                                                                                                                                                                                                    • CallWindowProcW.USER32(?,?,?,?), ref: 00405316
                                                                                                                                                                                                                                                                                                      • Part of subcall function 0040427D: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 0040428F
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2385887924.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385836647.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385958800.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386954233.00000000005FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_fideo-1.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Window$CallMessageProcSendVisible
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3748168415-3916222277
                                                                                                                                                                                                                                                                                                    • Opcode ID: 7d5e46cc1e5f02d88c983cfba86e53e431cbed6f21b5100807b47a566b29449e
                                                                                                                                                                                                                                                                                                    • Instruction ID: 334c9fee3abb3f39d596823d3a3537c7effd0098edc8ca0b3d981ed7cb288a41
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7d5e46cc1e5f02d88c983cfba86e53e431cbed6f21b5100807b47a566b29449e
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F9015A31100709ABEB205F51DD94A9B3B26EB84795F20507AFA007A1D1D7BA9C919E2E
                                                                                                                                                                                                                                                                                                    Function 004058A3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00468250,Error launching installer), ref: 004058CC
                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 004058D9
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    • Error launching installer, xrefs: 004058B6
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2385887924.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385836647.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385958800.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386954233.00000000005FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_fideo-1.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: CloseCreateHandleProcess
                                                                                                                                                                                                                                                                                                    • String ID: Error launching installer
                                                                                                                                                                                                                                                                                                    • API String ID: 3712363035-66219284
                                                                                                                                                                                                                                                                                                    • Opcode ID: 63fdd641d1b9510881a379fce0cbff5cab58f1c092c5a17148380fd449a2e826
                                                                                                                                                                                                                                                                                                    • Instruction ID: 30392a530fa928b09b8412afc6dc4f2cd20664ca8a9f97139eafb5a2ce14b88a
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 63fdd641d1b9510881a379fce0cbff5cab58f1c092c5a17148380fd449a2e826
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 33E09AB5540609BFEB009B64DD05F7B77ACEB04708F508565BD51F2150EB749C148A79
                                                                                                                                                                                                                                                                                                    Function 00405D15 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405FFA,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D25
                                                                                                                                                                                                                                                                                                    • lstrcmpiA.KERNEL32(00000000,00000000), ref: 00405D3D
                                                                                                                                                                                                                                                                                                    • CharNextA.USER32(00000000,?,00000000,00405FFA,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D4E
                                                                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(00000000,?,00000000,00405FFA,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D57
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2385887924.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385836647.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2385958800.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386013280.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2386954233.00000000005FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_fideo-1.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 190613189-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 6db5b03da17fe1faae21ad7e2c869b7ed7bb68520138c246bcc2ad94f2104a67
                                                                                                                                                                                                                                                                                                    • Instruction ID: cc601e2af81a4130f3690bf6756e9ae730db34a97aa71f580e1783f9e5236296
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6db5b03da17fe1faae21ad7e2c869b7ed7bb68520138c246bcc2ad94f2104a67
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3DF0F631200818FFC7129FA4DD049AFBBA8EF06354B2580BAE840F7211D634DE02AF98